summarylogtreecommitdiffstats
path: root/apache-funkwhale.conf
blob: 18a1cdf831fc720cc60c25cd336090cada941edd (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

# Following variables MUST be modified according to your setup
Define funkwhale-sn funkwhale.local

# Following variables should be modified according to your setup and if you
# use different configuration than what is described in our installation guide.
Define funkwhale-api http://localhost:5000
Define funkwhale-api-ws ws://localhost:5000
Define FRONTEND_PATH /usr/share/webapps/funkwhale/front/dist
Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music

# HTTP requests redirected to HTTPS
<VirtualHost 127.0.0.2:80>
   ServerName ${funkwhale-sn}

   # Default is to force https
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =${funkwhale-sn}
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

   <Location "/.well-known/acme-challenge/">
      Options None
      Require all granted
   </Location>
</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost 127.0.0.2:443>
   # Protocols h2 http/1.1
   ServerName ${funkwhale-sn}

   # Path to ErrorLog and access log
   ErrorLog /var/log/httpd/funkwhale/error.log
   CustomLog /var/log/httpd/funkwhale/access.log combined

   # TLS
   # Feel free to use your own configuration for SSL here or simply remove the
   # lines and move the configuration to the previous server block if you
   # don't want to run funkwhale behind https (this is not recommended)
   # have a look here for let's encrypt configuration:
   # https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
   SSLEngine on
   SSLProxyEngine On
   SSLCertificateFile "/etc/webapps/funkwhale/config/funkwhale-server.crt"
   SSLCertificateKeyFile "/etc/webapps/funkwhale/config/funkwhale-server.key"
#   SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
#   SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
#   Include /etc/letsencrypt/options-ssl-apache.conf

   # Tell the api that the client is using https
   RequestHeader set X-Forwarded-Proto "https"

   DocumentRoot ${FRONTEND_PATH}

   FallbackResource /index.html

   # Configure Proxy settings
   # ProxyPreserveHost pass the original Host header to the backend server
   ProxyVia On
   ProxyPreserveHost On
   <IfModule mod_remoteip.c>
      RemoteIPHeader X-Forwarded-For
   </IfModule>

   # Turning ProxyRequests on and allowing proxying from all may allow
   # spammers to use your proxy to send email.
   ProxyRequests Off

   <Proxy *>
      AddDefaultCharset off
      Order Allow,Deny
      Allow from all
   </Proxy>

   # Activating WebSockets
   ProxyPass "/api/v1/instance/activity"  ${funkwhale-api-ws}/api/v1/instance/activity

   <Location "/api">
      # similar to nginx 'client_max_body_size 30M;'
      LimitRequestBody 31457280

      ProxyPass ${funkwhale-api}/api
      ProxyPassReverse ${funkwhale-api}/api
   </Location>
   <Location "/federation">
      ProxyPass ${funkwhale-api}/federation
      ProxyPassReverse ${funkwhale-api}/federation
   </Location>

   # You can comment this if you don't plan to use the Subsonic API
   <Location "/rest">
      ProxyPass ${funkwhale-api}/api/subsonic/rest
      ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
   </Location>

   <Location "/.well-known/">
      ProxyPass ${funkwhale-api}/.well-known/
      ProxyPassReverse ${funkwhale-api}/.well-known/
   </Location>

   Alias /media /srv/funkwhale/data/media

   Alias /staticfiles /srv/funkwhale/data/static

   # Setting appropriate access levels to serve frontend
   <Directory "/srv/funkwhale/data/static">
      Options FollowSymLinks
      AllowOverride None
      Require all granted
   </Directory>

   <Directory ${FRONTEND_PATH}>
      Options FollowSymLinks
      AllowOverride None
      Require all granted
   </Directory>

   <Directory /srv/funkwhale/data/media>
      Options FollowSymLinks
      AllowOverride None
      Require all granted
   </Directory>

   # XSendFile is serving audio files
   # WARNING : permissions on paths specified below overrides previous definition,
   # everything under those paths is potentially exposed.
   # Following directive may be needed to ensure xsendfile is loaded
   LoadModule xsendfile_module modules/mod_xsendfile.so
   <IfModule mod_xsendfile.c>
      XSendFile On
      XSendFilePath /srv/funkwhale/data/media
      XSendFilePath ${MUSIC_DIRECTORY_PATH}
      SetEnv MOD_X_SENDFILE_ENABLED 1
   </IfModule>
</VirtualHost>
</IfModule>