pleroma-apache.conf 2.94 KB
Newer Older
1
# Sample Apache config for Pleroma
shibayashi's avatar
shibayashi committed
2
3
#
# Simple installation instructions:
4
5
6
7
8
# 1. Install your TLS certificate. We recommend using Let's Encrypt via Certbot
# 2. Replace 'example.tld' with your instance's domain.
# 3. This assumes a Debian-style Apache config. Copy this file to
#    /etc/apache2/sites-available/ and then activate the site by running
#    'a2ensite pleroma-apache.conf', then restart Apache.
9
10
11
12
#
# Optional: enable disk-based caching for the media proxy
# For details, see https://git.pleroma.social/pleroma/pleroma/wikis/How%20to%20activate%20mediaproxy
#
13
# 1. Create a directory as shown below for the CacheRoot and make sure
14
15
#    the Apache user can write to it.
# 2. Configure Apache's htcacheclean to clean the directory periodically.
16
#    Your OS may provide a service you can enable to do this automatically.
17

18
Define servername example.tld
shibayashi's avatar
shibayashi committed
19

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<IfModule !proxy_module>
    LoadModule proxy_module libexec/apache24/mod_proxy.so
</IfModule>
<IfModule !proxy_http_module>
    LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
</IfModule>
<IfModule !proxy_wstunnel_module>
    LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
</IfModule>
<IfModule !rewrite_module>
    LoadModule rewrite_module libexec/apache24/mod_rewrite.so
</IfModule>
<IfModule !ssl_module>
    LoadModule ssl_module libexec/apache24/mod_ssl.so
</IfModule>
<IfModule !cache_module>
    LoadModule cache_module libexec/apache24/mod_cache.so
</IfModule>
<IfModule !cache_disk_module>
    LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
</IfModule>

shibayashi's avatar
shibayashi committed
42
ServerName ${servername}
43
44
ServerTokens Prod

45
46
47
# If you want Pleroma-specific logs
#ErrorLog /var/log/httpd-pleroma-error.log
#CustomLog /var/log/httpd-pleroma-access.log combined
48

49
<VirtualHost *:80>
50
51
52
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =${servername}
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
53
54
55
56
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
Alexander Strizhakov's avatar
Alexander Strizhakov committed
57
    SSLCertificateFile      /etc/letsencrypt/live/${servername}/fullchain.pem
shibayashi's avatar
shibayashi committed
58
    SSLCertificateKeyFile   /etc/letsencrypt/live/${servername}/privkey.pem
59
60
    # Make sure you have the certbot-apache module installed
    Include /etc/letsencrypt/options-ssl-apache.conf
61

62
63
64
65
66
67
68
69
70
71
72
    # Uncomment the following to enable MediaProxy caching on disk
    #CacheRoot /tmp/pleroma-media-cache/
    #CacheDirLevels 1
    #CacheDirLength 2
    #CacheEnable disk /proxy
    #CacheLock on
    #CacheHeader on
    #CacheDetailHeader on
    ## 16MB max filesize for caching, configure as desired
    #CacheMaxFileSize 16000000
    #CacheDefaultExpire 86400
73

Stanislas's avatar
Stanislas committed
74
75
76
    RewriteEngine On
    RewriteCond %{HTTP:Connection} Upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
77
    RewriteRule /(.*) ws://127.0.0.1:4000/$1 [P,L]
78

79
    #ProxyRequests must be off or you open your server to abuse as an open proxy
Stanislas's avatar
Stanislas committed
80
    ProxyRequests off
81
82
    ProxyPass / http://127.0.0.1:4000/
    ProxyPassReverse / http://127.0.0.1:4000/
Stanislas's avatar
Stanislas committed
83
    ProxyPreserveHost On
84
</VirtualHost>