Commit 770f9fbd authored by Eliot Berriot's avatar Eliot Berriot
Browse files

Merge branch 'develop' into 'develop'

First version of Apache2 conf (transcoding, auth and ws missing)

See merge request funkwhale/funkwhale!165
parents 9ab20a5b d1835455
# Following variables should be modified according to your setup
Define funkwhale-api http://192.168.1.199:5000
Define funkwhale-api-ws ws://192.168.1.199:5000
Define funkwhale-sn funkwhale.duckdns.org
Define MUSIC_DIRECTORY_PATH /music/directory/path
# HTTP request redirected to HTTPS
<VirtualHost *:80>
ServerName ${funkwhale-sn}
# Default is to force https
RewriteEngine on
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
<Location "/.well-known/acme-challenge/">
Options None
Require all granted
</Location>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ${funkwhale-sn}
# Path to ErrorLog and access log
ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
# TLS
# Feel free to use your own configuration for SSL here or simply remove the
# lines and move the configuration to the previous server block if you
# don't want to run funkwhale behind https (this is not recommanded)
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
DocumentRoot /srv/funkwhale/front/dist
FallbackResource /index.html
# Configure Proxy settings
# ProxyPreserveHost pass the original Host header to the backend server
ProxyVia On
ProxyPreserveHost On
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
</IfModule>
# Turning ProxyRequests on and allowing proxying from all may allow
# spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order Allow,Deny
Allow from all
# Here you can set a password using htpasswd to protect your proxy server
#Authtype Basic
#Authname "Password Required"
#AuthUserFile /etc/apache2/.htpasswd
#Require valid-user
</Proxy>
# Activating WebSockets (not working)
ProxyPass "/api/v1/instance/activity" "ws://192.168.1.199:5000/api/v1/instance/activity"
<Location "/api">
# similar to nginx 'client_max_body_size 30M;'
LimitRequestBody 31457280
ProxyPass ${funkwhale-api}/api
ProxyPassReverse ${funkwhale-api}/api
</Location>
<Location "/federation">
ProxyPass ${funkwhale-api}/federation
ProxyPassReverse ${funkwhale-api}/federation
</Location>
<Location "/.well-known/webfinger">
ProxyPass ${funkwhale-api}/.well-known/webfinger
ProxyPassReverse ${funkwhale-api}/.well-known/webfinger
</Location>
Alias /media /srv/funkwhale/data/media
Alias /staticfiles /srv/funkwhale/data/static
# Setting appropriate access levels to serve frontend
<Directory "/srv/funkwhale/data/static">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/funkwhale/front/dist>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# XSendFile is serving audio files
# WARNING : permissions on paths specified below overrides previous definition,
# everything under those paths is potentially exposed.
# Following directive may be needed to ensure xsendfile is loaded
#LoadModule xsendfile_module modules/mod_xsendfile.so
<IfModule mod_xsendfile.c>
XSendFile On
XSendFilePath /srv/funkwhale/data/media
XSendFilePath ${MUSIC_DIRECTORY_PATH}
SetEnv MOD_X_SENDFILE_ENABLED 1
</IfModule>
</VirtualHost>
</IfModule>
......@@ -31,7 +31,7 @@ Layout
All funkwhale-related files will be located under ``/srv/funkwhale`` apart
from database files and a few configuration files. We will also have a
dedicated ``funwhale`` user to launch the processes we need and own those files.
dedicated ``funkwhale`` user to launch the processes we need and own those files.
You are free to use different values here, just remember to adapt those in the
next steps.
......
......@@ -18,7 +18,7 @@ On debian-like systems, you would install the database server like this:
.. code-block:: shell
sudo apt-get install postgresql
sudo apt-get install postgresql postgresql-contrib
The remaining steps are heavily inspired from `this Digital Ocean guide <https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04>`_.
......
......@@ -103,7 +103,8 @@ Then, download our sample virtualhost file and proxy conf:
.. parsed-literal::
curl -L -o /etc/nginx/funkwhale_proxy.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/funkwhale_proxy.conf"
curl -L -o /etc/nginx/sites-enabled/funkwhale.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/nginx.conf"
curl -L -o /etc/nginx/sites-available/funkwhale.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/nginx.conf"
ln -s /etc/nginx/sites-available/funkwhale.conf /etc/nginx/sites-enabled/
Ensure static assets and proxy pass match your configuration, and check the configuration is valid with ``nginx -t``. If everything is fine, you can restart your nginx server with ``service nginx restart``.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment