ThePeGaSuS
90 lines
2.9 KiB
ApacheConf
90 lines
2.9 KiB
ApacheConf
# Apache VirtualHost config for Cathode
|
|
# Drop in /etc/apache2/sites-available/cathode.conf
|
|
# Enable with: sudo a2ensite cathode
|
|
#
|
|
# Required modules:
|
|
# sudo a2enmod ssl proxy proxy_http proxy_wstunnel rewrite headers
|
|
#
|
|
# For TLS certs use certbot:
|
|
# sudo certbot --apache -d cathode.example.com
|
|
|
|
# HTTP → HTTPS redirect
|
|
<VirtualHost *:80>
|
|
ServerName cathode.example.com
|
|
Redirect permanent / https://cathode.example.com/
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName cathode.example.com
|
|
|
|
# TLS (certbot will fill these in, or provide your own)
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/cathode.example.com/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/cathode.example.com/privkey.pem
|
|
|
|
# Modern TLS
|
|
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
|
SSLHonorCipherOrder off
|
|
|
|
# Serve Cathode static files
|
|
DocumentRoot /var/www/cathode
|
|
<Directory /var/www/cathode>
|
|
Options -Indexes +FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
# Proxy WeeChat relay API — REST and WebSocket
|
|
# WeeChat listens on localhost:9000 — adjust if needed
|
|
|
|
# Enable proxy for this vhost
|
|
ProxyRequests off
|
|
|
|
# WebSocket proxy: must come before the plain HTTP proxy rule
|
|
# Apache uses mod_proxy_wstunnel for WebSocket upgrades
|
|
RewriteEngine on
|
|
RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
|
RewriteRule ^/api(.*) ws://localhost:9000/api$1 [P,L]
|
|
|
|
# Plain HTTP proxy for REST requests to /api
|
|
ProxyPass /api http://localhost:9000/api
|
|
ProxyPassReverse /api http://localhost:9000/api
|
|
|
|
# Pass real client IP
|
|
ProxyPreserveHost on
|
|
RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"
|
|
|
|
# Timeouts for long-lived WebSocket connections
|
|
ProxyTimeout 3600
|
|
|
|
# Security headers
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set X-Frame-Options "DENY"
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
# Logging
|
|
ErrorLog ${APACHE_LOG_DIR}/cathode_error.log
|
|
CustomLog ${APACHE_LOG_DIR}/cathode_access.log combined
|
|
</VirtualHost>
|
|
|
|
|
|
# ── Local / LAN setup (no domain, plain HTTP) ────────────────────────────────
|
|
# If you're on a LAN without a domain, use this simpler block.
|
|
# Cathode connect screen: uncheck TLS, use ws:// (port 8080 here).
|
|
#
|
|
# <VirtualHost *:8080>
|
|
# DocumentRoot /var/www/cathode
|
|
# <Directory /var/www/cathode>
|
|
# Options -Indexes
|
|
# Require all granted
|
|
# </Directory>
|
|
#
|
|
# ProxyRequests off
|
|
# RewriteEngine on
|
|
# RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
|
# RewriteRule ^/api(.*) ws://localhost:9000/api$1 [P,L]
|
|
# ProxyPass /api http://localhost:9000/api
|
|
# ProxyPassReverse /api http://localhost:9000/api
|
|
# ProxyTimeout 3600
|
|
# </VirtualHost>
|