kopia lustrzana https://dev.funkwhale.audio/funkwhale/funkwhale
144 wiersze
4.3 KiB
ApacheConf
144 wiersze
4.3 KiB
ApacheConf
# Following variables MUST be modified according to your setup
|
|
Define funkwhale-sn funkwhale.yourdomain.com
|
|
|
|
# Following variables should be modified according to your setup and if you
|
|
# use different configuration than what is described in our installation guide.
|
|
Define funkwhale-api http://localhost:5000
|
|
Define funkwhale-api-ws ws://localhost:5000
|
|
Define FUNKWHALE_ROOT_PATH /srv/funkwhale
|
|
Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/music
|
|
Define MEDIA_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/media
|
|
|
|
# HTTP requests redirected to HTTPS
|
|
<VirtualHost *:80>
|
|
ServerName ${funkwhale-sn}
|
|
|
|
# Default is to force https
|
|
RewriteEngine on
|
|
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
|
|
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
|
|
|
|
<Location "/.well-known/acme-challenge/">
|
|
Options None
|
|
Require all granted
|
|
</Location>
|
|
</VirtualHost>
|
|
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName ${funkwhale-sn}
|
|
|
|
# Path to ErrorLog and access log
|
|
ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
|
|
|
|
# TLS
|
|
# Feel free to use your own configuration for SSL here or simply remove the
|
|
# lines and move the configuration to the previous server block if you
|
|
# don't want to run funkwhale behind https (this is not recommended)
|
|
# have a look here for let's encrypt configuration:
|
|
# https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
|
|
SSLEngine on
|
|
SSLProxyEngine On
|
|
SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
|
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
|
# Tell the api that the client is using https
|
|
RequestHeader set X-Forwarded-Proto "https"
|
|
|
|
# Configure Proxy settings
|
|
# ProxyPreserveHost pass the original Host header to the backend server
|
|
ProxyVia On
|
|
ProxyPreserveHost On
|
|
<IfModule mod_remoteip.c>
|
|
RemoteIPHeader X-Forwarded-For
|
|
</IfModule>
|
|
|
|
# Turning ProxyRequests on and allowing proxying from all may allow
|
|
# spammers to use your proxy to send e-mail.
|
|
ProxyRequests Off
|
|
|
|
<Proxy *>
|
|
AddDefaultCharset off
|
|
Order Allow,Deny
|
|
Allow from all
|
|
</Proxy>
|
|
|
|
<Location "/">
|
|
# similar to nginx 'client_max_body_size 100M;'
|
|
LimitRequestBody 104857600
|
|
|
|
ProxyPass ${funkwhale-api}/
|
|
ProxyPassReverse ${funkwhale-api}/
|
|
</Location>
|
|
<Location "/federation">
|
|
ProxyPass ${funkwhale-api}/federation
|
|
ProxyPassReverse ${funkwhale-api}/federation
|
|
</Location>
|
|
|
|
# You can comment this if you don't plan to use the Subsonic API
|
|
<Location "/rest">
|
|
ProxyPass ${funkwhale-api}/api/subsonic/rest
|
|
ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
|
|
</Location>
|
|
|
|
<Location "/.well-known/">
|
|
ProxyPass ${funkwhale-api}/.well-known/
|
|
ProxyPassReverse ${funkwhale-api}/.well-known/
|
|
</Location>
|
|
|
|
<Location "/front">
|
|
ProxyPass "!"
|
|
</Location>
|
|
Alias /front ${FUNKWHALE_ROOT_PATH}/front/dist
|
|
|
|
<Location "/media">
|
|
ProxyPass "!"
|
|
</Location>
|
|
Alias /media ${MEDIA_DIRECTORY_PATH}
|
|
|
|
<Location "/staticfiles">
|
|
ProxyPass "!"
|
|
</Location>
|
|
Alias /staticfiles ${FUNKWHALE_ROOT_PATH}/data/static
|
|
|
|
# Activating WebSockets
|
|
<Location "/api/v1/activity">
|
|
ProxyPass ${funkwhale-api-ws}/api/v1/activity
|
|
</Location>
|
|
|
|
# Setting appropriate access levels to serve frontend
|
|
<Directory "${FUNKWHALE_ROOT_PATH}/data/static">
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory "${FUNKWHALE_ROOT_PATH}/front/dist">
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory "${MEDIA_DIRECTORY_PATH}">
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
# XSendFile is serving audio files
|
|
# WARNING : permissions on paths specified below overrides previous definition,
|
|
# everything under those paths is potentially exposed.
|
|
# Following directive may be needed to ensure xsendfile is loaded
|
|
#LoadModule xsendfile_module modules/mod_xsendfile.so
|
|
<IfModule mod_xsendfile.c>
|
|
XSendFile On
|
|
XSendFilePath ${MEDIA_DIRECTORY_PATH}
|
|
XSendFilePath ${MUSIC_DIRECTORY_PATH}
|
|
SetEnv MOD_X_SENDFILE_ENABLED 1
|
|
</IfModule>
|
|
</VirtualHost>
|
|
</IfModule>
|