|
@@ -1,21 +1,8 @@
|
|
|
-<VirtualHost *:443>
|
|
|
- ServerName cable-service-ca.cable.im
|
|
|
- SSLEngine On
|
|
|
-
|
|
|
- # Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
|
|
|
- # È l'hostname a cui si connette Twilio per ottenere le informazioni
|
|
|
- # necessarie a fare la verifica del numero tramite chiamata vocale.
|
|
|
+###
|
|
|
+### Apache configuration file for Signal-Server
|
|
|
+###
|
|
|
|
|
|
- SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
|
|
|
- SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
|
|
|
- Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
- SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
|
|
|
-
|
|
|
- ProxyVia On
|
|
|
- ProxyPreserveHost On
|
|
|
- ProxyPass / http://127.0.0.1:4242/
|
|
|
- ProxyPassReverse / http://127.0.0.1:4242/
|
|
|
-</VirtualHost>
|
|
|
+### VirtualHost for the main service:
|
|
|
|
|
|
<VirtualHost *:443>
|
|
|
ServerName cable-service.cable.im
|
|
@@ -40,35 +27,91 @@
|
|
|
ProxyPassReverse / ws://127.0.0.1:4242/
|
|
|
</VirtualHost>
|
|
|
|
|
|
+
|
|
|
+### VirtualHost for letting Twilio call back:
|
|
|
+
|
|
|
+<VirtualHost *:443>
|
|
|
+ ServerName cable-service-ca.cable.im
|
|
|
+ SSLEngine On
|
|
|
+
|
|
|
+ # Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
|
|
|
+ # È l'hostname a cui si connette Twilio per ottenere le informazioni
|
|
|
+ # necessarie a fare la verifica del numero tramite chiamata vocale.
|
|
|
+
|
|
|
+ SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
|
|
|
+ SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
|
|
|
+ Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
+ SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
|
|
|
+
|
|
|
+ ProxyVia On
|
|
|
+ ProxyPreserveHost On
|
|
|
+ ProxyPass / http://127.0.0.1:4242/
|
|
|
+ ProxyPassReverse / http://127.0.0.1:4242/
|
|
|
+</VirtualHost>
|
|
|
+
|
|
|
+
|
|
|
+### Giphy proxy:
|
|
|
+
|
|
|
<VirtualHost *:80>
|
|
|
ServerName giphy.com
|
|
|
ServerAlias *.giphy.com
|
|
|
ProxyRequests On
|
|
|
ProxyVia Block
|
|
|
- ProxyPreserveHost On
|
|
|
+# ProxyPreserveHost On
|
|
|
|
|
|
- ## The AllowConnect directive specifies a list of ports
|
|
|
- ## to which the proxy CONNECT method may connect.
|
|
|
+ # The AllowConnect directive specifies a list of ports
|
|
|
+ # to which the proxy CONNECT method may connect.
|
|
|
AllowConnect 443
|
|
|
|
|
|
- ## Only ever allow incoming HTTP CONNECT requests.
|
|
|
- ## Explicitly deny other request types like GET, POST, etc.
|
|
|
- ## This tells Apache to return a 403 Forbidden if this virtual
|
|
|
- ## host receives anything other than an HTTP CONNECT.
|
|
|
+ # Only allow HTTP CONNECT requests, denying the others (GET, POST, ...).
|
|
|
<Location />
|
|
|
- <LimitExcept CONNECT>
|
|
|
- Order allow,deny
|
|
|
- Deny from all
|
|
|
- </LimitExcept>
|
|
|
+ Require method CONNECT
|
|
|
</Location>
|
|
|
|
|
|
+ # This <Proxy *> block is not really needed, but let's leave it.
|
|
|
<Proxy *>
|
|
|
- Order allow,deny
|
|
|
+ # New syntax, see https://httpd.apache.org/docs/2.4/upgrading.html
|
|
|
+ # Can't be mixed with the old "Order" and "Allow" stuff, so we stay
|
|
|
+ # with the old syntax for now...
|
|
|
+ #Require all denied
|
|
|
+
|
|
|
+ Order deny,allow
|
|
|
Deny from all
|
|
|
</Proxy>
|
|
|
|
|
|
<Proxy "*.giphy.com:443">
|
|
|
+ #Require all granted
|
|
|
+
|
|
|
+ Order allow,deny
|
|
|
Allow from all
|
|
|
</Proxy>
|
|
|
</VirtualHost>
|
|
|
|
|
|
+
|
|
|
+### Adminer (adminer.org):
|
|
|
+
|
|
|
+<VirtualHost *:443>
|
|
|
+ ServerName db.cable.im
|
|
|
+ SSLEngine On
|
|
|
+
|
|
|
+ SSLCertificateFile /etc/letsencrypt/live/db.cable.im/cert.pem
|
|
|
+ SSLCertificateKeyFile /etc/letsencrypt/live/db.cable.im/privkey.pem
|
|
|
+ Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
+ SSLCertificateChainFile /etc/letsencrypt/live/db.cable.im/chain.pem
|
|
|
+
|
|
|
+ DocumentRoot "/var/www/adminer/"
|
|
|
+
|
|
|
+ <Files ".*">
|
|
|
+ #Require all denied
|
|
|
+ Order deny,allow
|
|
|
+ Deny from all
|
|
|
+ </Files>
|
|
|
+
|
|
|
+ <Location />
|
|
|
+ AuthType Basic
|
|
|
+ AuthUserFile "/var/www/adminer/.htpasswd"
|
|
|
+ AuthName "Adminer"
|
|
|
+ Require valid-user
|
|
|
+ </Location>
|
|
|
+</VirtualHost>
|
|
|
+
|