What does an Apache Proxy change that could be causing Domoticz API 401 errors?

Question

So I've put my Domoticz (Home automation software on RPi) behind a proxy, so it can be accessed from an external HTTPS address. This works fine for its own web interface, but for the API it provides, something goes wrong.

If I enter the following URL into my browser, it works fine:

http://localDomoticzIP:port/json.htm?username=MkE=&password=OVM=&type=command&param=getversion

However, if I use the HTTPS version, I get a 401 error:

https://myExternalURL.com/domoticz/json.htm?username=MkE=&password=OVM=&type=command&param=getversion

As you can see, not much has changed, yet one works, one doesn't.

Translation from myExternalURL.com/domoticz/ to localDomoticzIP:port happens in Apache, of which the config file looks like this:

<VirtualHost *:443>
    ServerName myExternalURL.com

    ErrorLog ${APACHE_LOG_DIR}/port_443_error.log
    CustomLog ${APACHE_LOG_DIR}/port_443_access.log combined

    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/live/myExternalURL.com/cert.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/myExternalURL.com/privkey.pem

    SSLProxyEngine on
    ProxyPreserveHost On
    ProxyRequests Off
    RewriteEngine on

    # I don't THINK the 3 lines below are important, since it's there for a
        different web page, but I'll leave it in, in case it may mess with
        something me knowing
    # When Upgrade:websocket header is present, redirect to ws
    # Using NC flag (case-insensitive) as some browsers will pass Websocket
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule .* ws://127.0.0.1:8000/socket.io%{REQUEST_URI}  [P]

    RewriteRule ^/domoticz$ /domoticz/ [R=307]

    # The two lines below are for another web page
    RewriteRule ^/sprinklers/node$ /sprinklers/node/ [R=307]
    RewriteRule ^/sprinklers$ /sprinklers/ [R=307]

    ProxyPassMatch      /domoticz\/?(.*)            https://127.0.0.1:444/$1
    ProxyPassReverse    /domoticz\/?(.*)            https://127.0.0.1:444/$1

    # The four lines below are for another web page
    ProxyPassMatch      /sprinklers/node(\/?)(.*)   http://127.0.0.1:8000/$2
    ProxyPassReverse    /sprinklers/node(\/?)(.*)   http://127.0.0.1:8000/$2
    ProxyPassMatch      /sprinklers(\/?)(.*)        http://127.0.0.1:8091/$2
    ProxyPassReverse    /sprinklers(\/?)(.*)        http://127.0.0.1:8091/$2

</VirtualHost>

Like I said, going to myExternalURL.com/domoticz/ in the browser works fine, but if I add an API call to that, it always returns a 401.

I've also tried setting the authorization header from an HTML page, but that results in the same thing: 401.

Does anyone have a clue what it could be that's being changed, and causing these 401 errors?

Answer 1

It turns out that the issue isn't with the current authorization, but with authorization from the past. My browser doesn't remove the sessionID cookie whenever you log out, which causes all sorts of issues when trying to authenticate after that.