|
@@ -15,16 +15,39 @@
|
|
|
SSLCertificateFile /home/cable/certificati/whisper.crt
|
|
|
SSLCertificateKeyFile /home/cable/certificati/whisper.key
|
|
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
- #SSLCertificateChainFile /home/cable/certificati/whisper.crt
|
|
|
+ #SSLCACertificateFile /home/cable/certificati/rootCA.crt
|
|
|
+
|
|
|
+ # Doesn't make sense for self-signed certificates:
|
|
|
+ SSLUseStapling Off
|
|
|
|
|
|
# Per proxare websocket (ws://) serve questa roba:
|
|
|
- #
|
|
|
# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
|
|
|
+ #
|
|
|
+ # Con ProxyPass non sono riuscito a fare il proxy http+websocket.
|
|
|
+ # Ho provato con solo "ProxyPass ws://127.0.0.1:4242/" e anche
|
|
|
+ # mettendo un ProxyPass per http:// e uno per ws://, non va.
|
|
|
+ # Alla fine ho trovato la soluzione usando mod_rewrite leggendo
|
|
|
+ # di gente che ha avuto lo stesso problema (con altri software):
|
|
|
+ #
|
|
|
+ # https://stackoverflow.com/questions/27526281/websockets-and-apache-proxy-how-to-configure-mod-proxy-wstunnel
|
|
|
+ #
|
|
|
+ # Forse non ottimale, ma comunque in produzione lo farei con nginx...
|
|
|
|
|
|
- ProxyVia On
|
|
|
- ProxyPreserveHost On
|
|
|
- ProxyPass / ws://127.0.0.1:4242/
|
|
|
- ProxyPassReverse / ws://127.0.0.1:4242/
|
|
|
+ RewriteEngine On
|
|
|
+ RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
|
|
+ RewriteRule /(.*) ws://127.0.0.1:4242/$1 [P,L]
|
|
|
+ RewriteCond %{HTTP:Upgrade} !=websocket [NC]
|
|
|
+ RewriteRule /(.*) http://127.0.0.1:4242/$1 [P,L]
|
|
|
+
|
|
|
+ ProxyPassReverse / http://127.0.0.1:4242/
|
|
|
+
|
|
|
+ CustomLog "/var/log/httpd/cable/cable-service.cable.im.access.log" combined
|
|
|
+ ErrorLog "/var/log/httpd/cable/cable-service.cable.im.error.log"
|
|
|
+ LogLevel warn
|
|
|
+
|
|
|
+ # Production:
|
|
|
+ #CustomLog "/dev/null"
|
|
|
+ #ErrorLog "/dev/null"
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
@@ -47,6 +70,14 @@
|
|
|
ProxyPreserveHost On
|
|
|
ProxyPass / http://127.0.0.1:4242/
|
|
|
ProxyPassReverse / http://127.0.0.1:4242/
|
|
|
+
|
|
|
+ CustomLog "/var/log/httpd/cable/cable-service-ca.cable.im.access.log" combined
|
|
|
+ ErrorLog "/var/log/httpd/cable/cable-service-ca.cable.im.error.log"
|
|
|
+ LogLevel warn
|
|
|
+
|
|
|
+ # Production:
|
|
|
+ #CustomLog "/dev/null"
|
|
|
+ #ErrorLog "/dev/null"
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
@@ -83,6 +114,14 @@
|
|
|
Order allow,deny
|
|
|
Allow from all
|
|
|
</Proxy>
|
|
|
+
|
|
|
+ CustomLog "/var/log/httpd/cable/giphy-proxy.cable.im.access.log" combined
|
|
|
+ ErrorLog "/var/log/httpd/cable/giphy-proxy.cable.im.error.log"
|
|
|
+ LogLevel warn
|
|
|
+
|
|
|
+ # Production:
|
|
|
+ #CustomLog "/dev/null"
|
|
|
+ #ErrorLog "/dev/null"
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
@@ -99,7 +138,7 @@
|
|
|
|
|
|
DocumentRoot "/var/www/adminer/"
|
|
|
|
|
|
- <Directory />
|
|
|
+ <Directory /var/www/adminer/>
|
|
|
AuthType Basic
|
|
|
AuthUserFile "/var/www/adminer/.htpasswd"
|
|
|
AuthName "Adminer"
|
|
@@ -111,5 +150,35 @@
|
|
|
Order deny,allow
|
|
|
Deny from all
|
|
|
</Files>
|
|
|
+
|
|
|
+ CustomLog "/var/log/httpd/cable/db.cable.im.access.log" combined
|
|
|
+ ErrorLog "/var/log/httpd/cable/db.cable.im.error.log"
|
|
|
+ LogLevel warn
|
|
|
+</VirtualHost>
|
|
|
+
|
|
|
+
|
|
|
+### Minio
|
|
|
+
|
|
|
+<VirtualHost *:443>
|
|
|
+ ServerName s3.cable.im
|
|
|
+ SSLEngine On
|
|
|
+
|
|
|
+ SSLCertificateFile /etc/letsencrypt/live/s3.cable.im/cert.pem
|
|
|
+ SSLCertificateKeyFile /etc/letsencrypt/live/s3.cable.im/privkey.pem
|
|
|
+ Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
+ SSLCertificateChainFile /etc/letsencrypt/live/s3.cable.im/chain.pem
|
|
|
+
|
|
|
+ ProxyVia On
|
|
|
+ ProxyPreserveHost On
|
|
|
+ ProxyPass / http://127.0.0.1:9000/
|
|
|
+ ProxyPassReverse / http://127.0.0.1:9000/
|
|
|
+
|
|
|
+ CustomLog "/var/log/httpd/cable/s3.cable.im.access.log" combined
|
|
|
+ ErrorLog "/var/log/httpd/cable/s3.cable.im.error.log"
|
|
|
+ LogLevel warn
|
|
|
+
|
|
|
+ # Production:
|
|
|
+ #CustomLog "/dev/null"
|
|
|
+ #ErrorLog "/dev/null"
|
|
|
</VirtualHost>
|
|
|
|