ZigBeeForDomoticZ plugin Wiki

Reverse proxy domoticz and zigbee webui with apache2 on ubuntu

Prerequisite

Apache, domoticz are on the same server with IP 192.168.1.99

Attention: You must remove 127.0.0.* from domoticz parameters (no auth), if not you will access to domoticz without authentication.

So we will have 2 urls :

SSL Certificate for apache2

I use self signed certificate, no lets encrypt => you can have certificate for 2 years.

But u will have to import this certificate in windows, linux, mac, android, ios (not tested) ….

create configuration file for domoticz certificate :

    sudo cp /etc/ssl/openssl.cnf /etc/ssl/domoticz.cnf
    sudo nano /etc/ssl/domoticz.cnf

modify :

 [ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

by 

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:TRUE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = ben33880.no-ip.com
IP.1 = 192.168.1.99

generate certificate :

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ben33880.no-ip.com.key -out /etc/ssl/certs/ben33880.no-ip.com.crt -config /etc/ssl/domoticz.cnf -extensions 'v3_req'

Configure apache2

install apache2

sudo apt-get install apache2 apache2-utils

install mod :

sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod lbmethod_byrequests
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod proxy
sudo a2enmod proxy_wstunnel

disable defaults site :

sudo a2dissite 000-default.conf
sudo a2dissite default-ssl.conf

listen only 9443 port :

sudo nano /etc/apache2/ports.conf
Listen 9443 Listen 9443 </IfModule ``` ### create user for basic authentication on zigbee web ui ``` sudo htpasswd -c /etc/apache2/.htpasswd USER_TO_CHANGE ``` ### configure virtual host ``` sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/domoticz.conf sudo mv /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.old sudo mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old sudo nano /etc/apache2/sites-available/domoticz.conf ``` change ```<VirtualHost _default_:443>``` by ```<VirtualHost _default_:9443>``` change certificate path : ``` /etc/ssl/certs/ssl-cert-snakeoil.pem by /etc/ssl/certs/ben33880.no-ip.com.crt /etc/ssl/private/ssl-cert-snakeoil.key by /etc/ssl/certs/ben33880.no-ip.com.key ``` add reverse proxy : ``` Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" ServerName ben33880.no-ip.com ProxyPreserveHost On ProxyPass /z4d/ http://127.0.0.1:9440/z4d/ ProxyPassReverse /z4d/ http://127.0.0.1:9440/z4d/ ProxyPass /rest-z4d/ http://127.0.0.1:9440/rest-z4d/ ProxyPassReverse /rest-z4d/ http://127.0.0.1:9440/rest-z4d/ ProxyPass /json ws://127.0.0.1:8080/json ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ <Proxy "*/z4d*"> Order deny,allow Allow from all Authtype Basic Authname "Password Required" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Proxy> ``` ### apply configuration ``` sudo a2ensite domoticz.conf sudo systemctl reload apache2 sudo systemctl restart apache2 ```