diff options
| author | getzze | 2018-11-03 23:41:48 +0000 |
|---|---|---|
| committer | getzze | 2018-11-03 23:41:48 +0000 |
| commit | 0a98f273576c7ed2bf000882730e2ccac1dcd9cb (patch) | |
| tree | f50174daa78173beb5a410a565952ff92b760fc6 /apache-funkwhale.conf | |
| download | aur-0a98f273576c7ed2bf000882730e2ccac1dcd9cb.tar.gz | |
version 0.17
Diffstat (limited to 'apache-funkwhale.conf')
| -rw-r--r-- | apache-funkwhale.conf | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/apache-funkwhale.conf b/apache-funkwhale.conf new file mode 100644 index 000000000000..18a1cdf831fc --- /dev/null +++ b/apache-funkwhale.conf @@ -0,0 +1,136 @@ +# Following variables MUST be modified according to your setup +Define funkwhale-sn funkwhale.local + +# Following variables should be modified according to your setup and if you +# use different configuration than what is described in our installation guide. +Define funkwhale-api http://localhost:5000 +Define funkwhale-api-ws ws://localhost:5000 +Define FRONTEND_PATH /usr/share/webapps/funkwhale/front/dist +Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music + +# HTTP requests redirected to HTTPS +<VirtualHost 127.0.0.2:80> + ServerName ${funkwhale-sn} + + # Default is to force https + RewriteEngine on + RewriteCond %{SERVER_NAME} =${funkwhale-sn} + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] + + <Location "/.well-known/acme-challenge/"> + Options None + Require all granted + </Location> +</VirtualHost> + + +<IfModule mod_ssl.c> +<VirtualHost 127.0.0.2:443> + # Protocols h2 http/1.1 + ServerName ${funkwhale-sn} + + # Path to ErrorLog and access log + ErrorLog /var/log/httpd/funkwhale/error.log + CustomLog /var/log/httpd/funkwhale/access.log combined + + # TLS + # Feel free to use your own configuration for SSL here or simply remove the + # lines and move the configuration to the previous server block if you + # don't want to run funkwhale behind https (this is not recommended) + # have a look here for let's encrypt configuration: + # https://certbot.eff.org/lets-encrypt/debianstretch-apache.html + SSLEngine on + SSLProxyEngine On + SSLCertificateFile "/etc/webapps/funkwhale/config/funkwhale-server.crt" + SSLCertificateKeyFile "/etc/webapps/funkwhale/config/funkwhale-server.key" +# SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem +# SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem +# Include /etc/letsencrypt/options-ssl-apache.conf + + # Tell the api that the client is using https + RequestHeader set X-Forwarded-Proto "https" + + DocumentRoot ${FRONTEND_PATH} + + FallbackResource /index.html + + # Configure Proxy settings + # ProxyPreserveHost pass the original Host header to the backend server + ProxyVia On + ProxyPreserveHost On + <IfModule mod_remoteip.c> + RemoteIPHeader X-Forwarded-For + </IfModule> + + # Turning ProxyRequests on and allowing proxying from all may allow + # spammers to use your proxy to send email. + ProxyRequests Off + + <Proxy *> + AddDefaultCharset off + Order Allow,Deny + Allow from all + </Proxy> + + # Activating WebSockets + ProxyPass "/api/v1/instance/activity" ${funkwhale-api-ws}/api/v1/instance/activity + + <Location "/api"> + # similar to nginx 'client_max_body_size 30M;' + LimitRequestBody 31457280 + + ProxyPass ${funkwhale-api}/api + ProxyPassReverse ${funkwhale-api}/api + </Location> + <Location "/federation"> + ProxyPass ${funkwhale-api}/federation + ProxyPassReverse ${funkwhale-api}/federation + </Location> + + # You can comment this if you don't plan to use the Subsonic API + <Location "/rest"> + ProxyPass ${funkwhale-api}/api/subsonic/rest + ProxyPassReverse ${funkwhale-api}/api/subsonic/rest + </Location> + + <Location "/.well-known/"> + ProxyPass ${funkwhale-api}/.well-known/ + ProxyPassReverse ${funkwhale-api}/.well-known/ + </Location> + + Alias /media /srv/funkwhale/data/media + + Alias /staticfiles /srv/funkwhale/data/static + + # Setting appropriate access levels to serve frontend + <Directory "/srv/funkwhale/data/static"> + Options FollowSymLinks + AllowOverride None + Require all granted + </Directory> + + <Directory ${FRONTEND_PATH}> + Options FollowSymLinks + AllowOverride None + Require all granted + </Directory> + + <Directory /srv/funkwhale/data/media> + Options FollowSymLinks + AllowOverride None + Require all granted + </Directory> + + # XSendFile is serving audio files + # WARNING : permissions on paths specified below overrides previous definition, + # everything under those paths is potentially exposed. + # Following directive may be needed to ensure xsendfile is loaded + LoadModule xsendfile_module modules/mod_xsendfile.so + <IfModule mod_xsendfile.c> + XSendFile On + XSendFilePath /srv/funkwhale/data/media + XSendFilePath ${MUSIC_DIRECTORY_PATH} + SetEnv MOD_X_SENDFILE_ENABLED 1 + </IfModule> +</VirtualHost> +</IfModule> |