Created
August 13, 2023 21:21
-
-
Save daisycamber/cd1f5b8f970308a46b93b6b9cb2a702d to your computer and use it in GitHub Desktop.
Apache2 config for secure server with HTTPS and WSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<IfModule mod_ssl.c> | |
<VirtualHost *:80> | |
Redirect permanent / https://mamasheen.com/ | |
</VirtualHost> | |
<VirtualHost *:443> | |
# The ServerName directive sets the request scheme, hostname and port that | |
# the server uses to identify itself. This is used when creating | |
# redirection URLs. In the context of virtual hosts, the ServerName | |
# specifies what hostname must appear in the request's Host: header to | |
# match this virtual host. For the default virtual host (this file) this | |
# value is not decisive as it is used as a last resort host regardless. | |
# However, you must set it for any further virtual host explicitly. | |
#ServerName www.example.com | |
ServerName mamasheen.com | |
ServerAdmin love@mamasheen.com | |
DocumentRoot /var/www/html | |
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, | |
# error, crit, alert, emerg. | |
# It is also possible to configure the loglevel for particular | |
# modules, e.g. | |
# LogLevel info ssl:warn | |
ErrorLog ${APACHE_LOG_DIR}/error.log | |
CustomLog ${APACHE_LOG_DIR}/access.log combined | |
# For most configuration files from conf-available/, which are | |
# enabled or disabled at a global level, it is possible to | |
# include a line for only one particular virtual host. For example the | |
# following line enables the CGI configuration for this host only | |
# after it has been globally disabled with "a2disconf". | |
# Include conf-available/serve-cgi-bin.conf | |
Alias /static /home/love/bd/static | |
<Directory /home/love/bd/static> | |
Require all granted | |
</Directory> | |
Alias /media/static /home/love/bd/media/static | |
<Directory /home/love/bd/media/static> | |
Require all granted | |
</Directory> | |
Alias /media/verification /home/love/bd/media/verification | |
<Directory /home/love/bd/media/verification> | |
Require all granted | |
</Directory> | |
Alias /media/documents /home/love/bd/media/documents | |
<Directory /home/love/bd/media/documents> | |
Require all granted | |
</Directory> | |
Alias /media/chat /home/love/bd/media/chat | |
<Directory /home/love/bd/media/chat> | |
Require all granted | |
</Directory> | |
Alias /media/voice /home/love/bd/media/voice | |
<Directory /home/love/bd/media/voice> | |
Require all granted | |
</Directory> | |
Alias /media/profile /home/love/bd/media/profile | |
<Directory /home/love/bd/media/profile> | |
Require all granted | |
</Directory> | |
Alias /media/documents /home/love/bd/media/documents | |
<Directory /home/love/bd/media/documents> | |
Require all granted | |
</Directory> | |
Alias /media/birthcontrol /home/love/bd/media/birthcontrol | |
<Directory /home/love/bd/media/birthcontrol> | |
Require all granted | |
</Directory> | |
Alias /media/sounds /home/love/bd/media/sounds | |
<Directory /home/love/bd/media/sounds> | |
Require all granted | |
</Directory> | |
Alias /media/synthesizer /home/love/bd/media/synthesizer | |
<Directory /home/love/bd/media/synthesizer> | |
Require all granted | |
</Directory> | |
Alias /media/secure/profile /home/love/bd/media/secure/profile | |
<Directory /home/love/bd/media/secure/profile> | |
Require all granted | |
</Directory> | |
<Directory /home/love/bd/clemn> | |
<Files wsgi.py> | |
Require all granted | |
</Files> | |
</Directory> | |
WSGIScriptAlias / /home/love/bd/clemn/wsgi.py | |
WSGIDaemonProcess bd python-path=/home/love/bd/ python-home=/home/love/bd/venv header-buffer-size=100000000000 user=love | |
WSGIProcessGroup bd | |
WSGIApplicationGroup %{GLOBAL} | |
<Directory /home/love/bd/static> | |
Options Indexes FollowSymLinks | |
AllowOverride All | |
</Directory> | |
<IfModule mod_rewrite.c> | |
RewriteEngine on | |
RewriteCond %{REQUEST_URI} \.(css|webp|webm|gif|png|mp3|wav|jpeg|jpg)$ [NC] | |
RewriteCond %{HTTP_REFERER} !^https://mamasheen.com/.*$ [NC] | |
RewriteRule ^.* - [F,L] | |
</IfModule> | |
Include /etc/letsencrypt/options-ssl-apache.conf | |
SSLCertificateFile /etc/letsencrypt/live/mamasheen.com/fullchain.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/mamasheen.com/privkey.pem | |
Header set X-Frame-Options: "SAMEORIGIN" | |
Header set Access-Control-Allow-Origin "https://mamasheen.com" | |
TimeOut 60000 | |
# LimitRequestFieldSize 999999 | |
LimitRequestBody 0 | |
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|webp|JPG|JPEG|wav|mp3|mp4|public|js|css|swf|webp)$"> | |
Header set Cache-Control "max-age=30, public" | |
</FilesMatch> | |
LoadModule rewrite_module modules/mod_rewrite.so | |
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so | |
LoadModule proxy_http_module modules/mod_proxy_http.so | |
LoadModule proxy_module modules/mod_proxy.so | |
LoadModule ssl_module modules/mod_ssl.so | |
ProxyPreserveHost On | |
SSLProxyEngine on | |
SSLProxyVerify none | |
SSLProxyCheckPeerCN off | |
SSLProxyCheckPeerName off | |
RewriteEngine on | |
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] | |
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] | |
# RewriteRule /(.*) wss://127.0.0.1:8000/$1 [P,L] | |
# RewriteRule /ws/.* wss://127.0.0.1:443/ws/%{REQUEST_URI} [P,QSA,L] | |
# RewriteRule /(.*) https://127.0.0.1:8000/$1 [P,L] | |
ProxyPass /ws/ wss://127.0.0.1:8008/ws/ | |
ProxyPassReverse /ws/ wss://127.0.0.1:8008/ws/ | |
</VirtualHost> | |
</IfModule> | |
<IfModule mpm_prefork_module> | |
StartServers 10 | |
MinSpareServers 10 | |
MaxSpareServers 40 | |
ServerLimit 2000 | |
MaxRequestWorkers 1500 | |
MaxConnectionsPerChild 10000 | |
</IfModule> | |
<IfModule mod_ssl.c> | |
<VirtualHost *:80> | |
# The ServerName directive sets the request scheme, hostname and port that | |
# the server uses to identify itself. This is used when creating | |
# redirection URLs. In the context of virtual hosts, the ServerName | |
# specifies what hostname must appear in the request's Host: header to | |
# match this virtual host. For the default virtual host (this file) this | |
# value is not decisive as it is used as a last resort host regardless. | |
# However, you must set it for any further virtual host explicitly. | |
#ServerName www.example.com | |
ServerName mamasheen.com | |
ServerAdmin love@mamasheen.com | |
DocumentRoot /var/www/html | |
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, | |
# error, crit, alert, emerg. | |
# It is also possible to configure the loglevel for particular | |
# modules, e.g. | |
# LogLevel info ssl:warn | |
ErrorLog ${APACHE_LOG_DIR}/error.log | |
CustomLog ${APACHE_LOG_DIR}/access.log combined | |
# For most configuration files from conf-available/, which are | |
# enabled or disabled at a global level, it is possible to | |
# include a line for only one particular virtual host. For example the | |
# following line enables the CGI configuration for this host only | |
# after it has been globally disabled with "a2disconf". | |
# Include conf-available/serve-cgi-bin.conf | |
# RewriteCond %{SERVER_NAME} =clemn.com | |
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |
RewriteEngine on | |
RewriteCond %{SERVER_NAME} =mamasheen.com | |
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |
</VirtualHost> | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment