Skip to content

Reverse proxies and URLs

Jump to bottom Edit New page
theotherp edited this page Feb 18, 2018 · 6 revisions

Apache

<VirtualHost *:1234>
	SSLProxyEngine On
	SSLProxyCheckPeerCN off
	SSLProxyCheckPeerExpire off
	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/nzbhydra.crt
	SSLCertificateKeyFile /etc/apache2/ssl/nzbhydra.key
	SSLProtocol all -SSLv2 -SSLv3
	SSLHonorCipherOrder On
	SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

	ProxyPass /nzbhydra/ http://127.0.0.1:5075/nzbhydra/
	ProxyPassReverse /nzbhydra/ http://127.0.0.1:5075/nzbhydra/
</VirtualHost>

The last two lines of the VirtualHost entry are the important ones. Also, deflate mod should be disabled for apache or assets won't be cached. That means that on every page load all javascript files, images, etc. are loaded from the server, potentially resulting in slow page loads and lots of bandwidth usage. See this for technical details. Make sure to use the path that you used in the config (e.g. "/hydra/" in nginx and "/hydra" in NZBHydra).

nginx

server {
	listen       443 ssl;
	server_name  localhost;

	ssl_certificate      yourcert.crt;
	ssl_certificate_key  yourcert.key;

	ssl_session_cache    shared:SSL:1m;
	ssl_session_timeout  5m;

	ssl_ciphers  HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers  on;

	location /nzbhydra/ {
		#X-Forwarded-For is used for forwarding IP addresses
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://127.0.0.1:5075/nzbhydra/;
	}
}

In the main settings set your "URL base" to "/nzbhydra" if you used a path in the reverse proxy. Leave it empty if you don't (for example "ProxyPass / http://127.0.0.1:5075/", which is unusual). Always use a trailing slash when calling NZBHydra's URL.

Set the "External URL" to the full path, for example "https://www.mydomain.com/nzbhydra" and this URL will be used when generating the links to NZBs. That way others can use your search and even the API and still get valid links to the NZBs. If you want the API search results use the internal address (for example because you put the reverse proxy behind its own auth) enable "Use local address in API results". That way others can still use the frontend search links but will not be able to use the API results. If you really want that you can set the "NZB access type" in the "Downloader" config section to "Use direct links". The links to the NZBs will refer to the indexers. But you will not have any NZB download statistics and others will be able to see your indexer API keys in the links.

Add a custom footer
Add a custom sidebar
Clone this wiki locally