diff options
Diffstat (limited to 'apache-funkwhale.conf')
-rw-r--r-- | apache-funkwhale.conf | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/apache-funkwhale.conf b/apache-funkwhale.conf index 9c98ffd063ec..40775f11cd9d 100644 --- a/apache-funkwhale.conf +++ b/apache-funkwhale.conf @@ -5,9 +5,10 @@ Define funkwhale-sn funkwhale.local # use different configuration than what is described in our installation guide. Define funkwhale-api http://localhost:5000 Define funkwhale-api-ws ws://localhost:5000 + Define FUNKWHALE_FRONTEND_PATH /usr/share/webapps/funkwhale/front/dist Define FUNKWHALE_DATA_PATH /srv/funkwhale/data -Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music +Define APACHE_LOG_DIR /var/log/httpd <IfModule mod_alias.c> Alias /funkwhale ${FUNKWHALE_FRONTEND_PATH} @@ -55,6 +56,10 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music # Tell the api that the client is using https RequestHeader set X-Forwarded-Proto "https" + + # Additional security headers +# Header set Referrer-Policy "strict-origin-when-cross-origin" +# Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:" # Configure Proxy settings # ProxyPreserveHost pass the original Host header to the backend server @@ -78,9 +83,13 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music # similar to nginx 'client_max_body_size 100M;' LimitRequestBody 104857600 +# Header set X-Frame-Options "sameorigin" +# Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:" +# Header set Referrer-Policy "strict-origin-when-cross-origin" ProxyPass ${funkwhale-api}/ ProxyPassReverse ${funkwhale-api}/ </Location> + <Location "/federation"> ProxyPass ${funkwhale-api}/federation ProxyPassReverse ${funkwhale-api}/federation @@ -97,6 +106,11 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music ProxyPassReverse ${funkwhale-api}/.well-known/ </Location> +# <Location "/front/embed.html"> +# Header set X-Frame-Options "allow-from ${funkwhale-sn}" +# </Location> +# Alias /front/embed.html ${FUNKWHALE_FRONTEND_PATH}/embed.html + <Location "/front"> ProxyPass "!" </Location> @@ -144,7 +158,7 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music <IfModule mod_xsendfile.c> XSendFile On XSendFilePath ${FUNKWHALE_DATA_PATH}/media - XSendFilePath ${MUSIC_DIRECTORY_PATH} + XSendFilePath ${FUNKWHALE_DATA_PATH}/music SetEnv MOD_X_SENDFILE_ENABLED 1 </IfModule> </VirtualHost> |