Commit fd32d240 authored by Agate's avatar Agate 💬

Merge branch 'fixApacheCovers' into 'develop'

XForwardedProto to https & covers granted

See merge request funkwhale/funkwhale!237
parents 0a7c719a c353d59d
Album cover served in http (#264)
Apache is now serving album covers in https
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Two issues are addressed here. The first one was about Django replying with
mixed content (http) when queried for covers. Setting up the `X-Forwarded-Proto`
allows Django to know that the client is using https, and that the reply must
be https as well.
Second issue was a problem of permission causing Apache a denied access to
album cover folder. It was solved by adding another block for this path in
the Apache configuration file for funkwhale.
Here is how to modify your `funkwhale.conf` :
<VirtualHost *:443>
...
Include /etc/letsencrypt/options-ssl-apache.conf
#Add this new line
RequestHeader set X-Forwarded-Proto "https"
...
#Add this new block below the other <Directory/> blocks
<Directory /srv/funkwhale/data/media/albums>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
...
</VirtualHost>
......@@ -9,7 +9,7 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
# Define funkwhale-api-ws ws://localhost:5000
# HTTP request redirected to HTTPS
# HTTP requests redirected to HTTPS
<VirtualHost *:80>
ServerName ${funkwhale-sn}
......@@ -22,7 +22,6 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
Options None
Require all granted
</Location>
</VirtualHost>
......@@ -46,6 +45,8 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Tell the api that the client is using https
RequestHeader set X-Forwarded-Proto "https"
DocumentRoot /srv/funkwhale/front/dist
......@@ -112,6 +113,12 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
Require all granted
</Directory>
<Directory /srv/funkwhale/data/media/albums>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# XSendFile is serving audio files
# WARNING : permissions on paths specified below overrides previous definition,
# everything under those paths is potentially exposed.
......@@ -123,6 +130,5 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
XSendFilePath ${MUSIC_DIRECTORY_PATH}
SetEnv MOD_X_SENDFILE_ENABLED 1
</IfModule>
</VirtualHost>
</IfModule>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment