|
@@ -0,0 +1,74 @@
|
|
|
+<VirtualHost *:443>
|
|
|
+ ServerName cable-service-ca.cable.im
|
|
|
+ SSLEngine On
|
|
|
+
|
|
|
+ # Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
|
|
|
+ # È l'hostname a cui si connette Twilio per ottenere le informazioni
|
|
|
+ # necessarie a fare la verifica del numero tramite chiamata vocale.
|
|
|
+
|
|
|
+ SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
|
|
|
+ SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
|
|
|
+ Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
+ SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
|
|
|
+
|
|
|
+ ProxyVia On
|
|
|
+ ProxyPreserveHost On
|
|
|
+ ProxyPass / http://127.0.0.1:4242/
|
|
|
+ ProxyPassReverse / http://127.0.0.1:4242/
|
|
|
+</VirtualHost>
|
|
|
+
|
|
|
+<VirtualHost *:443>
|
|
|
+ ServerName cable-service.cable.im
|
|
|
+ SSLEngine On
|
|
|
+
|
|
|
+ # Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.
|
|
|
+ # Nel keystore del'app Android è il root certificate della nostra CA, assicurando
|
|
|
+ # così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.
|
|
|
+
|
|
|
+ SSLCertificateFile /home/cable/certificati/whisper.crt
|
|
|
+ SSLCertificateKeyFile /home/cable/certificati/whisper.key
|
|
|
+ Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
+ #SSLCertificateChainFile /home/cable/certificati/whisper.crt
|
|
|
+
|
|
|
+ # Per proxare websocket (ws://) serve questa roba:
|
|
|
+ #
|
|
|
+ # https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
|
|
|
+
|
|
|
+ ProxyVia On
|
|
|
+ ProxyPreserveHost On
|
|
|
+ ProxyPass / ws://127.0.0.1:4242/
|
|
|
+ ProxyPassReverse / ws://127.0.0.1:4242/
|
|
|
+</VirtualHost>
|
|
|
+
|
|
|
+<VirtualHost *:80>
|
|
|
+ ServerName giphy.com
|
|
|
+ ServerAlias *.giphy.com
|
|
|
+ ProxyRequests On
|
|
|
+ ProxyVia Block
|
|
|
+ ProxyPreserveHost On
|
|
|
+
|
|
|
+ ## The AllowConnect directive specifies a list of ports
|
|
|
+ ## to which the proxy CONNECT method may connect.
|
|
|
+ AllowConnect 443
|
|
|
+
|
|
|
+ ## Only ever allow incoming HTTP CONNECT requests.
|
|
|
+ ## Explicitly deny other request types like GET, POST, etc.
|
|
|
+ ## This tells Apache to return a 403 Forbidden if this virtual
|
|
|
+ ## host receives anything other than an HTTP CONNECT.
|
|
|
+ <Location />
|
|
|
+ <LimitExcept CONNECT>
|
|
|
+ Order allow,deny
|
|
|
+ Deny from all
|
|
|
+ </LimitExcept>
|
|
|
+ </Location>
|
|
|
+
|
|
|
+ <Proxy *>
|
|
|
+ Order allow,deny
|
|
|
+ Deny from all
|
|
|
+ </Proxy>
|
|
|
+
|
|
|
+ <Proxy "*.giphy.com:443">
|
|
|
+ Allow from all
|
|
|
+ </Proxy>
|
|
|
+</VirtualHost>
|
|
|
+
|