I’ve been wanting to use the NZB360 app on my phone with my install of Quickbox I have floating around. Unfortunately, NZB360 doesn’t support the Digest Authentication that Apache is configured for. It only supports Basic Auth, which is less than secure but better than nothing.
So, with that in mind I’ve taken the default SSL Apache configuration and converted it to use Basic Auth on an alternate port so it runs in tandem with the more secure web access.
First - We need to create an additional htpasswd file. We don’t want your good secure password buried in the app or floating around the internet. I used a tutorial here. I simply created a new .htpasswd file containing a user I’m calling API and giving it a >20 character random password. This will be used for the Basic HTTP Auth that NZB360 will do. I put mine at
/etc/.api.htpasswd
Second - The Apache config. It’s basically just the default-ssl.conf that runs all of Quickbox with the Reverse Proxy config for the necessary apps. Important to note, you’ll need to correct the SSLCertificateFile and SSLCertificateKeyFile fields in the config to match your own SSL setup. Copy the proper settings from default-ssl.conf file.
Simply take the file below and create an ssl-api.conf in /etc/apache2/sites-enabled. Then reload Apache.
Listen 8443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
#SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:8443>
Options +Indexes +MultiViews +FollowSymLinks
SSLEngine on
DocumentRoot "/srv/rutorrent/home"
<Directory "/srv/rutorrent/home/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All AuthConfig
Order allow,deny
Allow from all
AuthType basic
AuthName "rutorrent"
AuthUserFile '/etc/.api.htpasswd'
Require valid-user
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EX30305:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/apache2/ssl/certs/YOUR CERT HERE.pem
SSLCertificateKeyFile /etc/apache2/ssl/certs/YOUR KEY HERE.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Location /sonarr>
ProxyPass http://localhost:8989/sonarr
ProxyPassReverse http://localhost:8989/sonarr
AuthType Basic
AuthName "rutorrent"
AuthUserFile '/etc/.api.htpasswd'
Require valid-user
</Location>
<Location /sabnzbd>
ProxyPass http://localhost:65080/sabnzbd
ProxyPassReverse http://localhost:65080/sabnzbd
AuthType Basic
AuthName "rutorrent"
AuthUserFile '/etc/.api.htpasswd'
Require valid-user
</Location>
<Location /radarr>
ProxyPass http://localhost:7878/radarr
ProxyPassReverse http://localhost:7878/radarr
AuthType Basic
AuthName "rutorrent"
AuthUserFile '/etc/.api.htpasswd'
Require valid-user
</Location>
<Location /nzbhydra>
ProxyPass http://localhost:5075/nzbhydra
ProxyPassReverse http://localhost:5075/nzbhydra
AuthType Basic
AuthName "rutorrent"
AuthUserFile '/etc/.api.htpasswd'
Require valid-user
</Location>
</Virtualhost>
Once Apache starts, you should be able to browse to https://your-server:8443/sonarr and log in as your newly created API user. You can set up any App that accesses the various APIs using this URL and User.
