forked from blallo/Feedati
233 lines
7.2 KiB
ApacheConf
233 lines
7.2 KiB
ApacheConf
ServerRoot "/usr/local/apache2"
|
|
|
|
Listen 80
|
|
|
|
LoadModule mpm_event_module modules/mod_mpm_event.so
|
|
LoadModule authn_core_module modules/mod_authn_core.so
|
|
LoadModule authz_core_module modules/mod_authz_core.so
|
|
LoadModule access_compat_module modules/mod_access_compat.so
|
|
LoadModule mime_module modules/mod_mime.so
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
LoadModule env_module modules/mod_env.so
|
|
#LoadModule expires_module modules/mod_expires.so
|
|
LoadModule headers_module modules/mod_headers.so
|
|
#LoadModule setenvif_module modules/mod_setenvif.so
|
|
#LoadModule remoteip_module modules/mod_remoteip.so
|
|
LoadModule proxy_module modules/mod_proxy.so
|
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
|
LoadModule unixd_module modules/mod_unixd.so
|
|
#LoadModule status_module modules/mod_status.so
|
|
#LoadModule autoindex_module modules/mod_autoindex.so
|
|
LoadModule dir_module modules/mod_dir.so
|
|
LoadModule alias_module modules/mod_alias.so
|
|
|
|
LoadModule session_module modules/mod_session.so
|
|
LoadModule session_crypto_module modules/mod_session_crypto.so
|
|
LoadModule session_cookie_module modules/mod_session_cookie.so
|
|
LoadModule request_module modules/mod_request.so
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
LoadModule auth_form_module modules/mod_auth_form.so
|
|
LoadModule authn_dbd_module modules/mod_authn_dbd.so
|
|
LoadModule dbd_module modules/mod_dbd.so
|
|
|
|
LoadModule macro_module modules/mod_macro.so
|
|
LoadModule rewrite_module modules/mod_rewrite.so
|
|
|
|
<IfModule unixd_module>
|
|
#
|
|
# If you wish httpd to run as a different user or group, you must run
|
|
# httpd as root initially and it will switch.
|
|
#
|
|
# User/Group: The name (or #number) of the user/group to run httpd as.
|
|
# It is usually good practice to create a dedicated user and group for
|
|
# running httpd, as with most system services.
|
|
#
|
|
User daemon
|
|
Group daemon
|
|
</IfModule>
|
|
|
|
ServerAdmin you@example.com
|
|
|
|
ServerName feedati-fe:80
|
|
|
|
DBDriver pgsql
|
|
DBDParams "host=db dbname=feeds user=apache password=apachepass"
|
|
|
|
<Macro Auth>
|
|
AuthFormLoginRequiredLocation "/login/"
|
|
# authn
|
|
AuthFormProvider dbd
|
|
AuthDBDUserPWQuery "SELECT password FROM users.users WHERE username = %s"
|
|
# form
|
|
AuthType form
|
|
AuthName "authenticationform"
|
|
# mod_session
|
|
Session On
|
|
SessionCookieName session path=/;httponly
|
|
SessionCryptoPassphrase changeme!really!
|
|
</Macro>
|
|
|
|
<Location "/login/do">
|
|
SetHandler form-login-handler
|
|
Use Auth
|
|
AuthFormLoginSuccessLocation "/panel/"
|
|
</Location>
|
|
<Location "/logout">
|
|
SetHandler form-logout-handler
|
|
AuthFormLogoutLocation "/login/logout.html"
|
|
Session on
|
|
</Location>
|
|
|
|
<Directory />
|
|
AllowOverride none
|
|
Require all denied
|
|
</Directory>
|
|
|
|
DocumentRoot "/var/www"
|
|
<Directory "/var/www">
|
|
Options None
|
|
AllowOverride None
|
|
Use Auth
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Files ".ht*">
|
|
Require all denied
|
|
</Files>
|
|
|
|
# ErrorLog: The location of the error log file.
|
|
# If you do not specify an ErrorLog directive within a <VirtualHost>
|
|
# container, error messages relating to that virtual host will be
|
|
# logged here. If you *do* define an error logfile for a <VirtualHost>
|
|
# container, that host's errors will be logged there and not here.
|
|
#
|
|
ErrorLog /proc/self/fd/2
|
|
|
|
# LogLevel: Control the number of messages logged to the error_log.
|
|
# Possible values include: debug, info, notice, warn, error, crit,
|
|
# alert, emerg.
|
|
LogLevel warn
|
|
|
|
<IfModule log_config_module>
|
|
#
|
|
# The following directives define some format nicknames for use with
|
|
# a CustomLog directive (see below).
|
|
#
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
|
|
<IfModule logio_module>
|
|
# You need to enable mod_logio.c to use %I and %O
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
|
|
</IfModule>
|
|
|
|
#
|
|
# The location and format of the access logfile (Common Logfile Format).
|
|
# If you do not define any access logfiles within a <VirtualHost>
|
|
# container, they will be logged here. Contrariwise, if you *do*
|
|
# define per-<VirtualHost> access logfiles, transactions will be
|
|
# logged therein and *not* in this file.
|
|
#
|
|
CustomLog /proc/self/fd/1 common
|
|
|
|
#
|
|
# If you prefer a logfile with access, agent, and referer information
|
|
# (Combined Logfile Format) you can use the following directive.
|
|
#
|
|
#CustomLog "logs/access_log" combined
|
|
</IfModule>
|
|
|
|
<IfModule headers_module>
|
|
#
|
|
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
|
|
# backend servers which have lingering "httpoxy" defects.
|
|
# 'Proxy' request header is undefined by the IETF, not listed by IANA
|
|
#
|
|
RequestHeader unset Proxy early
|
|
</IfModule>
|
|
|
|
<IfModule mime_module>
|
|
#
|
|
# TypesConfig points to the file containing the list of mappings from
|
|
# filename extension to MIME-type.
|
|
#
|
|
TypesConfig conf/mime.types
|
|
|
|
#
|
|
# AddType allows you to add to or override the MIME configuration
|
|
# file specified in TypesConfig for specific file types.
|
|
#
|
|
#AddType application/x-gzip .tgz
|
|
#
|
|
# AddEncoding allows you to have certain browsers uncompress
|
|
# information on the fly. Note: Not all browsers support this.
|
|
#
|
|
#AddEncoding x-compress .Z
|
|
#AddEncoding x-gzip .gz .tgz
|
|
#
|
|
# If the AddEncoding directives above are commented-out, then you
|
|
# probably should define those extensions to indicate media types:
|
|
#
|
|
AddType application/x-compress .Z
|
|
AddType application/x-gzip .gz .tgz
|
|
|
|
#
|
|
# AddHandler allows you to map certain file extensions to "handlers":
|
|
# actions unrelated to filetype. These can be either built into the server
|
|
# or added with the Action directive (see below)
|
|
#
|
|
# To use CGI scripts outside of ScriptAliased directories:
|
|
# (You will also need to add "ExecCGI" to the "Options" directive.)
|
|
#
|
|
#AddHandler cgi-script .cgi
|
|
|
|
# For type maps (negotiated resources):
|
|
#AddHandler type-map var
|
|
|
|
#
|
|
# Filters allow you to process content before it is sent to the client.
|
|
#
|
|
# To parse .shtml files for server-side includesC (SSI):
|
|
# (You will also need to add "Includes" to the "Options" directive.)
|
|
#
|
|
#AddType text/html .shtml
|
|
#AddOutputFilter INCLUDES .shtml
|
|
</IfModule>
|
|
|
|
Redirect permanent "/tt-rss" "/tt-rss/"
|
|
|
|
Header always set Referrer-Policy "same-origin"
|
|
Header always setifempty Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
|
|
Header always setifempty X-XSS-Protection "1; mode=block"
|
|
Header always setifempty X-Frame-Options "deny"
|
|
|
|
ProxyPreserveHost On
|
|
<Location /tt-rss/>
|
|
ProxyPass http://tt-rss/tt-rss/
|
|
ProxyPassReverse http://tt-rss/tt-rss/
|
|
Use Auth
|
|
Require valid-user
|
|
RewriteEngine on
|
|
RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]
|
|
RequestHeader set X-Forwarded-User %{RU}e
|
|
</Location>
|
|
|
|
Redirect permanent "/rss-bridge" "/rss-bridge/"
|
|
|
|
<Location /rss-bridge/>
|
|
ProxyPass http://rss-bridge/
|
|
ProxyPassReverse http://rss-bridge/
|
|
Require all granted
|
|
</Location>
|
|
|
|
<Location /panel/>
|
|
ProxyPass http://panel:8000/
|
|
ProxyPassReverse http://panel:8000/
|
|
Use Auth
|
|
Require valid-user
|
|
RewriteEngine on
|
|
RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]
|
|
RequestHeader set X-Forwarded-User %{RU}e
|
|
</Location>
|
|
|
|
# vim: set ft=apache bkc=yes:
|