funkwhale/deploy/apache.conf

# Following variables should be modified according to your setup
Define funkwhale-api http://192.168.1.199:5000
Define funkwhale-api-ws ws://192.168.1.199:5000
Define funkwhale-sn funkwhale.duckdns.org
Define MUSIC_DIRECTORY_PATH /music/directory/path


# HTTP request redirected to HTTPS
<VirtualHost *:80>
   ServerName ${funkwhale-sn}
   
   # Default is to force https
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =${funkwhale-sn}
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

   <Location "/.well-known/acme-challenge/">
      Options None
      Require all granted
   </Location>

</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443>
   ServerName ${funkwhale-sn}

   # Path to ErrorLog and access log 
   ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
   CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined

   # TLS
   # Feel free to use your own configuration for SSL here or simply remove the
   # lines and move the configuration to the previous server block if you
   # don't want to run funkwhale behind https (this is not recommanded)
   # have a look here for let's encrypt configuration:
   # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
   SSLEngine on
   SSLProxyEngine On
   SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
   Include /etc/letsencrypt/options-ssl-apache.conf


   DocumentRoot /srv/funkwhale/front/dist

   FallbackResource /index.html

   # Configure Proxy settings
   # ProxyPreserveHost pass the original Host header to the backend server
   ProxyVia On
   ProxyPreserveHost On
   <IfModule mod_remoteip.c>
      RemoteIPHeader X-Forwarded-For
   </IfModule>

   # Turning ProxyRequests on and allowing proxying from all may allow
   # spammers to use your proxy to send email. 
   ProxyRequests Off
  
   <Proxy *>    
      AddDefaultCharset off
      Order Allow,Deny
      Allow from all
      # Here you can set a password using htpasswd to protect your proxy server
      #Authtype Basic
      #Authname "Password Required"
      #AuthUserFile /etc/apache2/.htpasswd
      #Require valid-user
   </Proxy>

   # Activating WebSockets (not working)
   ProxyPass "/api/v1/instance/activity"  "ws://192.168.1.199:5000/api/v1/instance/activity"

   <Location "/api">
      # similar to nginx 'client_max_body_size 30M;'
      LimitRequestBody 31457280 

      ProxyPass ${funkwhale-api}/api
      ProxyPassReverse ${funkwhale-api}/api
   </Location>
   <Location "/federation">
      ProxyPass ${funkwhale-api}/federation
      ProxyPassReverse ${funkwhale-api}/federation
   </Location>
  
   <Location "/.well-known/webfinger">
      ProxyPass ${funkwhale-api}/.well-known/webfinger
      ProxyPassReverse ${funkwhale-api}/.well-known/webfinger
   </Location>

   Alias /media /srv/funkwhale/data/media

   Alias /staticfiles /srv/funkwhale/data/static

   # Setting appropriate access levels to serve frontend
   <Directory "/srv/funkwhale/data/static">  
      Options FollowSymLinks
      AllowOverride None  
      Require all granted
   </Directory>

   <Directory /srv/funkwhale/front/dist>
      Options FollowSymLinks
      AllowOverride None
      Require all granted
   </Directory>

   # XSendFile is serving audio files
   # WARNING : permissions on paths specified below overrides previous definition,
   # everything under those paths is potentially exposed.
   # Following directive may be needed to ensure xsendfile is loaded
   #LoadModule xsendfile_module modules/mod_xsendfile.so
   <IfModule mod_xsendfile.c>
      XSendFile On
      XSendFilePath /srv/funkwhale/data/media 
      XSendFilePath ${MUSIC_DIRECTORY_PATH}
      SetEnv MOD_X_SENDFILE_ENABLED 1
   </IfModule>

</VirtualHost>
</IfModule>
First version of Apache2 conf (transcoding, auth and ws missing) 2018-04-26 10:32:21 +00:00			`# Following variables should be modified according to your setup`
			`Define funkwhale-api http://192.168.1.199:5000`
			`Define funkwhale-api-ws ws://192.168.1.199:5000`
			`Define funkwhale-sn funkwhale.duckdns.org`
			`Define MUSIC_DIRECTORY_PATH /music/directory/path`


			`# HTTP request redirected to HTTPS`
			`<VirtualHost *:80>`
			`ServerName ${funkwhale-sn}`

			`# Default is to force https`
			`RewriteEngine on`
			`RewriteCond %{SERVER_NAME} =${funkwhale-sn}`
			`RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]`

			`<Location "/.well-known/acme-challenge/">`
			`Options None`
			`Require all granted`
			`</Location>`

			`</VirtualHost>`


			`<IfModule mod_ssl.c>`
			`<VirtualHost *:443>`
			`ServerName ${funkwhale-sn}`

			`# Path to ErrorLog and access log`
			`ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log`
			`CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined`

			`# TLS`
			`# Feel free to use your own configuration for SSL here or simply remove the`
			`# lines and move the configuration to the previous server block if you`
			`# don't want to run funkwhale behind https (this is not recommanded)`
			`# have a look here for let's encrypt configuration:`
			`# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx`
			`SSLEngine on`
			`SSLProxyEngine On`
			`SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem`
			`Include /etc/letsencrypt/options-ssl-apache.conf`


			`DocumentRoot /srv/funkwhale/front/dist`

			`FallbackResource /index.html`

			`# Configure Proxy settings`
			`# ProxyPreserveHost pass the original Host header to the backend server`
			`ProxyVia On`
			`ProxyPreserveHost On`
			`<IfModule mod_remoteip.c>`
			`RemoteIPHeader X-Forwarded-For`
			`</IfModule>`

			`# Turning ProxyRequests on and allowing proxying from all may allow`
			`# spammers to use your proxy to send email.`
			`ProxyRequests Off`

			`<Proxy *>`
			`AddDefaultCharset off`
			`Order Allow,Deny`
			`Allow from all`
			`# Here you can set a password using htpasswd to protect your proxy server`
			`#Authtype Basic`
			`#Authname "Password Required"`
			`#AuthUserFile /etc/apache2/.htpasswd`
			`#Require valid-user`
			`</Proxy>`

			`# Activating WebSockets (not working)`
			`ProxyPass "/api/v1/instance/activity" "ws://192.168.1.199:5000/api/v1/instance/activity"`

			`<Location "/api">`
			`# similar to nginx 'client_max_body_size 30M;'`
			`LimitRequestBody 31457280`

			`ProxyPass ${funkwhale-api}/api`
			`ProxyPassReverse ${funkwhale-api}/api`
			`</Location>`
			`<Location "/federation">`
			`ProxyPass ${funkwhale-api}/federation`
			`ProxyPassReverse ${funkwhale-api}/federation`
			`</Location>`

			`<Location "/.well-known/webfinger">`
			`ProxyPass ${funkwhale-api}/.well-known/webfinger`
			`ProxyPassReverse ${funkwhale-api}/.well-known/webfinger`
			`</Location>`

			`Alias /media /srv/funkwhale/data/media`

			`Alias /staticfiles /srv/funkwhale/data/static`

			`# Setting appropriate access levels to serve frontend`
			`<Directory "/srv/funkwhale/data/static">`
			`Options FollowSymLinks`
			`AllowOverride None`
			`Require all granted`
			`</Directory>`

			`<Directory /srv/funkwhale/front/dist>`
			`Options FollowSymLinks`
			`AllowOverride None`
			`Require all granted`
			`</Directory>`

			`# XSendFile is serving audio files`
			`# WARNING : permissions on paths specified below overrides previous definition,`
			`# everything under those paths is potentially exposed.`
			`# Following directive may be needed to ensure xsendfile is loaded`
			`#LoadModule xsendfile_module modules/mod_xsendfile.so`
			`<IfModule mod_xsendfile.c>`
			`XSendFile On`
			`XSendFilePath /srv/funkwhale/data/media`
			`XSendFilePath ${MUSIC_DIRECTORY_PATH}`
			`SetEnv MOD_X_SENDFILE_ENABLED 1`
			`</IfModule>`

			`</VirtualHost>`
			`</IfModule>`