Created
April 14, 2019 21:59
-
-
Save indie/265c19e4a750bc320411a26d190059e1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerAdmin info@ecosteader.com | |
| ServerName ecosteader.com | |
| ServerAlias ecosteader.com | |
| Redirect Permanent / https://ecosteader.com/ | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| ServerAdmin xxxxxxxxxxxx | |
| ServerName xxxxxxxxxxxxx | |
| DocumentRoot /home/mastodon/live/public/ | |
| <Directory "/home/mastodon/live/public"> | |
| Options Indexes MultiViews FollowSymLinks | |
| AllowOverride None | |
| Require all granted | |
| </Directory> | |
| #### DONT USE THIS CRAP OUTSIDE A MODULE | |
| # Header always set Strict-Transport-Security "max-age=31536000" | |
| # Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
| ##### | |
| <IfModule mod_headers.c> | |
| Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | |
| Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
| </IfModule> | |
| SSLEngine on | |
| SSLProtocol -all +TLSv1.2 | |
| SSLHonorCipherOrder on | |
| SSLCipherSuite EECDH+AESGCM:AES256+EECDH:AES128+EECDH | |
| # SSLCipherSuite EECDH+AESGCM:AES256+EECDH:AES128+EECDH:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 | |
| SSLProxyEngine On | |
| # SSLCompression off | |
| # SSLSessionTickets off | |
| # SSLStaplingResponderTimeout 5 | |
| # SSLStaplingReturnResponderErrors on | |
| # SSLUseStapling on | |
| SSLCertificateFile xxxxxxx | |
| SSLCertificateKeyFile xxxxxx | |
| SSLCertificateChainFile xxxxxxxx | |
| <LocationMatch "^/(assets|avatars|emoji|headers|packs|sounds|system)> | |
| Header always set Cache-Control "public, max-age=31536000, immutable" | |
| Require all granted | |
| </LocationMatch> | |
| ProxyPreserveHost On | |
| RequestHeader set X-Forwarded-Proto "https" | |
| RequestHeader set Host "ecosteader.com" | |
| # This is definitely not the right way to do it, but I did test it. | |
| # <Location /api/v1/streaming/> | |
| # RewriteEngine on | |
| # RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] | |
| # RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] | |
| # RewriteRule /api/v1/streaming/(.*) ws://127.0.0.1:4000/api/v1/streaming/$1 [P] | |
| # </Location> | |
| ProxyPass / http://localhost:4000 | |
| ProxyPassReverse / http://localhost:4000/ | |
| ProxyPass /500.html ! | |
| ProxyPass /sw.js ! | |
| ProxyPass /robots.txt ! | |
| ProxyPass /manifest.json ! | |
| ProxyPass /browserconfig.xml ! | |
| ProxyPass /mask-icon.svg ! | |
| ProxyPassMatch ^(/.*\.(png|ico)$) ! | |
| ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) ! | |
| ####### These lines below are what I think is causing the error; it's some variation on this. | |
| ProxyPass /.well-known/ https://ecosteader.com/webfinger/.well-known/ | |
| ProxyPassReverse /.well-known/ https://ecosteader.com/webfinger/.well-known/ | |
| ProxyPass /api/v1/streaming/ ws://localhost:4000/ | |
| ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ | |
| ProxyPass / http://localhost:3000/ | |
| ProxyPassReverse / http://localhost:3000/ | |
| ErrorDocument 500 /500.html | |
| ErrorDocument 501 /500.html | |
| ErrorDocument 502 /500.html | |
| ErrorDocument 503 /500.html | |
| ErrorDocument 504 /500.html | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment