###
### Apache configuration file for Signal-Server
###
### VirtualHost for the main service:
ServerName cable-service.cable.im
SSLEngine On
# Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.
# Nel keystore del'app Android è il root certificate della nostra CA, assicurando
# così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.
SSLCertificateFile /home/cable/certificati/whisper.crt
SSLCertificateKeyFile /home/cable/certificati/whisper.key
Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCACertificateFile /home/cable/certificati/rootCA.crt
# Doesn't make sense for self-signed certificates:
SSLUseStapling Off
# Per proxare websocket (ws://) serve questa roba:
# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
#
# Con ProxyPass non sono riuscito a fare il proxy http+websocket.
# Ho provato con solo "ProxyPass ws://127.0.0.1:4242/" e anche
# mettendo un ProxyPass per http:// e uno per ws://, non va.
# Alla fine ho trovato la soluzione usando mod_rewrite leggendo
# di gente che ha avuto lo stesso problema (con altri software):
#
# https://stackoverflow.com/questions/27526281/websockets-and-apache-proxy-how-to-configure-mod-proxy-wstunnel
#
# Forse non ottimale, ma comunque in produzione lo farei con nginx...
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:4242/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://127.0.0.1:4242/$1 [P,L]
ProxyPassReverse / http://127.0.0.1:4242/
CustomLog "/var/log/httpd/cable/cable-service.cable.im.access.log" combined
ErrorLog "/var/log/httpd/cable/cable-service.cable.im.error.log"
LogLevel warn
# Production:
#CustomLog "/dev/null"
#ErrorLog "/dev/null"
### VirtualHost for letting Twilio call back:
ServerName cable-service-ca.cable.im
SSLEngine On
# Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
# È l'hostname a cui si connette Twilio per ottenere le informazioni
# necessarie a fare la verifica del numero tramite chiamata vocale.
SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
ProxyVia On
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:4242/
ProxyPassReverse / http://127.0.0.1:4242/
CustomLog "/var/log/httpd/cable/cable-service-ca.cable.im.access.log" combined
ErrorLog "/var/log/httpd/cable/cable-service-ca.cable.im.error.log"
LogLevel warn
# Production:
#CustomLog "/dev/null"
#ErrorLog "/dev/null"
### Giphy proxy:
ServerName giphy.com
ServerAlias *.giphy.com
ProxyRequests On
# The AllowConnect directive specifies a list of ports
# to which the proxy CONNECT method may connect.
AllowConnect 443
# Only allow HTTP CONNECT requests, denying the others (GET, POST, ...).
Require method CONNECT
# This block is not really needed, but let's leave it.
# New syntax, see https://httpd.apache.org/docs/2.4/upgrading.html
# Can't be mixed with the old "Order" and "Allow" stuff, so we stay
# with the old syntax for now...
#Require all denied
Order deny,allow
Deny from all
#Require all granted
Order allow,deny
Allow from all
CustomLog "/var/log/httpd/cable/giphy-proxy.cable.im.access.log" combined
ErrorLog "/var/log/httpd/cable/giphy-proxy.cable.im.error.log"
LogLevel warn
# Production:
#CustomLog "/dev/null"
#ErrorLog "/dev/null"
### Adminer (adminer.org):
ServerName db.cable.im
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/db.cable.im/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/db.cable.im/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/db.cable.im/chain.pem
DocumentRoot "/var/www/adminer/"
AuthType Basic
AuthUserFile "/var/www/adminer/.htpasswd"
AuthName "Adminer"
Require valid-user
#Require all denied
Order deny,allow
Deny from all
CustomLog "/var/log/httpd/cable/db.cable.im.access.log" combined
ErrorLog "/var/log/httpd/cable/db.cable.im.error.log"
LogLevel warn
### Minio
ServerName s3.cable.im
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/s3.cable.im/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/s3.cable.im/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/s3.cable.im/chain.pem
ProxyVia On
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
CustomLog "/var/log/httpd/cable/s3.cable.im.access.log" combined
ErrorLog "/var/log/httpd/cable/s3.cable.im.error.log"
LogLevel warn
# Production:
#CustomLog "/dev/null"
#ErrorLog "/dev/null"