2018-04-28 12:25:20 +00:00
|
|
|
# Following variables MUST be modified according to your setup
|
|
|
|
Define funkwhale-sn funkwhale.yourdomain.com
|
|
|
|
|
|
|
|
# Following variables should be modified according to your setup and if you
|
|
|
|
# use different configuration than what is described in our installation guide.
|
|
|
|
Define funkwhale-api http://localhost:5000
|
2018-06-13 15:30:21 +00:00
|
|
|
Define funkwhale-api-ws ws://localhost:5000
|
2018-04-28 12:25:20 +00:00
|
|
|
Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
|
2018-04-26 10:32:21 +00:00
|
|
|
|
2018-06-07 08:15:31 +00:00
|
|
|
# HTTP requests redirected to HTTPS
|
2018-04-26 10:32:21 +00:00
|
|
|
<VirtualHost *:80>
|
|
|
|
ServerName ${funkwhale-sn}
|
2018-04-28 12:25:20 +00:00
|
|
|
|
2018-04-26 10:32:21 +00:00
|
|
|
# Default is to force https
|
|
|
|
RewriteEngine on
|
|
|
|
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
|
|
|
|
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
|
|
|
|
|
|
|
|
<Location "/.well-known/acme-challenge/">
|
|
|
|
Options None
|
|
|
|
Require all granted
|
|
|
|
</Location>
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
|
|
|
|
<IfModule mod_ssl.c>
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerName ${funkwhale-sn}
|
|
|
|
|
2018-04-28 12:25:20 +00:00
|
|
|
# Path to ErrorLog and access log
|
2018-04-26 10:32:21 +00:00
|
|
|
ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
|
|
|
|
|
|
|
|
# TLS
|
|
|
|
# Feel free to use your own configuration for SSL here or simply remove the
|
|
|
|
# lines and move the configuration to the previous server block if you
|
2018-06-25 21:48:28 +00:00
|
|
|
# don't want to run funkwhale behind https (this is not recommended)
|
2018-04-26 10:32:21 +00:00
|
|
|
# have a look here for let's encrypt configuration:
|
2018-06-10 20:48:20 +00:00
|
|
|
# https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
|
2018-04-26 10:32:21 +00:00
|
|
|
SSLEngine on
|
|
|
|
SSLProxyEngine On
|
|
|
|
SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
|
|
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
|
|
|
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
|
|
2018-06-07 08:15:31 +00:00
|
|
|
# Tell the api that the client is using https
|
|
|
|
RequestHeader set X-Forwarded-Proto "https"
|
2018-04-26 10:32:21 +00:00
|
|
|
|
|
|
|
DocumentRoot /srv/funkwhale/front/dist
|
|
|
|
|
|
|
|
FallbackResource /index.html
|
|
|
|
|
|
|
|
# Configure Proxy settings
|
|
|
|
# ProxyPreserveHost pass the original Host header to the backend server
|
|
|
|
ProxyVia On
|
|
|
|
ProxyPreserveHost On
|
|
|
|
<IfModule mod_remoteip.c>
|
|
|
|
RemoteIPHeader X-Forwarded-For
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
# Turning ProxyRequests on and allowing proxying from all may allow
|
2018-04-28 12:25:20 +00:00
|
|
|
# spammers to use your proxy to send email.
|
2018-04-26 10:32:21 +00:00
|
|
|
ProxyRequests Off
|
2018-04-28 12:25:20 +00:00
|
|
|
|
|
|
|
<Proxy *>
|
2018-04-26 10:32:21 +00:00
|
|
|
AddDefaultCharset off
|
|
|
|
Order Allow,Deny
|
|
|
|
Allow from all
|
|
|
|
</Proxy>
|
|
|
|
|
2018-06-13 15:30:21 +00:00
|
|
|
# Activating WebSockets
|
|
|
|
ProxyPass "/api/v1/instance/activity" ${funkwhale-api-ws}/api/v1/instance/activity
|
2018-04-26 10:32:21 +00:00
|
|
|
|
|
|
|
<Location "/api">
|
|
|
|
# similar to nginx 'client_max_body_size 30M;'
|
2018-04-28 12:25:20 +00:00
|
|
|
LimitRequestBody 31457280
|
2018-04-26 10:32:21 +00:00
|
|
|
|
|
|
|
ProxyPass ${funkwhale-api}/api
|
|
|
|
ProxyPassReverse ${funkwhale-api}/api
|
|
|
|
</Location>
|
|
|
|
<Location "/federation">
|
|
|
|
ProxyPass ${funkwhale-api}/federation
|
|
|
|
ProxyPassReverse ${funkwhale-api}/federation
|
|
|
|
</Location>
|
2018-04-28 12:25:20 +00:00
|
|
|
|
2018-05-29 16:12:46 +00:00
|
|
|
# You can comment this if you don't plan to use the Subsonic API
|
|
|
|
<Location "/rest">
|
|
|
|
ProxyPass ${funkwhale-api}/api/subsonic/rest
|
|
|
|
ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
|
|
|
|
</Location>
|
|
|
|
|
2018-05-07 20:29:22 +00:00
|
|
|
<Location "/.well-known/">
|
|
|
|
ProxyPass ${funkwhale-api}/.well-known/
|
|
|
|
ProxyPassReverse ${funkwhale-api}/.well-known/
|
2018-04-26 10:32:21 +00:00
|
|
|
</Location>
|
|
|
|
|
|
|
|
Alias /media /srv/funkwhale/data/media
|
|
|
|
|
|
|
|
Alias /staticfiles /srv/funkwhale/data/static
|
|
|
|
|
|
|
|
# Setting appropriate access levels to serve frontend
|
2018-04-28 12:25:20 +00:00
|
|
|
<Directory "/srv/funkwhale/data/static">
|
2018-04-26 10:32:21 +00:00
|
|
|
Options FollowSymLinks
|
2018-04-28 12:25:20 +00:00
|
|
|
AllowOverride None
|
2018-04-26 10:32:21 +00:00
|
|
|
Require all granted
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
<Directory /srv/funkwhale/front/dist>
|
|
|
|
Options FollowSymLinks
|
|
|
|
AllowOverride None
|
|
|
|
Require all granted
|
|
|
|
</Directory>
|
|
|
|
|
2018-07-23 09:13:44 +00:00
|
|
|
<Directory /srv/funkwhale/data/media>
|
2018-06-07 08:15:31 +00:00
|
|
|
Options FollowSymLinks
|
|
|
|
AllowOverride None
|
|
|
|
Require all granted
|
|
|
|
</Directory>
|
|
|
|
|
2018-04-26 10:32:21 +00:00
|
|
|
# XSendFile is serving audio files
|
|
|
|
# WARNING : permissions on paths specified below overrides previous definition,
|
|
|
|
# everything under those paths is potentially exposed.
|
|
|
|
# Following directive may be needed to ensure xsendfile is loaded
|
|
|
|
#LoadModule xsendfile_module modules/mod_xsendfile.so
|
|
|
|
<IfModule mod_xsendfile.c>
|
|
|
|
XSendFile On
|
2018-04-28 12:25:20 +00:00
|
|
|
XSendFilePath /srv/funkwhale/data/media
|
2018-04-26 10:32:21 +00:00
|
|
|
XSendFilePath ${MUSIC_DIRECTORY_PATH}
|
|
|
|
SetEnv MOD_X_SENDFILE_ENABLED 1
|
|
|
|
</IfModule>
|
|
|
|
</VirtualHost>
|
|
|
|
</IfModule>
|