aboutsummaryrefslogtreecommitdiff
path: root/doc/examples/hydrilla.example.com.tls.conf
blob: 357ecb39c5ca0c518a2ca96caf38587a76dcbe5a (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# SPDX-License-Identifier: CC0-1.0

# Sample Apache2 configuration file for Hydrilla server (over HTTPS).
#
# Copyright (C) 2022 Wojtek Kosior


# Please adapt this file according to your needs can place it file under
# Apache2's available site configs directory which will be
# /etc/apache2/sites-available/ or similar. Then, enable it using the following
# command:
#    a2ensite hydrilla.example.com.tls
# You also need to install and enable the wsgi module for Apache if you haven't
# already (e.g. with libapache2-mod-wsgi-py3 Debian package).
# The new configuration will only take effect after you restart/reload Apache2
# daemon.

# The following configuration enables TLS encryption. If you want to run a local
# Hydrilla server utilizing plain HTTP, use the attached
# hydrilla.example.com.conf file instead of this one or run a standalone
# development server using the hydrilla command.

# This configuration file assumes Hydrilla is installed under Python's default
# load path and that the attached hydrilla.wsgi sample script has been saved as
# /var/lib/hydrilla/wsgi/hydrilla.wsgi

<VirtualHost *:80>
  ServerName hydrilla.example.com

  Redirect permanent / https://hydrilla.example.com/

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    ServerName hydrilla.example.com
    ServerAdmin admin@example.com

    DocumentRoot /var/lib/hydrilla/malcontent

    <Directory /var/lib/hydrilla/malcontent >
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
    </Directory>

    <Directory ~ "^/var/lib/hydrilla/malcontent/(resource|mapping)/" >
      ForceType application/json
    </Directory>

    # Make Apache2 automatically pick up the new version of the wsgi script when
    # it gets written. This line will fail if you don't have mod_wsgi installed
    # and enabled.
    WSGIScriptReloading On

    # The default configuration of mod_wsgi on most *nix systems is to run wsgi
    # scripts in so-called embedded mode. The following 2 lines instruct Apache
    # to instead run our wsgi script in a daemon process which makes it more
    # flexible and reliable. Here we also set environment variables that are
    # needed to tell Python that the system supports UTF-8 encoding.
    # Feel free to modify the arguments to WSGIDaemonProcess according to your
    # needs:
    # https://modwsgi.readthedocs.io/en/develop/user-guides/quick-configuration-guide.html#delegation-to-daemon-process
    WSGIDaemonProcess hydrilla.example.com lang='C.UTF-8' locale='C.UTF-8'
    WSGIProcessGroup hydrilla.example.com

    <Directory /var/lib/hydrilla/wsgi >
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
    </Directory>

    WSGIScriptAliasMatch "^/((resource|mapping)/[^/]+[.]json|query)$" "/var/lib/hydrilla/wsgi/hydrilla.wsgi/$1"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Change the paths to point to your actual certificate files.
    SSLEngine on
    SSLCertificateFile          /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile       /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile     /etc/letsencrypt/live/example.com/chain.pem
  </VirtualHost>
</IfModule>