File di configurazione Apache

2017-01-25 00:26:03 +01:00 · 2017-01-25 00:26:03 +01:00 · 00548709ad
commit 00548709ad
parent 1a1e8bc7d4
1 changed files with 72 additions and 29 deletions
--- a/cable.conf
+++ b/cable.conf
@ -1,21 +1,8 @@
-<VirtualHost *:443>
-	ServerName cable-service-ca.cable.im
-	SSLEngine On
+###
+### Apache configuration file for Signal-Server
+### 

-	# Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
-	# È l'hostname a cui si connette Twilio per ottenere le informazioni
-	# necessarie a fare la verifica del numero tramite chiamata vocale.
-
-	SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
-	SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
-	Include /etc/letsencrypt/options-ssl-apache.conf
-	SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
-
-	ProxyVia On
-	ProxyPreserveHost On
-	ProxyPass / http://127.0.0.1:4242/
-	ProxyPassReverse / http://127.0.0.1:4242/
-</VirtualHost>
+### VirtualHost for the main service:

 <VirtualHost *:443>
 	ServerName cable-service.cable.im
@ -40,35 +27,91 @@
 	ProxyPassReverse / ws://127.0.0.1:4242/
 </VirtualHost>

+
+### VirtualHost for letting Twilio call back:
+
+<VirtualHost *:443>
+	ServerName cable-service-ca.cable.im
+	SSLEngine On
+
+	# Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
+	# È l'hostname a cui si connette Twilio per ottenere le informazioni
+	# necessarie a fare la verifica del numero tramite chiamata vocale.
+
+	SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
+	Include /etc/letsencrypt/options-ssl-apache.conf
+	SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
+
+	ProxyVia On
+	ProxyPreserveHost On
+	ProxyPass / http://127.0.0.1:4242/
+	ProxyPassReverse / http://127.0.0.1:4242/
+</VirtualHost>
+
+
+### Giphy proxy:
+
 <VirtualHost *:80>
 	ServerName giphy.com
 	ServerAlias *.giphy.com
 	ProxyRequests On
 	ProxyVia Block
-	ProxyPreserveHost On
+#	ProxyPreserveHost On

-	## The AllowConnect directive specifies a list of ports
-	## to which the proxy CONNECT method may connect.
+	# The AllowConnect directive specifies a list of ports
+	# to which the proxy CONNECT method may connect.
 	AllowConnect 443

-	## Only ever allow incoming HTTP CONNECT requests.
-	## Explicitly deny other request types like GET, POST, etc.
-	## This tells Apache to return a 403 Forbidden if this virtual
-	## host receives anything other than an HTTP CONNECT.
+	# Only allow HTTP CONNECT requests, denying the others (GET, POST, ...).
 	<Location />
-		<LimitExcept CONNECT>
-			Order allow,deny
-			Deny from all
-		</LimitExcept>
+		Require method CONNECT
 	</Location>

+	# This <Proxy *> block is not really needed, but let's leave it.
 	<Proxy *>
-		Order allow,deny
+		# New syntax, see https://httpd.apache.org/docs/2.4/upgrading.html
+		# Can't be mixed with the old "Order" and "Allow" stuff, so we stay
+		# with the old syntax for now...
+		#Require all denied
+
+		Order deny,allow
 		Deny from all
 	</Proxy>

 	<Proxy "*.giphy.com:443">
+		#Require all granted
+
+		Order allow,deny
 		Allow from all
 	</Proxy>
 </VirtualHost>

+
+### Adminer (adminer.org):
+
+<VirtualHost *:443>
+	ServerName db.cable.im
+	SSLEngine On
+
+	SSLCertificateFile /etc/letsencrypt/live/db.cable.im/cert.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/db.cable.im/privkey.pem
+	Include /etc/letsencrypt/options-ssl-apache.conf
+	SSLCertificateChainFile /etc/letsencrypt/live/db.cable.im/chain.pem
+
+	DocumentRoot "/var/www/adminer/"
+
+	<Files ".*">
+		#Require all denied
+		Order deny,allow
+		Deny from all
+	</Files>
+
+	<Location />
+		AuthType Basic
+		AuthUserFile "/var/www/adminer/.htpasswd"
+		AuthName "Adminer"
+		Require valid-user
+	</Location>
+</VirtualHost>
+