###
### Apache configuration file for Signal-Server
###
### VirtualHost for the main service:
ServerName cable-service.cable.im
SSLEngine On
# Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.
# Nel keystore del'app Android è il root certificate della nostra CA, assicurando
# così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.
SSLCertificateFile /home/cable/certificati/whisper.crt
SSLCertificateKeyFile /home/cable/certificati/whisper.key
Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateChainFile /home/cable/certificati/whisper.crt
# Per proxare websocket (ws://) serve questa roba:
#
# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
ProxyVia On
ProxyPreserveHost On
ProxyPass / ws://127.0.0.1:4242/
ProxyPassReverse / ws://127.0.0.1:4242/
### VirtualHost for letting Twilio call back:
ServerName cable-service-ca.cable.im
SSLEngine On
# Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
# È l'hostname a cui si connette Twilio per ottenere le informazioni
# necessarie a fare la verifica del numero tramite chiamata vocale.
SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
ProxyVia On
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:4242/
ProxyPassReverse / http://127.0.0.1:4242/
### Giphy proxy:
ServerName giphy.com
ServerAlias *.giphy.com
ProxyRequests On
ProxyVia Block
# ProxyPreserveHost On
# The AllowConnect directive specifies a list of ports
# to which the proxy CONNECT method may connect.
AllowConnect 443
# Only allow HTTP CONNECT requests, denying the others (GET, POST, ...).
Require method CONNECT
# This block is not really needed, but let's leave it.
# New syntax, see https://httpd.apache.org/docs/2.4/upgrading.html
# Can't be mixed with the old "Order" and "Allow" stuff, so we stay
# with the old syntax for now...
#Require all denied
Order deny,allow
Deny from all
#Require all granted
Order allow,deny
Allow from all
### Adminer (adminer.org):
ServerName db.cable.im
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/db.cable.im/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/db.cable.im/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/db.cable.im/chain.pem
DocumentRoot "/var/www/adminer/"
#Require all denied
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile "/var/www/adminer/.htpasswd"
AuthName "Adminer"
Require valid-user