d0a997643b
Built assets are fetched using path like this: `/assets/foo-a1b2c3.js`. Apache failed to serve those, as it was missing disabling the proxy pass for the static assets folder. This commit adds the necessary configuration for properly serving the static assets. Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/2699>
148 lines
4.5 KiB
ApacheConf
148 lines
4.5 KiB
ApacheConf
# Following variables MUST be modified according to your setup
|
|
Define funkwhale-sn funkwhale.yourdomain.com
|
|
|
|
# Following variables should be modified according to your setup and if you
|
|
# use different configuration than what is described in our installation guide.
|
|
Define funkwhale-api http://localhost:5000
|
|
Define funkwhale-api-ws ws://localhost:5000
|
|
Define FUNKWHALE_ROOT_PATH /srv/funkwhale
|
|
Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/music
|
|
Define MEDIA_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/media
|
|
|
|
# HTTP requests redirected to HTTPS
|
|
<VirtualHost *:80>
|
|
ServerName ${funkwhale-sn}
|
|
|
|
# Default is to force https
|
|
RewriteEngine on
|
|
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
|
|
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
|
|
|
|
<Location "/.well-known/acme-challenge/">
|
|
Options None
|
|
Require all granted
|
|
</Location>
|
|
</VirtualHost>
|
|
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName ${funkwhale-sn}
|
|
|
|
# Path to ErrorLog and access log
|
|
ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
|
|
|
|
# TLS
|
|
# Feel free to use your own configuration for SSL here or simply remove the
|
|
# lines and move the configuration to the previous server block if you
|
|
# don't want to run funkwhale behind https (this is not recommended)
|
|
# have a look here for let's encrypt configuration:
|
|
# https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
|
|
SSLEngine on
|
|
SSLProxyEngine On
|
|
SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
|
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
|
|
# Tell the api that the client is using https
|
|
RequestHeader set X-Forwarded-Proto "https"
|
|
|
|
# Configure Proxy settings
|
|
# ProxyPreserveHost pass the original Host header to the backend server
|
|
ProxyVia On
|
|
ProxyPreserveHost On
|
|
<IfModule mod_remoteip.c>
|
|
RemoteIPHeader X-Forwarded-For
|
|
</IfModule>
|
|
|
|
# Turning ProxyRequests on and allowing proxying from all may allow
|
|
# spammers to use your proxy to send e-mail.
|
|
ProxyRequests Off
|
|
|
|
<Proxy *>
|
|
AddDefaultCharset off
|
|
Order Allow,Deny
|
|
Allow from all
|
|
</Proxy>
|
|
|
|
<Location "/">
|
|
# similar to nginx 'client_max_body_size 100M;'
|
|
LimitRequestBody 104857600
|
|
|
|
ProxyPass ${funkwhale-api}/
|
|
ProxyPassReverse ${funkwhale-api}/
|
|
</Location>
|
|
<Location "/federation">
|
|
ProxyPass ${funkwhale-api}/federation
|
|
ProxyPassReverse ${funkwhale-api}/federation
|
|
</Location>
|
|
|
|
# You can comment this if you don't plan to use the Subsonic API
|
|
<Location "/rest">
|
|
ProxyPass ${funkwhale-api}/api/subsonic/rest
|
|
ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
|
|
</Location>
|
|
|
|
<Location "/.well-known/">
|
|
ProxyPass ${funkwhale-api}/.well-known/
|
|
ProxyPassReverse ${funkwhale-api}/.well-known/
|
|
</Location>
|
|
|
|
<Location "/front">
|
|
ProxyPass "!"
|
|
</Location>
|
|
Alias /front ${FUNKWHALE_ROOT_PATH}/front/dist
|
|
|
|
<Location "/assets">
|
|
ProxyPass "!"
|
|
</Location>
|
|
Alias /assets ${FUNKWHALE_ROOT_PATH}/front/dist/assets
|
|
|
|
<Location "/media">
|
|
ProxyPass "!"
|
|
</Location>
|
|
Alias /media ${MEDIA_DIRECTORY_PATH}
|
|
|
|
<Location "/staticfiles">
|
|
ProxyPass "!"
|
|
</Location>
|
|
Alias /staticfiles ${FUNKWHALE_ROOT_PATH}/data/static
|
|
|
|
# Activating WebSockets
|
|
<Location "/api/v1/activity">
|
|
ProxyPass ${funkwhale-api-ws}/api/v1/activity
|
|
</Location>
|
|
|
|
# Setting appropriate access levels to serve frontend
|
|
<Directory "${FUNKWHALE_ROOT_PATH}/data/static">
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory "${FUNKWHALE_ROOT_PATH}/front/dist">
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory "${MEDIA_DIRECTORY_PATH}">
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
# XSendFile is serving audio files
|
|
# WARNING : permissions on paths specified below overrides previous definition,
|
|
# everything under those paths is potentially exposed.
|
|
# Following directive may be needed to ensure xsendfile is loaded
|
|
#LoadModule xsendfile_module modules/mod_xsendfile.so
|
|
<IfModule mod_xsendfile.c>
|
|
XSendFile On
|
|
XSendFilePath ${MEDIA_DIRECTORY_PATH}
|
|
XSendFilePath ${MUSIC_DIRECTORY_PATH}
|
|
SetEnv MOD_X_SENDFILE_ENABLED 1
|
|
</IfModule>
|
|
</VirtualHost>
|
|
</IfModule>
|