Skip to content
Snippets Groups Projects
Commit 51b23b5e authored by Hazmo's avatar Hazmo
Browse files

First version of Apache2 conf (transcoding, auth and ws missing)

parent 99ff8169
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 126 additions and 0 deletions
deploy/apache.conf 0 → 100644
+ 126
0
View file @ 51b23b5e
# Following variables should be modified according to your setup
Define funkwhale-api http://192.168.1.199:5000
Define funkwhale-api-ws ws://192.168.1.199:5000
Define funkwhale-sn funkwhale.duckdns.org
Define MUSIC_DIRECTORY_PATH /music/directory/path
# HTTP request redirected to HTTPS
<VirtualHost *:80>
ServerName ${funkwhale-sn}
# Default is to force https
RewriteEngine on
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
<Location "/.well-known/acme-challenge/">
Options None
Require all granted
</Location>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ${funkwhale-sn}
# Path to ErrorLog and access log
ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
# TLS
# Feel free to use your own configuration for SSL here or simply remove the
# lines and move the configuration to the previous server block if you
# don't want to run funkwhale behind https (this is not recommanded)
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
DocumentRoot /srv/funkwhale/front/dist
FallbackResource /index.html
# Configure Proxy settings
# ProxyPreserveHost pass the original Host header to the backend server
ProxyVia On
ProxyPreserveHost On
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
</IfModule>
# Turning ProxyRequests on and allowing proxying from all may allow
# spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order Allow,Deny
Allow from all
# Here you can set a password using htpasswd to protect your proxy server
#Authtype Basic
#Authname "Password Required"
#AuthUserFile /etc/apache2/.htpasswd
#Require valid-user
</Proxy>
# Activating WebSockets (not working)
ProxyPass "/api/v1/instance/activity" "ws://192.168.1.199:5000/api/v1/instance/activity"
<Location "/api">
# similar to nginx 'client_max_body_size 30M;'
LimitRequestBody 31457280
ProxyPass ${funkwhale-api}/api
ProxyPassReverse ${funkwhale-api}/api
</Location>
<Location "/federation">
ProxyPass ${funkwhale-api}/federation
ProxyPassReverse ${funkwhale-api}/federation
</Location>
<Location "/.well-known/webfinger">
ProxyPass ${funkwhale-api}/.well-known/webfinger
ProxyPassReverse ${funkwhale-api}/.well-known/webfinger
</Location>
Alias /media /srv/funkwhale/data/media
# Following alias is bypassing the auth check done in nginx
Alias /_protected/media /srv/funkwhale/data/media
Alias /staticfiles /srv/funkwhale/data/static
# Setting appropriate access levels to serve frontend
<Directory "/srv/funkwhale/data/static">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/funkwhale/front/dist>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# XSendFile is serving audio files
# WARNING : permissions on paths specified below overrides previous definition,
# everything under those paths is potentially exposed.
# Following directive may be needed to ensure xsendfile is loaded
#LoadModule xsendfile_module modules/mod_xsendfile.so
<IfModule mod_xsendfile.c>
XSendFile On
XSendFilePath /srv/funkwhale/data/media
XSendFilePath ${MUSIC_DIRECTORY_PATH}
SetEnv MOD_X_SENDFILE_ENABLED 1
</IfModule>
</VirtualHost>
</IfModule>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment