# Remote access for multiple TivoWeb-ed units



## goony (Nov 20, 2003)

If you have more than one Tivo/DTivo on your home LAN that is running TivoWeb/TivoWebPlus and you would like to access each of them from the internet, read on.

*Note: If you mess up some of this stuff you could expose your home computers and Tivos to being compromised... DANGER... proceed at your own risk! You assume all responsibility from this point on!! You may wish to consult a network and systems expert before attempting any of this!!!*

I am posting this here to share with others what worked for me in getting my Apache webserver configured so as to be able to service multiple units on my home network as remote user. Yours may require a different setup, software, hardware, etc.

Providing remote access for a single Tivo/DTivo is somewhat of a challenge, but to configure things for remote access to multiple boxes makes things much more complicated... basically, you have to re-write the HTML code for the links and images within the TivoWeb pages from each individual Tivo box before sending them back to the user browser. Example:


```
[FONT=Courier New]<a href="/info">[/FONT] 
This is what a native TivoWeb link HTML code might look like on your home LAN browser 
 
[FONT=Courier New]<a href="http://supergoon.dyndns.org/tivo1/info">[/FONT] 
This is what the same link HTML code might look like on a browser on the internet
```
Below are the relevant sections of my Apache webserver (running on Linux on an old PC) configuration. I am not providing the details on the other necessary precursor steps such as 

Creating the Linux (or other) platform to run the Apache webserver
Installation, configuration and proper security settings on your webserver or firewall/router boxes
Installing or building the Apache webserver software 
Setup of web username/password authentication within the Apache server 
To learn the above you will need to consult other websites which should contain more than enough information than I could post in this topic.

I do provide some generic comments on some items other than the actual Apache configs... see my text below.

I will try to answer any questions that you may have, but no guarantees that I'll have the answers... this is what I put together and it works very well 100% of the time for me, but your experiences may differ.

Here goes: 

Here are the relevant parts of my Apache config files that permit me to access my Tivo boxes via incoming 443 connection - I've cut out the "ordinary stuff" from the config files and have only included the parts that deal with the incoming Tivo access. This assumes you have some knowledge of Apache + SSL and how to build/install the needed module(s).

First, the firewall/router needs to be setup for forward any incoming (from out on the internet) port 443 (SSL/https) connection requests to the IP address of the server that is running Apache. I allow no other inbound ports to be opened, not even port 80 (regular http) traffic.

Each time your DSL or cable modem does a reconnect to the internet your network provider may give you a different IP address. This can be problematic if you are trying to access your home network firewall/router from somewhere on the internet.

To solve this problem I use a free "dyndns.org" account which gives me a consistent name to connect to and be able to reach my home router no matter what address it is currently at.

I put my dyndns.org userid/password for dyndns.org into my Linksys BEFSX41 router/firewall (it has a provision for this - not all router/firewalls do). If your router doesn't support this then you will need to add a client program on one of your home PCs (available as download from the dyndns.org website) to periodically contact their server and report your IP address.

Each time my router/firewall makes a new DSL connection it reports its current IP address back to the dyndns.org "mother ship", thus I can always access my home Tivos using the IP name that I chose when I setup my dyndns.org account, e.g. 


```
https://supergoon.dyndns.org/tivo1/ 
https://supergoon.dyndns.org/tivo2/ 
https://supergoon.dyndns.org/tivo3/
```

An SSL/https session is now established between my browser and my Apache server. Any access to the above URLs causes a prompting for username/password authentication from the Apache server. Once authenticated, the Apache server accesses the appropriate Tivo (running TivoWebPlus) on my home LAN.

From then on out the Apache server is the "go-between" for my browser on the internet and each of my Tivo boxes; the Apache box takes care of rewriting the web pages so that during remote access everything looks and acts the same on the screen as it does when I am accessing the Tivos from a web browser on my home LAN.

The proxy_html module takes care of rewriting the links within the page so that what comes from each of the Tivo boxes ends up with the proper hrefs to access each individual page from each Tivo box.


```
#------------------ from httpd.conf (main config file) 
... 
# at the bottom of the "load modules" section 
# I'm not sure I remember which of these the Tivo stuff is using, so 
# here are all of the "proxy-ish" modules I am loading 
LoadModule proxy_module modules/mod_proxy.so 
LoadModule proxy_http_module modules/mod_proxy_http.so 
LoadModule proxy_connect_module modules/mod_proxy_connect.so 
 
#added 02-Jan-05 for mod_proxy_html - this one I had to build special 
# - was not part of regular Apache modules (if I recall correctly) 
LoadFile    /usr/lib/libxml2.so 
LoadModule  proxy_html_module    modules/mod_proxy_html.so 
 
#------------------- from ssl.conf (config file for the SSL/https) 
... 
## 
## SSL Virtual Host Context 
## 
 
<VirtualHost _default_:443> 
... 
# 02Jan05 - For Tivo stuff 
<Location /tivo1/> 
        ProxyPassReverse / 
        SetOutputFilter  proxy-html 
        ProxyHTMLURLMap  /      /tivo1/ 
        ProxyHTMLURLMap  /tivo1  /tivo1 
        RequestHeader    unset  Accept-Encoding 
</Location> 
<Location /tivo2/> 
        ProxyPassReverse / 
        SetOutputFilter  proxy-html 
        ProxyHTMLURLMap  /      /tivo2/ 
        ProxyHTMLURLMap  /tivo2  /tivo2 
        RequestHeader    unset  Accept-Encoding 
</Location> 
<Location /tivo3/> 
        ProxyPassReverse / 
        SetOutputFilter  proxy-html 
        ProxyHTMLURLMap  /      /tivo3/ 
        ProxyHTMLURLMap  /tivo3  /tivo3 
        RequestHeader    unset  Accept-Encoding 
</Location> 
... 
#tivo stuff added 
<IfModule mod_proxy.c> 
 ProxyRequests Off 
 ProxyPass /tivo1 [url]http://192.168.20.70[/url] #addresses of Tivos on home LAN 
 ProxyPass /tivo2 [url]http://192.168.20.71[/url] 
 ProxyPass /tivo3 [url]http://192.168.20.72[/url] 
 ProxyHTMLURLMap [url]http://192.168.20.70[/url] /tivo1 
 ProxyHTMLURLMap [url]http://192.168.20.71[/url] /tivo2 
 ProxyHTMLURLMap [url]http://192.168.20.72[/url] /tivo3 
 
 <Proxy *> 
  Order Deny,Allow 
  Allow from All 
  AuthType Basic 
  AuthName "Valid ID Please" 
  AuthUserFile /etc/httpd/conf/tivopasswd 
  Require valid-user 
  </Proxy> 
 
 </IfModule> 
</VirtualHost>
```


----------



## DougF (Mar 18, 2003)

I'm using gotomydvr.com for this.


----------



## blueshoo (Jun 11, 2001)

Looks like a good solution to implement SSL. I have a couple TiVos running TWP on different ports, and use port forwarding on the router to send http://xxx.xxx.xxx.xxx:#### to the appropriate TiVo box internal IP address/port from the Internet. No SSL, but requires the TWP login, and can limit access to certain Internet IPs on the router (eg: work IP address/range).


----------



## goony (Nov 20, 2003)

My main reason for implementing this type of solution is that I only have outbound port 80 and 443 (http and https) access from my workplace, thus I could not use a solution that didn't use a standard TCP port - I had to hit my home box via https and then "branch out" to the various DTivos from there.


----------



## goony (Nov 20, 2003)

DougF said:


> I'm using gotomydvr.com for this.


I need to investigate using that... I cooked this up before gotomydvr was available.


----------

