cable-service/cable.conf

###
### Apache configuration file for Signal-Server
### 

### VirtualHost for the main service:

<VirtualHost *:443>
	ServerName cable-service.cable.im
	SSLEngine On

	# Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.
	# Nel keystore del'app Android è il root certificate della nostra CA, assicurando
	# così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.

	SSLCertificateFile /home/cable/certificati/whisper.crt
	SSLCertificateKeyFile /home/cable/certificati/whisper.key
	Include /etc/letsencrypt/options-ssl-apache.conf
	#SSLCertificateChainFile /home/cable/certificati/whisper.crt

	# Per proxare websocket (ws://) serve questa roba:
	#
	# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html

	ProxyVia On
	ProxyPreserveHost On
	ProxyPass / ws://127.0.0.1:4242/
	ProxyPassReverse / ws://127.0.0.1:4242/
</VirtualHost>


### VirtualHost for letting Twilio call back:

<VirtualHost *:443>
	ServerName cable-service-ca.cable.im
	SSLEngine On

	# Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
	# È l'hostname a cui si connette Twilio per ottenere le informazioni
	# necessarie a fare la verifica del numero tramite chiamata vocale.

	SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem

	ProxyVia On
	ProxyPreserveHost On
	ProxyPass / http://127.0.0.1:4242/
	ProxyPassReverse / http://127.0.0.1:4242/
</VirtualHost>


### Giphy proxy:

<VirtualHost *:80>
	ServerName giphy.com
	ServerAlias *.giphy.com
	ProxyRequests On
	ProxyVia Block
#	ProxyPreserveHost On

	# The AllowConnect directive specifies a list of ports
	# to which the proxy CONNECT method may connect.
	AllowConnect 443

	# Only allow HTTP CONNECT requests, denying the others (GET, POST, ...).
	<Location />
		Require method CONNECT
	</Location>

	# This <Proxy *> block is not really needed, but let's leave it.
	<Proxy *>
		# New syntax, see https://httpd.apache.org/docs/2.4/upgrading.html
		# Can't be mixed with the old "Order" and "Allow" stuff, so we stay
		# with the old syntax for now...
		#Require all denied

		Order deny,allow
		Deny from all
	</Proxy>

	<Proxy "*.giphy.com:443">
		#Require all granted

		Order allow,deny
		Allow from all
	</Proxy>
</VirtualHost>


### Adminer (adminer.org):

<VirtualHost *:443>
	ServerName db.cable.im
	SSLEngine On

	SSLCertificateFile /etc/letsencrypt/live/db.cable.im/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/db.cable.im/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateChainFile /etc/letsencrypt/live/db.cable.im/chain.pem

	DocumentRoot "/var/www/adminer/"

	<Files ".*">
		#Require all denied
		Order deny,allow
		Deny from all
	</Files>

	<Location />
		AuthType Basic
		AuthUserFile "/var/www/adminer/.htpasswd"
		AuthName "Adminer"
		Require valid-user
	</Location>
</VirtualHost>
File di configurazione Apache 2017-01-25 00:26:03 +01:00			`###`
			`### Apache configuration file for Signal-Server`
			`###`
File di configurazione Apache 2017-01-25 00:25:16 +01:00
File di configurazione Apache 2017-01-25 00:26:03 +01:00			`### VirtualHost for the main service:`
File di configurazione Apache 2017-01-24 17:17:19 +01:00
			`<VirtualHost *:443>`
			`ServerName cable-service.cable.im`
			`SSLEngine On`

			`# Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.`
			`# Nel keystore del'app Android è il root certificate della nostra CA, assicurando`
			`# così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.`

			`SSLCertificateFile /home/cable/certificati/whisper.crt`
			`SSLCertificateKeyFile /home/cable/certificati/whisper.key`
			`Include /etc/letsencrypt/options-ssl-apache.conf`
			`#SSLCertificateChainFile /home/cable/certificati/whisper.crt`

			`# Per proxare websocket (ws://) serve questa roba:`
			`#`
			`# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html`

			`ProxyVia On`
			`ProxyPreserveHost On`
			`ProxyPass / ws://127.0.0.1:4242/`
			`ProxyPassReverse / ws://127.0.0.1:4242/`
			`</VirtualHost>`

File di configurazione Apache 2017-01-25 00:26:03 +01:00
			`### VirtualHost for letting Twilio call back:`

			`<VirtualHost *:443>`
			`ServerName cable-service-ca.cable.im`
			`SSLEngine On`

			`# Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).`
			`# È l'hostname a cui si connette Twilio per ottenere le informazioni`
			`# necessarie a fare la verifica del numero tramite chiamata vocale.`

			`SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem`
			`Include /etc/letsencrypt/options-ssl-apache.conf`
			`SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem`

			`ProxyVia On`
			`ProxyPreserveHost On`
			`ProxyPass / http://127.0.0.1:4242/`
			`ProxyPassReverse / http://127.0.0.1:4242/`
			`</VirtualHost>`


			`### Giphy proxy:`

File di configurazione Apache 2017-01-24 17:17:19 +01:00			`<VirtualHost *:80>`
			`ServerName giphy.com`
			`ServerAlias *.giphy.com`
			`ProxyRequests On`
			`ProxyVia Block`
File di configurazione Apache 2017-01-25 00:26:03 +01:00			`# ProxyPreserveHost On`
File di configurazione Apache 2017-01-24 17:17:19 +01:00
File di configurazione Apache 2017-01-25 00:26:03 +01:00			`# The AllowConnect directive specifies a list of ports`
			`# to which the proxy CONNECT method may connect.`
File di configurazione Apache 2017-01-24 17:17:19 +01:00			`AllowConnect 443`

File di configurazione Apache 2017-01-25 00:26:03 +01:00			`# Only allow HTTP CONNECT requests, denying the others (GET, POST, ...).`
File di configurazione Apache 2017-01-24 17:17:19 +01:00			`<Location />`
File di configurazione Apache 2017-01-25 00:26:03 +01:00			`Require method CONNECT`
File di configurazione Apache 2017-01-24 17:17:19 +01:00			`</Location>`

File di configurazione Apache 2017-01-25 00:26:03 +01:00			`# This <Proxy *> block is not really needed, but let's leave it.`
File di configurazione Apache 2017-01-24 17:17:19 +01:00			`<Proxy *>`
File di configurazione Apache 2017-01-25 00:26:03 +01:00			`# New syntax, see https://httpd.apache.org/docs/2.4/upgrading.html`
			`# Can't be mixed with the old "Order" and "Allow" stuff, so we stay`
			`# with the old syntax for now...`
			`#Require all denied`

			`Order deny,allow`
File di configurazione Apache 2017-01-24 17:17:19 +01:00			`Deny from all`
			`</Proxy>`

			`<Proxy "*.giphy.com:443">`
File di configurazione Apache 2017-01-25 00:26:03 +01:00			`#Require all granted`

			`Order allow,deny`
File di configurazione Apache 2017-01-24 17:17:19 +01:00			`Allow from all`
			`</Proxy>`
			`</VirtualHost>`

File di configurazione Apache 2017-01-25 00:26:03 +01:00
			`### Adminer (adminer.org):`

			`<VirtualHost *:443>`
			`ServerName db.cable.im`
			`SSLEngine On`

			`SSLCertificateFile /etc/letsencrypt/live/db.cable.im/cert.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/db.cable.im/privkey.pem`
			`Include /etc/letsencrypt/options-ssl-apache.conf`
			`SSLCertificateChainFile /etc/letsencrypt/live/db.cable.im/chain.pem`

			`DocumentRoot "/var/www/adminer/"`

			`<Files ".*">`
			`#Require all denied`
			`Order deny,allow`
			`Deny from all`
			`</Files>`

			`<Location />`
			`AuthType Basic`
			`AuthUserFile "/var/www/adminer/.htpasswd"`
			`AuthName "Adminer"`
			`Require valid-user`
			`</Location>`
			`</VirtualHost>`