1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- <VirtualHost *:443>
- ServerName cable-service-ca.cable.im
- SSLEngine On
- # Su cable-service-ca.cable.im serve un certificato valido (letsencrypt).
- # È l'hostname a cui si connette Twilio per ottenere le informazioni
- # necessarie a fare la verifica del numero tramite chiamata vocale.
- SSLCertificateFile /etc/letsencrypt/live/cable-service-ca.cable.im/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/cable-service-ca.cable.im/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
- SSLCertificateChainFile /etc/letsencrypt/live/cable-service-ca.cable.im/chain.pem
- ProxyVia On
- ProxyPreserveHost On
- ProxyPass / http://127.0.0.1:4242/
- ProxyPassReverse / http://127.0.0.1:4242/
- </VirtualHost>
- <VirtualHost *:443>
- ServerName cable-service.cable.im
- SSLEngine On
- # Per il servizio Signal vero e proprio usiamo invece il certificato self-signed.
- # Nel keystore del'app Android è il root certificate della nostra CA, assicurando
- # così che l'app riconosca come validi solo i certificati emessi dalla nostra CA.
- SSLCertificateFile /home/cable/certificati/whisper.crt
- SSLCertificateKeyFile /home/cable/certificati/whisper.key
- Include /etc/letsencrypt/options-ssl-apache.conf
- #SSLCertificateChainFile /home/cable/certificati/whisper.crt
- # Per proxare websocket (ws://) serve questa roba:
- #
- # https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
- ProxyVia On
- ProxyPreserveHost On
- ProxyPass / ws://127.0.0.1:4242/
- ProxyPassReverse / ws://127.0.0.1:4242/
- </VirtualHost>
- <VirtualHost *:80>
- ServerName giphy.com
- ServerAlias *.giphy.com
- ProxyRequests On
- ProxyVia Block
- ProxyPreserveHost On
- ## The AllowConnect directive specifies a list of ports
- ## to which the proxy CONNECT method may connect.
- AllowConnect 443
- ## Only ever allow incoming HTTP CONNECT requests.
- ## Explicitly deny other request types like GET, POST, etc.
- ## This tells Apache to return a 403 Forbidden if this virtual
- ## host receives anything other than an HTTP CONNECT.
- <Location />
- <LimitExcept CONNECT>
- Order allow,deny
- Deny from all
- </LimitExcept>
- </Location>
- <Proxy *>
- Order allow,deny
- Deny from all
- </Proxy>
- <Proxy "*.giphy.com:443">
- Allow from all
- </Proxy>
- </VirtualHost>
|