aboutsummaryrefslogtreecommitdiff
path: root/doc/examples/hydrilla.example.com.tls.conf
diff options
context:
space:
mode:
Diffstat (limited to 'doc/examples/hydrilla.example.com.tls.conf')
-rw-r--r--doc/examples/hydrilla.example.com.tls.conf94
1 files changed, 94 insertions, 0 deletions
diff --git a/doc/examples/hydrilla.example.com.tls.conf b/doc/examples/hydrilla.example.com.tls.conf
new file mode 100644
index 0000000..357ecb3
--- /dev/null
+++ b/doc/examples/hydrilla.example.com.tls.conf
@@ -0,0 +1,94 @@
+# SPDX-License-Identifier: CC0-1.0
+
+# Sample Apache2 configuration file for Hydrilla server (over HTTPS).
+#
+# Copyright (C) 2022 Wojtek Kosior
+
+
+# Please adapt this file according to your needs can place it file under
+# Apache2's available site configs directory which will be
+# /etc/apache2/sites-available/ or similar. Then, enable it using the following
+# command:
+# a2ensite hydrilla.example.com.tls
+# You also need to install and enable the wsgi module for Apache if you haven't
+# already (e.g. with libapache2-mod-wsgi-py3 Debian package).
+# The new configuration will only take effect after you restart/reload Apache2
+# daemon.
+
+# The following configuration enables TLS encryption. If you want to run a local
+# Hydrilla server utilizing plain HTTP, use the attached
+# hydrilla.example.com.conf file instead of this one or run a standalone
+# development server using the hydrilla command.
+
+# This configuration file assumes Hydrilla is installed under Python's default
+# load path and that the attached hydrilla.wsgi sample script has been saved as
+# /var/lib/hydrilla/wsgi/hydrilla.wsgi
+
+<VirtualHost *:80>
+ ServerName hydrilla.example.com
+
+ Redirect permanent / https://hydrilla.example.com/
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+ <VirtualHost _default_:443>
+ ServerName hydrilla.example.com
+ ServerAdmin admin@example.com
+
+ DocumentRoot /var/lib/hydrilla/malcontent
+
+ <Directory /var/lib/hydrilla/malcontent >
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ </Directory>
+
+ <Directory ~ "^/var/lib/hydrilla/malcontent/(resource|mapping)/" >
+ ForceType application/json
+ </Directory>
+
+ # Make Apache2 automatically pick up the new version of the wsgi script when
+ # it gets written. This line will fail if you don't have mod_wsgi installed
+ # and enabled.
+ WSGIScriptReloading On
+
+ # The default configuration of mod_wsgi on most *nix systems is to run wsgi
+ # scripts in so-called embedded mode. The following 2 lines instruct Apache
+ # to instead run our wsgi script in a daemon process which makes it more
+ # flexible and reliable. Here we also set environment variables that are
+ # needed to tell Python that the system supports UTF-8 encoding.
+ # Feel free to modify the arguments to WSGIDaemonProcess according to your
+ # needs:
+ # https://modwsgi.readthedocs.io/en/develop/user-guides/quick-configuration-guide.html#delegation-to-daemon-process
+ WSGIDaemonProcess hydrilla.example.com lang='C.UTF-8' locale='C.UTF-8'
+ WSGIProcessGroup hydrilla.example.com
+
+ <Directory /var/lib/hydrilla/wsgi >
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ </Directory>
+
+ WSGIScriptAliasMatch "^/((resource|mapping)/[^/]+[.]json|query)$" "/var/lib/hydrilla/wsgi/hydrilla.wsgi/$1"
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # Change the paths to point to your actual certificate files.
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
+ </VirtualHost>
+</IfModule>