Apache config extract (you will need to enable mod_proxy, mod_proxy_http and mod_headers for this to work):
<VirtualHost *:80> ProxyPreserveHost On ProxyRequests Off ProxyPass / http://localhost:3000/ ProxyPassReverse / http://localhost:3000/ RequestHeader set "X-WEBAUTH-USER" "admin" </VirtualHost>
On a separate Apache instance exposed to more networks I did the following:
Configured Apache as reverse proxy to the internal instance
Restricted access from specific IP addresses
Setup a rule to redirect requests to the root of the website (and only those) to a specific dashboard
This is how the Apache config looks like (requires mod_proxy, mod_proxy_http and mod_alias; IP addresses, host names etc. changed)
<VirtualHost *:80> ServerName sub.example.org ServerAlias www.sub.example.org <Location /> Require ip 192.0.2.0/24 Require ip 203.0.113.0/24 Require ip 2001:0db8:85a4::/64 Require ip 2001:0db8:85a5::/64 RedirectMatch ^/$ /dashboard/db/mydashboard </Location> ProxyPreserveHost On ProxyRequests Off ProxyPass / http://[2001:0db8:85a3::aaaa:8a2e:0370:7334]/ ProxyPassReverse / http://[2001:0db8:85a3::aaaa:8a2e:0370:7334]/ </VirtualHost>
Using a public IPv6 address on the internal host allows the whole thing to work with just a few firewall rules, without the need to mess with NAT or a VPN.
Despite having read the opposite, it looks like IPv6 is disabled by default on the latest OSMC release (2015.06-1). I've tried adding a sysctl.d file to set /proc/sys/net/ipv6/conf/eth0/disable_ipv6 to 0, but this did not help. It worked only when I ran the command manually. By going through numerous forum posts I eventually found out that you need to use the connmanctl CLI tool:
