So I've put my Domoticz (Home automation software on RPi) behind a proxy, so it can be accessed from an external HTTPS address. This works fine for its own web interface, but for the API it provides, something goes wrong.
If I enter the following URL into my browser, it works fine:
http://localDomoticzIP:port/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
However, if I use the HTTPS version, I get a 401 error:
https://myExternalURL.com/domoticz/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
As you can see, not much has changed, yet one works, one doesn't.
Translation from myExternalURL.com/domoticz/ to localDomoticzIP:port happens in Apache, of which the config file looks like this:
<VirtualHost *:443>
ServerName myExternalURL.com
ErrorLog ${APACHE_LOG_DIR}/port_443_error.log
CustomLog ${APACHE_LOG_DIR}/port_443_access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myExternalURL.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myExternalURL.com/privkey.pem
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
RewriteEngine on
# I don't THINK the 3 lines below are important, since it's there for a
different web page, but I'll leave it in, in case it may mess with
something me knowing
# When Upgrade:websocket header is present, redirect to ws
# Using NC flag (case-insensitive) as some browsers will pass Websocket
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* ws://127.0.0.1:8000/socket.io%{REQUEST_URI} [P]
RewriteRule ^/domoticz$ /domoticz/ [R=307]
# The two lines below are for another web page
RewriteRule ^/sprinklers/node$ /sprinklers/node/ [R=307]
RewriteRule ^/sprinklers$ /sprinklers/ [R=307]
ProxyPassMatch /domoticz\/?(.*) https://127.0.0.1:444/$1
ProxyPassReverse /domoticz\/?(.*) https://127.0.0.1:444/$1
# The four lines below are for another web page
ProxyPassMatch /sprinklers/node(\/?)(.*) http://127.0.0.1:8000/$2
ProxyPassReverse /sprinklers/node(\/?)(.*) http://127.0.0.1:8000/$2
ProxyPassMatch /sprinklers(\/?)(.*) http://127.0.0.1:8091/$2
ProxyPassReverse /sprinklers(\/?)(.*) http://127.0.0.1:8091/$2
</VirtualHost>
Like I said, going to myExternalURL.com/domoticz/ in the browser works fine, but if I add an API call to that, it always returns a 401.
I've also tried setting the authorization header from an HTML page, but that results in the same thing: 401.
Does anyone have a clue what it could be that's being changed, and causing these 401 errors?
It turns out that the issue isn't with the current authorization, but with authorization from the past. My browser doesn't remove the sessionID cookie whenever you log out, which causes all sorts of issues when trying to authenticate after that.