diff options
Diffstat (limited to 'doc/examples/hydrilla.example.com.tls.conf')
-rw-r--r-- | doc/examples/hydrilla.example.com.tls.conf | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/doc/examples/hydrilla.example.com.tls.conf b/doc/examples/hydrilla.example.com.tls.conf new file mode 100644 index 0000000..357ecb3 --- /dev/null +++ b/doc/examples/hydrilla.example.com.tls.conf @@ -0,0 +1,94 @@ +# SPDX-License-Identifier: CC0-1.0 + +# Sample Apache2 configuration file for Hydrilla server (over HTTPS). +# +# Copyright (C) 2022 Wojtek Kosior + + +# Please adapt this file according to your needs can place it file under +# Apache2's available site configs directory which will be +# /etc/apache2/sites-available/ or similar. Then, enable it using the following +# command: +# a2ensite hydrilla.example.com.tls +# You also need to install and enable the wsgi module for Apache if you haven't +# already (e.g. with libapache2-mod-wsgi-py3 Debian package). +# The new configuration will only take effect after you restart/reload Apache2 +# daemon. + +# The following configuration enables TLS encryption. If you want to run a local +# Hydrilla server utilizing plain HTTP, use the attached +# hydrilla.example.com.conf file instead of this one or run a standalone +# development server using the hydrilla command. + +# This configuration file assumes Hydrilla is installed under Python's default +# load path and that the attached hydrilla.wsgi sample script has been saved as +# /var/lib/hydrilla/wsgi/hydrilla.wsgi + +<VirtualHost *:80> + ServerName hydrilla.example.com + + Redirect permanent / https://hydrilla.example.com/ + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<IfModule mod_ssl.c> + <VirtualHost _default_:443> + ServerName hydrilla.example.com + ServerAdmin admin@example.com + + DocumentRoot /var/lib/hydrilla/malcontent + + <Directory /var/lib/hydrilla/malcontent > + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + </Directory> + + <Directory ~ "^/var/lib/hydrilla/malcontent/(resource|mapping)/" > + ForceType application/json + </Directory> + + # Make Apache2 automatically pick up the new version of the wsgi script when + # it gets written. This line will fail if you don't have mod_wsgi installed + # and enabled. + WSGIScriptReloading On + + # The default configuration of mod_wsgi on most *nix systems is to run wsgi + # scripts in so-called embedded mode. The following 2 lines instruct Apache + # to instead run our wsgi script in a daemon process which makes it more + # flexible and reliable. Here we also set environment variables that are + # needed to tell Python that the system supports UTF-8 encoding. + # Feel free to modify the arguments to WSGIDaemonProcess according to your + # needs: + # https://modwsgi.readthedocs.io/en/develop/user-guides/quick-configuration-guide.html#delegation-to-daemon-process + WSGIDaemonProcess hydrilla.example.com lang='C.UTF-8' locale='C.UTF-8' + WSGIProcessGroup hydrilla.example.com + + <Directory /var/lib/hydrilla/wsgi > + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + </Directory> + + WSGIScriptAliasMatch "^/((resource|mapping)/[^/]+[.]json|query)$" "/var/lib/hydrilla/wsgi/hydrilla.wsgi/$1" + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # Change the paths to point to your actual certificate files. + SSLEngine on + SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem + </VirtualHost> +</IfModule> |