Skip to content

Instantly share code, notes, and snippets.

@dankamongmen

dankamongmen/social.conf

Forked from cmiles74/social.conf
Last active Jan 10, 2021
Embed
What would you like to do?
Mastodon Configuration for Apache
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName jsm.qemfd.net
DocumentRoot /home/mastodon/live/public/
<Directory "/home/mastodon/live/public">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ServerAdmin dank@qemfd.net
ProxyPreserveHost On
ProxyPass /inert.css !
ProxyPass /packs !
ProxyPassMatch ^(/.*\.(png|ico)$) !
ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
ProxyPass /api/v1/streaming http://localhost:4000/
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
RequestHeader set X-Forwarded-Proto "https"
SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
ErrorLog ${APACHE_LOG_DIR}/social-error.log
CustomLog ${APACHE_LOG_DIR}/social-access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =social.nervestaple.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/jsm.qemfd.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jsm.qemfd.net/privkey.pem
SSLProxyEngine on
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment