root/configs/brutus/main.conf @ master
| 4c67c9e8 | david.sorber | ||
<VirtualHost *:80>
|
|||
Redirect permanent / https://brutus.gleeze.com
|
|||
</VirtualHost>
|
|||
<VirtualHost _default_:443>
|
|||
ServerName https://brutus.gleeze.com
|
|||
ServerAdmin webmaster@localhost
|
|||
DocumentRoot /var/www
|
|||
<Directory />
|
|||
Options FollowSymLinks
|
|||
AllowOverride None
|
|||
</Directory>
|
|||
<Directory /var/www/>
|
|||
Options Indexes FollowSymLinks MultiViews
|
|||
AllowOverride None
|
|||
Require all granted
|
|||
</Directory>
|
|||
Alias /htdocs /var/htdocs
|
|||
<Directory /var/htdocs>
|
|||
Require all granted
|
|||
</Directory>
|
|||
ErrorDocument 403 /error_pages/404.html
|
|||
ErrorDocument 404 /error_pages/404.html
|
|||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|||
# Possible values include: debug, info, notice, warn, error, crit,
|
|||
# alert, emerg.
|
|||
LogLevel warn
|
|||
SSLEngine On
|
|||
#SSLCertificateFile /etc/apache2/ssl/brutus.crt
|
|||
#SSLCertificateKeyFile /etc/apache2/ssl/brutus.key
|
|||
SSLCertificateFile /etc/letsencrypt/live/brutus.gleeze.com/cert.pem
|
|||
SSLCertificateKeyFile /etc/letsencrypt/live/brutus.gleeze.com/privkey.pem
|
|||
SSLCertificateChainFile /etc/letsencrypt/live/brutus.gleeze.com/fullchain.pem
|
|||
Protocols h2 http/1.1
|
|||
# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
|
|||
SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
|
|||
SSLHonorCipherOrder on
|
|||
# Disable all SSL/TLS versions except v1.3
|
|||
SSLProtocol -all +TLSv1.3
|
|||
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|
|||
# --- Nextcloud ------------------------------------------------
|
|||
Alias /nextcloud/ "/var/www/nextcloud/"
|
|||
<Directory /var/www/nextcloud/>
|
|||
Require all granted
|
|||
AllowOverride All
|
|||
Options FollowSymLinks MultiViews
|
|||
<IfModule mod_dav.c>
|
|||
Dav off
|
|||
</IfModule>
|
|||
<IfModule mod_headers.c>
|
|||
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
|||
</IfModule>
|
|||
SetEnv HOME /var/www/nextcloud
|
|||
SetEnv HTTP_HOME /var/www/nextcloud
|
|||
</Directory>
|
|||
# --- Redmine ---------------------------------------------------
|
|||
Alias /redmine /var/www/redmine/
|
|||
<Directory /var/www/redmine/>
|
|||
Options Indexes FollowSymLinks MultiViews
|
|||
AllowOverride None
|
|||
Order allow,deny
|
|||
allow from all
|
|||
PassengerAppRoot /srv/redmine
|
|||
RailsBaseURI /redmine
|
|||
</Directory>
|
|||
# --- Redmine Git ----------------------------------------------
|
|||
PerlLoadModule Apache2::Redmine
|
|||
Alias /git /var/www/grack/public
|
|||
<Location /git>
|
|||
PassengerBaseURI /git
|
|||
PassengerAppRoot /var/www/grack
|
|||
AuthType Basic
|
|||
AuthName "Redmine git repositories"
|
|||
Require valid-user
|
|||
AuthUserFile /dev/null
|
|||
PerlAccessHandler Apache::Authn::Redmine::access_handler
|
|||
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
|
|||
#RedmineDSN "DBI:mysql:database=bitnami_redmine;host=localhost;mysql_socket=/opt/bitnami/mysql/tmp/mysql.sock"
|
|||
RedmineDSN "DBI:Pg:dbname=redmine;host=localhost"
|
|||
RedmineDbUser "redmine"
|
|||
RedmineDbPass "SemolinaPilchardPornographicPriestess"
|
|||
RedmineGitSmartHttp yes
|
|||
</Location>
|
|||
<Directory "/var/www/grack/public">
|
|||
Options None
|
|||
AllowOverride None
|
|||
<IfVersion < 2.3 >
|
|||
Order allow,deny
|
|||
Allow from all
|
|||
</IfVersion>
|
|||
<IfVersion >= 2.3>
|
|||
Require all granted
|
|||
</IfVersion>
|
|||
</Directory>
|
|||
# --- Transmission ---------------------------------------------
|
|||
ProxyRequests Off
|
|||
<Location /transmission>
|
|||
AuthType Digest
|
|||
AuthName "engine"
|
|||
AuthDigestProvider file
|
|||
AuthUserFile /home/dsorber/web_users
|
|||
Require valid-user
|
|||
ProxyPass http://127.0.0.1:9565/transmission
|
|||
ProxyPassReverse http://127.0.0.1:9565/transmission
|
|||
</Location>
|
|||
# --- ttyd -----------------------------------------------------
|
|||
#ProxyRequests Off
|
|||
<Location /terminal>
|
|||
ProxyPreserveHost On
|
|||
RewriteEngine on
|
|||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
|||
RewriteCond %{HTTP:Connection} upgrade [NC]
|
|||
RewriteRule /terminal/?(.*) "ws://127.0.0.1:9772/$1" [P,L]
|
|||
ProxyPass http://127.0.0.1:9772/
|
|||
ProxyPassReverse http://127.0.0.1:9772/
|
|||
ProxyPass ws://127.0.0.1:9772/
|
|||
ProxyPassReverse ws://127.0.0.1:9772/
|
|||
</Location>
|
|||
# --- jellyfin -------------------------------------------------
|
|||
<Location /daveflix/socket>
|
|||
ProxyPreserveHost On
|
|||
ProxyPass "ws://127.0.0.1:8096/daveflix/socket"
|
|||
ProxyPassReverse "ws://127.0.0.1:8096/daveflix/socket"
|
|||
</Location>
|
|||
<Location /daveflix>
|
|||
ProxyPass "http://127.0.0.1:8096/daveflix"
|
|||
ProxyPassReverse "http://127.0.0.1:8096/daveflix"
|
|||
</Location>
|
|||
# --- Trilium ------------------------------------------------
|
|||
<Location /trilium/>
|
|||
RewriteEngine On
|
|||
# Proxy WebSocket connections
|
|||
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
|||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
|||
RewriteRule /(.*) ws://127.0.0.1:8086/$1 [P,L]
|
|||
# Proxy standard HTTP connections
|
|||
ProxyPreserveHost On
|
|||
ProxyPass http://127.0.0.1:8086/
|
|||
ProxyPassReverse http://127.0.0.1:8086/
|
|||
RequestHeader set X-Forwarded-Proto "https"
|
|||
</Location>
|
|||
</VirtualHost>
|