apache.conf 4.12 KB
Newer Older
1
2
3
4
5
6
7
8
9
# Following variables MUST be modified according to your setup
Define funkwhale-sn funkwhale.yourdomain.com

# Following variables should be modified according to your setup and if you
# use different configuration than what is described in our installation guide.
Define funkwhale-api http://localhost:5000
Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
# websockets are not working yet
# Define funkwhale-api-ws ws://localhost:5000
10
11


12
# HTTP requests redirected to HTTPS
13
14
<VirtualHost *:80>
   ServerName ${funkwhale-sn}
15

16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   # Default is to force https
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =${funkwhale-sn}
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

   <Location "/.well-known/acme-challenge/">
      Options None
      Require all granted
   </Location>
</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443>
   ServerName ${funkwhale-sn}

32
   # Path to ErrorLog and access log
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
   ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
   CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined

   # TLS
   # Feel free to use your own configuration for SSL here or simply remove the
   # lines and move the configuration to the previous server block if you
   # don't want to run funkwhale behind https (this is not recommanded)
   # have a look here for let's encrypt configuration:
   # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
   SSLEngine on
   SSLProxyEngine On
   SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
   Include /etc/letsencrypt/options-ssl-apache.conf

48
49
   # Tell the api that the client is using https
   RequestHeader set X-Forwarded-Proto "https"
50
51
52
53
54
55
56
57
58
59
60
61
62
63

   DocumentRoot /srv/funkwhale/front/dist

   FallbackResource /index.html

   # Configure Proxy settings
   # ProxyPreserveHost pass the original Host header to the backend server
   ProxyVia On
   ProxyPreserveHost On
   <IfModule mod_remoteip.c>
      RemoteIPHeader X-Forwarded-For
   </IfModule>

   # Turning ProxyRequests on and allowing proxying from all may allow
64
   # spammers to use your proxy to send email.
65
   ProxyRequests Off
66
67

   <Proxy *>
68
69
70
71
72
73
      AddDefaultCharset off
      Order Allow,Deny
      Allow from all
   </Proxy>

   # Activating WebSockets (not working)
74
   # ProxyPass "/api/v1/instance/activity"  "ws://localhost:5000/api/v1/instance/activity"
75
76
77

   <Location "/api">
      # similar to nginx 'client_max_body_size 30M;'
78
      LimitRequestBody 31457280
79
80
81
82
83
84
85
86

      ProxyPass ${funkwhale-api}/api
      ProxyPassReverse ${funkwhale-api}/api
   </Location>
   <Location "/federation">
      ProxyPass ${funkwhale-api}/federation
      ProxyPassReverse ${funkwhale-api}/federation
   </Location>
87

88
89
90
91
92
93
   # You can comment this if you don't plan to use the Subsonic API
   <Location "/rest">
      ProxyPass ${funkwhale-api}/api/subsonic/rest
      ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
   </Location>

94
95
96
   <Location "/.well-known/">
      ProxyPass ${funkwhale-api}/.well-known/
      ProxyPassReverse ${funkwhale-api}/.well-known/
97
98
99
100
101
102
103
   </Location>

   Alias /media /srv/funkwhale/data/media

   Alias /staticfiles /srv/funkwhale/data/static

   # Setting appropriate access levels to serve frontend
104
   <Directory "/srv/funkwhale/data/static">
105
      Options FollowSymLinks
106
      AllowOverride None
107
108
109
110
111
112
113
114
115
      Require all granted
   </Directory>

   <Directory /srv/funkwhale/front/dist>
      Options FollowSymLinks
      AllowOverride None
      Require all granted
   </Directory>

116
117
118
119
120
121
   <Directory /srv/funkwhale/data/media/albums>
      Options FollowSymLinks
      AllowOverride None
      Require all granted
   </Directory>

122
123
124
125
126
127
128
   # XSendFile is serving audio files
   # WARNING : permissions on paths specified below overrides previous definition,
   # everything under those paths is potentially exposed.
   # Following directive may be needed to ensure xsendfile is loaded
   #LoadModule xsendfile_module modules/mod_xsendfile.so
   <IfModule mod_xsendfile.c>
      XSendFile On
129
      XSendFilePath /srv/funkwhale/data/media
130
131
132
133
134
      XSendFilePath ${MUSIC_DIRECTORY_PATH}
      SetEnv MOD_X_SENDFILE_ENABLED 1
   </IfModule>
</VirtualHost>
</IfModule>