«
Previous
|
Next
»
Revision 4c67c9e8
| configs/brutus/main.conf | ||
|---|---|---|
|
|
||
|
<VirtualHost *:80>
|
||
|
Redirect permanent / https://brutus.gleeze.com
|
||
|
</VirtualHost>
|
||
|
|
||
|
<VirtualHost _default_:443>
|
||
|
ServerName https://brutus.gleeze.com
|
||
|
ServerAdmin webmaster@localhost
|
||
|
|
||
|
DocumentRoot /var/www
|
||
|
<Directory />
|
||
|
Options FollowSymLinks
|
||
|
AllowOverride None
|
||
|
</Directory>
|
||
|
<Directory /var/www/>
|
||
|
Options Indexes FollowSymLinks MultiViews
|
||
|
AllowOverride None
|
||
|
Require all granted
|
||
|
</Directory>
|
||
|
|
||
|
Alias /htdocs /var/htdocs
|
||
|
<Directory /var/htdocs>
|
||
|
Require all granted
|
||
|
</Directory>
|
||
|
|
||
|
ErrorDocument 403 /error_pages/404.html
|
||
|
ErrorDocument 404 /error_pages/404.html
|
||
|
|
||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||
|
|
||
|
# Possible values include: debug, info, notice, warn, error, crit,
|
||
|
# alert, emerg.
|
||
|
LogLevel warn
|
||
|
|
||
|
SSLEngine On
|
||
|
#SSLCertificateFile /etc/apache2/ssl/brutus.crt
|
||
|
#SSLCertificateKeyFile /etc/apache2/ssl/brutus.key
|
||
|
SSLCertificateFile /etc/letsencrypt/live/brutus.gleeze.com/cert.pem
|
||
|
SSLCertificateKeyFile /etc/letsencrypt/live/brutus.gleeze.com/privkey.pem
|
||
|
SSLCertificateChainFile /etc/letsencrypt/live/brutus.gleeze.com/fullchain.pem
|
||
|
Protocols h2 http/1.1
|
||
|
|
||
|
# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
|
||
|
SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
|
||
|
SSLHonorCipherOrder on
|
||
|
|
||
|
# Disable all SSL/TLS versions except v1.3
|
||
|
SSLProtocol -all +TLSv1.3
|
||
|
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|
||
|
|
||
|
# --- Nextcloud ------------------------------------------------
|
||
|
Alias /nextcloud/ "/var/www/nextcloud/"
|
||
|
<Directory /var/www/nextcloud/>
|
||
|
Require all granted
|
||
|
AllowOverride All
|
||
|
Options FollowSymLinks MultiViews
|
||
|
|
||
|
<IfModule mod_dav.c>
|
||
|
Dav off
|
||
|
</IfModule>
|
||
|
|
||
|
<IfModule mod_headers.c>
|
||
|
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
||
|
</IfModule>
|
||
|
|
||
|
SetEnv HOME /var/www/nextcloud
|
||
|
SetEnv HTTP_HOME /var/www/nextcloud
|
||
|
</Directory>
|
||
|
|
||
|
# --- Redmine ---------------------------------------------------
|
||
|
Alias /redmine /var/www/redmine/
|
||
|
<Directory /var/www/redmine/>
|
||
|
Options Indexes FollowSymLinks MultiViews
|
||
|
AllowOverride None
|
||
|
Order allow,deny
|
||
|
allow from all
|
||
|
PassengerAppRoot /srv/redmine
|
||
|
RailsBaseURI /redmine
|
||
|
</Directory>
|
||
|
|
||
|
# --- Redmine Git ----------------------------------------------
|
||
|
PerlLoadModule Apache2::Redmine
|
||
|
|
||
|
Alias /git /var/www/grack/public
|
||
|
<Location /git>
|
||
|
PassengerBaseURI /git
|
||
|
PassengerAppRoot /var/www/grack
|
||
|
|
||
|
AuthType Basic
|
||
|
AuthName "Redmine git repositories"
|
||
|
Require valid-user
|
||
|
AuthUserFile /dev/null
|
||
|
|
||
|
PerlAccessHandler Apache::Authn::Redmine::access_handler
|
||
|
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
|
||
|
#RedmineDSN "DBI:mysql:database=bitnami_redmine;host=localhost;mysql_socket=/opt/bitnami/mysql/tmp/mysql.sock"
|
||
|
RedmineDSN "DBI:Pg:dbname=redmine;host=localhost"
|
||
|
RedmineDbUser "redmine"
|
||
|
RedmineDbPass "SemolinaPilchardPornographicPriestess"
|
||
|
RedmineGitSmartHttp yes
|
||
|
</Location>
|
||
|
|
||
|
<Directory "/var/www/grack/public">
|
||
|
Options None
|
||
|
AllowOverride None
|
||
|
<IfVersion < 2.3 >
|
||
|
Order allow,deny
|
||
|
Allow from all
|
||
|
</IfVersion>
|
||
|
<IfVersion >= 2.3>
|
||
|
Require all granted
|
||
|
</IfVersion>
|
||
|
</Directory>
|
||
|
|
||
|
# --- Transmission ---------------------------------------------
|
||
|
ProxyRequests Off
|
||
|
<Location /transmission>
|
||
|
AuthType Digest
|
||
|
AuthName "engine"
|
||
|
AuthDigestProvider file
|
||
|
AuthUserFile /home/dsorber/web_users
|
||
|
Require valid-user
|
||
|
ProxyPass http://127.0.0.1:9565/transmission
|
||
|
ProxyPassReverse http://127.0.0.1:9565/transmission
|
||
|
</Location>
|
||
|
|
||
|
# --- ttyd -----------------------------------------------------
|
||
|
#ProxyRequests Off
|
||
|
<Location /terminal>
|
||
|
ProxyPreserveHost On
|
||
|
RewriteEngine on
|
||
|
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||
|
RewriteCond %{HTTP:Connection} upgrade [NC]
|
||
|
RewriteRule /terminal/?(.*) "ws://127.0.0.1:9772/$1" [P,L]
|
||
|
ProxyPass http://127.0.0.1:9772/
|
||
|
ProxyPassReverse http://127.0.0.1:9772/
|
||
|
ProxyPass ws://127.0.0.1:9772/
|
||
|
ProxyPassReverse ws://127.0.0.1:9772/
|
||
|
</Location>
|
||
|
|
||
|
# --- jellyfin -------------------------------------------------
|
||
|
<Location /daveflix/socket>
|
||
|
ProxyPreserveHost On
|
||
|
ProxyPass "ws://127.0.0.1:8096/daveflix/socket"
|
||
|
ProxyPassReverse "ws://127.0.0.1:8096/daveflix/socket"
|
||
|
</Location>
|
||
|
<Location /daveflix>
|
||
|
ProxyPass "http://127.0.0.1:8096/daveflix"
|
||
|
ProxyPassReverse "http://127.0.0.1:8096/daveflix"
|
||
|
</Location>
|
||
|
|
||
|
# --- Trilium ------------------------------------------------
|
||
|
<Location /trilium/>
|
||
|
RewriteEngine On
|
||
|
|
||
|
# Proxy WebSocket connections
|
||
|
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
||
|
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||
|
RewriteRule /(.*) ws://127.0.0.1:8086/$1 [P,L]
|
||
|
|
||
|
# Proxy standard HTTP connections
|
||
|
ProxyPreserveHost On
|
||
|
ProxyPass http://127.0.0.1:8086/
|
||
|
ProxyPassReverse http://127.0.0.1:8086/
|
||
|
|
||
|
RequestHeader set X-Forwarded-Proto "https"
|
||
|
</Location>
|
||
|
|
||
|
</VirtualHost>
|
||
Adding current brutus Apache config.