# Following variables MUST be modified according to your setup Define funkwhale-sn funkwhale.local # Following variables should be modified according to your setup and if you # use different configuration than what is described in our installation guide. Define funkwhale-api http://localhost:5000 Define funkwhale-api-ws ws://localhost:5000 Define FRONTEND_PATH /usr/share/webapps/funkwhale/front/dist Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music # HTTP requests redirected to HTTPS ServerName ${funkwhale-sn} # Default is to force https RewriteEngine on RewriteCond %{SERVER_NAME} =${funkwhale-sn} RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] Options None Require all granted # Protocols h2 http/1.1 ServerName ${funkwhale-sn} # Path to ErrorLog and access log ErrorLog /var/log/httpd/funkwhale/error.log CustomLog /var/log/httpd/funkwhale/access.log combined # TLS # Feel free to use your own configuration for SSL here or simply remove the # lines and move the configuration to the previous server block if you # don't want to run funkwhale behind https (this is not recommended) # have a look here for let's encrypt configuration: # https://certbot.eff.org/lets-encrypt/debianstretch-apache.html SSLEngine on SSLProxyEngine On SSLCertificateFile "/etc/webapps/funkwhale/config/funkwhale-server.crt" SSLCertificateKeyFile "/etc/webapps/funkwhale/config/funkwhale-server.key" # SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem # SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem # Include /etc/letsencrypt/options-ssl-apache.conf # Tell the api that the client is using https RequestHeader set X-Forwarded-Proto "https" DocumentRoot ${FRONTEND_PATH} FallbackResource /index.html # Configure Proxy settings # ProxyPreserveHost pass the original Host header to the backend server ProxyVia On ProxyPreserveHost On RemoteIPHeader X-Forwarded-For # Turning ProxyRequests on and allowing proxying from all may allow # spammers to use your proxy to send email. ProxyRequests Off AddDefaultCharset off Order Allow,Deny Allow from all # Activating WebSockets ProxyPass "/api/v1/instance/activity" ${funkwhale-api-ws}/api/v1/instance/activity # similar to nginx 'client_max_body_size 30M;' LimitRequestBody 31457280 ProxyPass ${funkwhale-api}/api ProxyPassReverse ${funkwhale-api}/api ProxyPass ${funkwhale-api}/federation ProxyPassReverse ${funkwhale-api}/federation # You can comment this if you don't plan to use the Subsonic API ProxyPass ${funkwhale-api}/api/subsonic/rest ProxyPassReverse ${funkwhale-api}/api/subsonic/rest ProxyPass ${funkwhale-api}/.well-known/ ProxyPassReverse ${funkwhale-api}/.well-known/ Alias /media /srv/funkwhale/data/media Alias /staticfiles /srv/funkwhale/data/static # Setting appropriate access levels to serve frontend Options FollowSymLinks AllowOverride None Require all granted Options FollowSymLinks AllowOverride None Require all granted Options FollowSymLinks AllowOverride None Require all granted # XSendFile is serving audio files # WARNING : permissions on paths specified below overrides previous definition, # everything under those paths is potentially exposed. # Following directive may be needed to ensure xsendfile is loaded LoadModule xsendfile_module modules/mod_xsendfile.so XSendFile On XSendFilePath /srv/funkwhale/data/media XSendFilePath ${MUSIC_DIRECTORY_PATH} SetEnv MOD_X_SENDFILE_ENABLED 1