haketilo-hydrilla - An HTTPs proxy to facilitate replacing sites' js with user-supplied scripts

# SPDX-License-Identifier: CC0-1.0

# Sample Apache2 configuration file for Hydrilla server (over HTTPS).
#
# Copyright (C) 2022 Wojtek Kosior


# Please adapt this file according to your needs can place it file under
# Apache2's available site configs directory which will be
# /etc/apache2/sites-available/ or similar. Then, enable it using the following
# command:
#    a2ensite hydrilla.example.com.tls
# You also need to install and enable the wsgi module for Apache if you haven't
# already (e.g. with libapache2-mod-wsgi-py3 Debian package).
# The new configuration will only take effect after you restart/reload Apache2
# daemon.

# The following configuration enables TLS encryption. If you want to run a local
# Hydrilla server utilizing plain HTTP, use the attached
# hydrilla.example.com.conf file instead of this one or run a standalone
# development server using the hydrilla command.

# This configuration file assumes Hydrilla is installed under Python's default
# load path and that the attached hydrilla.wsgi sample script has been saved as
# /var/lib/hydrilla/wsgi/hydrilla.wsgi

<VirtualHost *:80>
  ServerName hydrilla.example.com

  Redirect permanent / https://hydrilla.example.com/

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    ServerName hydrilla.example.com
    ServerAdmin admin@example.com

    DocumentRoot /var/lib/hydrilla/malcontent

    <Directory /var/lib/hydrilla/malcontent >
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
    </Directory>

    <Directory ~ "^/var/lib/hydrilla/malcontent/(resource|mapping)/" >
      ForceType application/json
    </Directory>

    # Make Apache2 automatically pick up the new version of the wsgi script when
    # it gets written. This line will fail if you don't have mod_wsgi installed
    # and enabled.
    WSGIScriptReloading On

    # The default configuration of mod_wsgi on most *nix systems is to run wsgi
    # scripts in so-called embedded mode. The following 2 lines instruct Apache
    # to instead run our wsgi script in a daemon process which makes it more
    # flexible and reliable. Here we also set environment variables that are
    # needed to tell Python that the system supports UTF-8 encoding.
    # Feel free to modify the arguments to WSGIDaemonProcess according to your
    # needs:
    # https://modwsgi.readthedocs.io/en/develop/user-guides/quick-configuration-guide.html#delegation-to-daemon-process
    WSGIDaemonProcess hydrilla.example.com lang='C.UTF-8' locale='C.UTF-8'
    WSGIProcessGroup hydrilla.example.com

    <Directory /var/lib/hydrilla/wsgi >
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
    </Directory>

    WSGIScriptAliasMatch "^/((resource|mapping)/[^/]+[.]json|query)$" "/var/lib/hydrilla/wsgi/hydrilla.wsgi/$1"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Change the paths to point to your actual certificate files.
    SSLEngine on
    SSLCertificateFile          /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile       /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile     /etc/letsencrypt/live/example.com/chain.pem
  </VirtualHost>
</IfModule>