mirror of
https://github.com/EDCD/EDDN.git
synced 2025-04-23 12:00:29 +03:00
0e8e22a146
As we've changed things to default to *not* doing TLS on the actual services, and thus relying on reverse proxying of all the relevant end points, this needed updating. Not yet tested, that will come when I put this on dev.eddn.edcd.io.
237 lines
7.2 KiB
ApacheConf
237 lines
7.2 KiB
ApacheConf
# vim: :filetype=apache tabstop=4 shiftwidth=4 expandtab
|
|
|
|
###########################################################################
|
|
#
|
|
# Read **ALL** the comments in this file, don't blindly use it!
|
|
#
|
|
# Be sure to replace 'YOUROWN.eddn.edcd.io' with your hostname.
|
|
#
|
|
# Also edit the DocumentRoot and related statements if you use a
|
|
# different path.
|
|
#
|
|
# Ensure the CustomLog directory actually exists, else apache will not
|
|
# start, or die on a restart/reload.
|
|
#
|
|
###########################################################################
|
|
|
|
## YOUROWN.eddn.edcd.io
|
|
<VirtualHost *:80>
|
|
ServerName YOUROWN.eddn.edcd.io
|
|
|
|
DocumentRoot /home/eddn/.local/share/eddn/dev
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/YOUROWN.eddn.edcd.io/error.log
|
|
# Possible values include: debug, info, notice, warn, error, crit,
|
|
# alert, emerg.
|
|
LogLevel warn
|
|
CustomLog ${APACHE_LOG_DIR}/YOUROWN.eddn.edcd.io/access.log combined
|
|
|
|
# Comment these out when initially requesting a LetsEncrypt cert
|
|
Redirect / https://YOUROWN.eddn.edcd.io/
|
|
RedirectMatch "/^(.*)$" "https://YOUROWN.eddn.edcd.io/$1"
|
|
|
|
# LetsEncrypt
|
|
Alias /.well-known/ /var/www/letsencrypt/.well-known/
|
|
<Directory /var/www/letsencrypt/.well-known/>
|
|
Options -Indexes
|
|
</Directory>
|
|
|
|
<Directory /home/eddn/.local/share/eddn/dev>
|
|
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
|
AllowOverride All
|
|
<Limit GET POST OPTIONS>
|
|
Require all granted
|
|
</Limit>
|
|
<LimitExcept GET POST OPTIONS>
|
|
Require all denied
|
|
</LimitExcept>
|
|
|
|
Include partials/default-directory.conf
|
|
</Directory>
|
|
|
|
</VirtualHost>
|
|
|
|
# This will need to be commented out/disabled for initial LetsEncrypt
|
|
# certificate request, as you don't have the certificate yet!
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
SSLEngine On
|
|
SSLCertificateFile /etc/letsencrypt/live/YOUROWN.eddn.edcd.io/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/YOUROWN.eddn.edcd.io/privkey.pem
|
|
|
|
ServerName YOUROWN.eddn.edcd.io
|
|
|
|
DocumentRoot /home/eddn/.local/share/eddn/YOUROWN/monitor
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/YOUROWN.eddn.edcd.io/error.log
|
|
# Possible values include: debug, info, notice, warn, error, crit,
|
|
# alert, emerg.
|
|
LogLevel warn
|
|
CustomLog ${APACHE_LOG_DIR}/YOUROWN.eddn.edcd.io/access.log combined
|
|
|
|
# LetsEncrypt
|
|
Alias /.well-known/ /var/www/letsencrypt/.well-known/
|
|
<Directory /var/www/letsencrypt/.well-known/>
|
|
Options -Indexes
|
|
</Directory>
|
|
|
|
<Directory /home/eddn/.local/share/eddn/dev>
|
|
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
|
AllowOverride All
|
|
<Limit GET POST OPTIONS>
|
|
Require all granted
|
|
</Limit>
|
|
<LimitExcept GET POST OPTIONS>
|
|
Require all denied
|
|
</LimitExcept>
|
|
</Directory>
|
|
|
|
# Serve the schemas
|
|
Alias /schemas/ /home/eddn/.local/share/eddn/YOUROWN/schemas/
|
|
|
|
# netdata (performance info)
|
|
<IfModule mod_alias.c>
|
|
Redirect /netdata /netdata/
|
|
</IfModule>
|
|
<LocationMatch /netdata*>
|
|
SetOutputFilter DEFLATE
|
|
|
|
<Limit GET POST OPTIONS>
|
|
Require all granted
|
|
</Limit>
|
|
<LimitExcept GET POST OPTIONS>
|
|
Require all denied
|
|
</LimitExcept>
|
|
</LocationMatch>
|
|
|
|
# /netdata/ - for the host performance stats
|
|
<IfModule mod_proxy.c>
|
|
SSLProxyEngine On
|
|
SSLProxyVerify none
|
|
ProxyPreserveHost On
|
|
|
|
# Yes, plain http for this.
|
|
ProxyPass "/netdata/" "http://127.0.0.1:19999/"
|
|
</IfModule>
|
|
|
|
# The various EDDN stats/status endpoints
|
|
<IfModule mod_proxy.c>
|
|
####################################
|
|
# Only uncomment the following if you are setting non-empty
|
|
# CERT_FILE, and KEY_FILE in the main EDDN config.json
|
|
####################################
|
|
# SSLProxyEngine On
|
|
# SSLProxyVerify none
|
|
####################################
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
|
|
####################################
|
|
# Monitor, /getSoftwares/ etc
|
|
####################################
|
|
<Location "/monitor/">
|
|
# Plain http if setting **empty** CERT_FILE and KEY_FILE in
|
|
# the EDDN config.json, else https.
|
|
ProxyPass "http://127.0.0.1:9091/"
|
|
</Location>
|
|
####################################
|
|
|
|
####################################
|
|
# Relay, /getSoftwares/ etc
|
|
####################################
|
|
<Location "/relay/">
|
|
# Plain http if setting **empty** CERT_FILE and KEY_FILE in
|
|
# the EDDN config.json, else https.
|
|
ProxyPass "http://127.0.0.1:9091/"
|
|
</Location>
|
|
####################################
|
|
|
|
####################################
|
|
# Gateway /stats/ and /health_check/
|
|
####################################
|
|
# May as well allow for /upload/ on this port as well
|
|
<Location "/upload/">
|
|
# Plain http if setting **empty** CERT_FILE and KEY_FILE in
|
|
# the EDDN config.json, else https.
|
|
ProxyPass "http://127.0.0.1:8081/upload/"
|
|
</Location>
|
|
|
|
<Location "/stats/">
|
|
# Plain http if setting **empty** CERT_FILE and KEY_FILE in
|
|
# the EDDN config.json, else https.
|
|
ProxyPass "http://127.0.0.1:8081/stats/"
|
|
</Location>
|
|
|
|
<Location "/health_check/">
|
|
# Plain http if setting **empty** CERT_FILE and KEY_FILE in
|
|
# the EDDN config.json, else https.
|
|
ProxyPass "http://127.0.0.1:8081/health_check/"
|
|
</Location>
|
|
####################################
|
|
|
|
</IfModule>
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|
|
|
|
# This handles the uploads on port 4430
|
|
<IfModule mod_ssl.c>
|
|
# This will need to be commented out/disabled for initial LetsEncrypt
|
|
# certificate request, as you don't have the certificate yet!
|
|
# You also need to ensure `Listen 4430` is in ports.conf
|
|
<VirtualHost *:4430>
|
|
SSLEngine On
|
|
SSLCertificateFile /etc/letsencrypt/live/YOUROWN.eddn.edcd.io/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/YOUROWN.eddn.edcd.io/privkey.pem
|
|
|
|
ServerName YOUROWN.eddn.edcd.io
|
|
|
|
DocumentRoot /home/eddn/.local/share/eddn/YOUROWN/monitor
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/YOUROWN.eddn.edcd.io/error.log
|
|
# Possible values include: debug, info, notice, warn, error, crit,
|
|
# alert, emerg.
|
|
LogLevel warn
|
|
CustomLog ${APACHE_LOG_DIR}/YOUROWN.eddn.edcd.io/access.log combined
|
|
|
|
# LetsEncrypt
|
|
Alias /.well-known/ /var/www/letsencrypt/.well-known/
|
|
<Directory /var/www/letsencrypt/.well-known/>
|
|
Options -Indexes
|
|
</Directory>
|
|
|
|
|
|
<LocationMatch /*>
|
|
<Limit GET POST OPTIONS>
|
|
Require all granted
|
|
</Limit>
|
|
<LimitExcept GET POST OPTIONS>
|
|
Require all denied
|
|
</LimitExcept>
|
|
</LocationMatch>
|
|
<IfModule mod_proxy.c>
|
|
####################################
|
|
# Only uncomment the following if you are setting non-empty
|
|
# CERT_FILE, and KEY_FILE in the main EDDN config.json
|
|
####################################
|
|
# SSLProxyEngine On
|
|
# SSLProxyVerify none
|
|
####################################
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
|
|
####################################
|
|
# Gateway /upload/
|
|
####################################
|
|
<Location "/upload/">
|
|
# Plain http if setting **empty** CERT_FILE and KEY_FILE in
|
|
# the EDDN config.json, else https.
|
|
ProxyPass "http://127.0.0.1:8081/upload/"
|
|
</Location>
|
|
####################################
|
|
|
|
</IfModule>
|
|
</VirtualHost>
|
|
</IfModule>
|
|
|