diff --git a/deploy/apache.conf b/deploy/apache.conf
new file mode 100644
index 0000000000000000000000000000000000000000..75618e350b117dbe97f4ced2768e4b11d3a81958
--- /dev/null
+++ b/deploy/apache.conf
@@ -0,0 +1,123 @@
+# Following variables should be modified according to your setup
+Define funkwhale-api http://192.168.1.199:5000
+Define funkwhale-api-ws ws://192.168.1.199:5000
+Define funkwhale-sn funkwhale.duckdns.org
+Define MUSIC_DIRECTORY_PATH /music/directory/path
+
+
+# HTTP request redirected to HTTPS
+<VirtualHost *:80>
+ ServerName ${funkwhale-sn}
+
+ # Default is to force https
+ RewriteEngine on
+ RewriteCond %{SERVER_NAME} =${funkwhale-sn}
+ RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+ <Location "/.well-known/acme-challenge/">
+ Options None
+ Require all granted
+ </Location>
+
+</VirtualHost>
+
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+ ServerName ${funkwhale-sn}
+
+ # Path to ErrorLog and access log
+ ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
+ CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
+
+ # TLS
+ # Feel free to use your own configuration for SSL here or simply remove the
+ # lines and move the configuration to the previous server block if you
+ # don't want to run funkwhale behind https (this is not recommanded)
+ # have a look here for let's encrypt configuration:
+ # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
+ SSLEngine on
+ SSLProxyEngine On
+ SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
+ Include /etc/letsencrypt/options-ssl-apache.conf
+
+
+ DocumentRoot /srv/funkwhale/front/dist
+
+ FallbackResource /index.html
+
+ # Configure Proxy settings
+ # ProxyPreserveHost pass the original Host header to the backend server
+ ProxyVia On
+ ProxyPreserveHost On
+ <IfModule mod_remoteip.c>
+ RemoteIPHeader X-Forwarded-For
+ </IfModule>
+
+ # Turning ProxyRequests on and allowing proxying from all may allow
+ # spammers to use your proxy to send email.
+ ProxyRequests Off
+
+ <Proxy *>
+ AddDefaultCharset off
+ Order Allow,Deny
+ Allow from all
+ # Here you can set a password using htpasswd to protect your proxy server
+ #Authtype Basic
+ #Authname "Password Required"
+ #AuthUserFile /etc/apache2/.htpasswd
+ #Require valid-user
+ </Proxy>
+
+ # Activating WebSockets (not working)
+ ProxyPass "/api/v1/instance/activity" "ws://192.168.1.199:5000/api/v1/instance/activity"
+
+ <Location "/api">
+ # similar to nginx 'client_max_body_size 30M;'
+ LimitRequestBody 31457280
+
+ ProxyPass ${funkwhale-api}/api
+ ProxyPassReverse ${funkwhale-api}/api
+ </Location>
+ <Location "/federation">
+ ProxyPass ${funkwhale-api}/federation
+ ProxyPassReverse ${funkwhale-api}/federation
+ </Location>
+
+ <Location "/.well-known/webfinger">
+ ProxyPass ${funkwhale-api}/.well-known/webfinger
+ ProxyPassReverse ${funkwhale-api}/.well-known/webfinger
+ </Location>
+
+ Alias /media /srv/funkwhale/data/media
+
+ Alias /staticfiles /srv/funkwhale/data/static
+
+ # Setting appropriate access levels to serve frontend
+ <Directory "/srv/funkwhale/data/static">
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+ </Directory>
+
+ <Directory /srv/funkwhale/front/dist>
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+ </Directory>
+
+ # XSendFile is serving audio files
+ # WARNING : permissions on paths specified below overrides previous definition,
+ # everything under those paths is potentially exposed.
+ # Following directive may be needed to ensure xsendfile is loaded
+ #LoadModule xsendfile_module modules/mod_xsendfile.so
+ <IfModule mod_xsendfile.c>
+ XSendFile On
+ XSendFilePath /srv/funkwhale/data/media
+ XSendFilePath ${MUSIC_DIRECTORY_PATH}
+ SetEnv MOD_X_SENDFILE_ENABLED 1
+ </IfModule>
+
+</VirtualHost>
+</IfModule>
diff --git a/docs/installation/debian.rst b/docs/installation/debian.rst
index c4e54218d53bf85fc4aa647e0516be86956df319..eb0c3f0eaca309b0992bb876a5652e4a3f1011a5 100644
--- a/docs/installation/debian.rst
+++ b/docs/installation/debian.rst
@@ -31,7 +31,7 @@ Layout
All funkwhale-related files will be located under ``/srv/funkwhale`` apart
from database files and a few configuration files. We will also have a
-dedicated ``funwhale`` user to launch the processes we need and own those files.
+dedicated ``funkwhale`` user to launch the processes we need and own those files.
You are free to use different values here, just remember to adapt those in the
next steps.
diff --git a/docs/installation/external_dependencies.rst b/docs/installation/external_dependencies.rst
index 7de8abca05112383e55569c305b7f359651c522a..39d32b38fdaf2c3e071665341164b12e77dc9309 100644
--- a/docs/installation/external_dependencies.rst
+++ b/docs/installation/external_dependencies.rst
@@ -18,7 +18,7 @@ On debian-like systems, you would install the database server like this:
.. code-block:: shell
- sudo apt-get install postgresql
+ sudo apt-get install postgresql postgresql-contrib
The remaining steps are heavily inspired from `this Digital Ocean guide <https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04>`_.
diff --git a/docs/installation/index.rst b/docs/installation/index.rst
index 776c22424f15929324520e1d57076d4bd2a5656c..c2a70421bb15a0aadb4e55d64447830190c62ed7 100644
--- a/docs/installation/index.rst
+++ b/docs/installation/index.rst
@@ -103,7 +103,8 @@ Then, download our sample virtualhost file and proxy conf:
.. parsed-literal::
curl -L -o /etc/nginx/funkwhale_proxy.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/funkwhale_proxy.conf"
- curl -L -o /etc/nginx/sites-enabled/funkwhale.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/nginx.conf"
+ curl -L -o /etc/nginx/sites-available/funkwhale.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/nginx.conf"
+ ln -s /etc/nginx/sites-available/funkwhale.conf /etc/nginx/sites-enabled/
Ensure static assets and proxy pass match your configuration, and check the configuration is valid with ``nginx -t``. If everything is fine, you can restart your nginx server with ``service nginx restart``.