123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 |
- ###
- ### Apache configuration file for Signal-Server
- ###
- ### VirtualHost for the main service:
- <VirtualHost *:443>
- ServerName cable-service.cable.im
- SSLEngine On
- # Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.
- # Nel keystore del'app Android è il root certificate della nostra CA, assicurando
- # così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.
- SSLCertificateFile /home/cable/certificati/whisper.crt
- SSLCertificateKeyFile /home/cable/certificati/whisper.key
- Include /etc/letsencrypt/options-ssl-apache.conf
- #SSLCertificateChainFile /home/cable/certificati/whisper.crt
- # Per proxare websocket (ws://) serve questa roba:
- #
- # https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
- ProxyVia On
- ProxyPreserveHost On
- ProxyPass / ws://127.0.0.1:4242/
- ProxyPassReverse / ws://127.0.0.1:4242/
- </VirtualHost>
- ### VirtualHost for letting Twilio call back:
- <VirtualHost *:443>
- ServerName cable-service-ca.cable.im
- SSLEngine On
- # Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
- # È l'hostname a cui si connette Twilio per ottenere le informazioni
- # necessarie a fare la verifica del numero tramite chiamata vocale.
- SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
- SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
- ProxyVia On
- ProxyPreserveHost On
- ProxyPass / http://127.0.0.1:4242/
- ProxyPassReverse / http://127.0.0.1:4242/
- </VirtualHost>
- ### Giphy proxy:
- <VirtualHost *:80>
- ServerName giphy.com
- ServerAlias *.giphy.com
- ProxyRequests On
- # The AllowConnect directive specifies a list of ports
- # to which the proxy CONNECT method may connect.
- AllowConnect 443
- # Only allow HTTP CONNECT requests, denying the others (GET, POST, ...).
- <Location />
- Require method CONNECT
- </Location>
- # This <Proxy *> block is not really needed, but let's leave it.
- <Proxy *>
- # New syntax, see https://httpd.apache.org/docs/2.4/upgrading.html
- # Can't be mixed with the old "Order" and "Allow" stuff, so we stay
- # with the old syntax for now...
- #Require all denied
- Order deny,allow
- Deny from all
- </Proxy>
- <Proxy "*.giphy.com:443">
- #Require all granted
- Order allow,deny
- Allow from all
- </Proxy>
- </VirtualHost>
- ### Adminer (adminer.org):
- <VirtualHost *:443>
- ServerName db.cable.im
- SSLEngine On
- SSLCertificateFile /etc/letsencrypt/live/db.cable.im/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/db.cable.im/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
- SSLCertificateChainFile /etc/letsencrypt/live/db.cable.im/chain.pem
- DocumentRoot "/var/www/adminer/"
- <Directory />
- AuthType Basic
- AuthUserFile "/var/www/adminer/.htpasswd"
- AuthName "Adminer"
- Require valid-user
- </Directory>
- <Files ".*">
- #Require all denied
- Order deny,allow
- Deny from all
- </Files>
- </VirtualHost>
|