torn
/
cable-service


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374
							<VirtualHost *:443>
	ServerName cable-service-ca.cable.im
	SSLEngine On

	# Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
	# È l'hostname a cui si connette Twilio per ottenere le informazioni
	# necessarie a fare la verifica del numero tramite chiamata vocale.

	SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem

	ProxyVia On
	ProxyPreserveHost On
	ProxyPass / http://127.0.0.1:4242/
	ProxyPassReverse / http://127.0.0.1:4242/
</VirtualHost>

<VirtualHost *:443>
	ServerName cable-service.cable.im
	SSLEngine On

	# Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.
	# Nel keystore del'app Android è il root certificate della nostra CA, assicurando
	# così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.

	SSLCertificateFile /home/cable/certificati/whisper.crt
	SSLCertificateKeyFile /home/cable/certificati/whisper.key
	Include /etc/letsencrypt/options-ssl-apache.conf
	#SSLCertificateChainFile /home/cable/certificati/whisper.crt

	# Per proxare websocket (ws://) serve questa roba:
	#
	# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html

	ProxyVia On
	ProxyPreserveHost On
	ProxyPass / ws://127.0.0.1:4242/
	ProxyPassReverse / ws://127.0.0.1:4242/
</VirtualHost>

<VirtualHost *:80>
	ServerName giphy.com
	ServerAlias *.giphy.com
	ProxyRequests On
	ProxyVia Block
	ProxyPreserveHost On

	## The AllowConnect directive specifies a list of ports
	## to which the proxy CONNECT method may connect.
	AllowConnect 443

	## Only ever allow incoming HTTP CONNECT requests.
	## Explicitly deny other request types like GET, POST, etc.
	## This tells Apache to return a 403 Forbidden if this virtual
	## host receives anything other than an HTTP CONNECT.
	<Location />
		<LimitExcept CONNECT>
			Order allow,deny
			Deny from all
		</LimitExcept>
	</Location>

	<Proxy *>
		Order allow,deny
		Deny from all
	</Proxy>

	<Proxy "*.giphy.com:443">
		Allow from all
	</Proxy>
</VirtualHost>