We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
You can continue the conversation there. Go to discussion →
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for a great piece of software! I just wanted to share my apache2 config for reference to others. Enjoy!
DEFINE local_url 127.0.0.1 DEFINE local_port 9999 DEFINE url_prefix gopeed DEFINE url_domain my.domain DEFINE public_url ${url_prefix}.${url_domain} DEFINE email ${url_prefix}@${url_domain} ServerTokens Prod SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)" SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)" SSLSessionCacheTimeout 300 ### If you have Google's Mod PageSpeed, disable it # ModPagespeed Off <VirtualHost *:80> ServerName ${public_url} DocumentRoot /var/www/html ServerAdmin ${email} ErrorLog ${APACHE_LOG_DIR}/${url_prefix}.error.log CustomLog ${APACHE_LOG_DIR}/${url_prefix}.access.log combined RewriteEngine On RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/ RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName ${public_url} DocumentRoot /var/www/html ServerAdmin ${email} ErrorLog ${APACHE_LOG_DIR}/${url_prefix}.error.log CustomLog ${APACHE_LOG_DIR}/${url_prefix}.access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/${url_domain}/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/${url_domain}/privkey.pem ### Forbid the http1.0 protocol ### Protocols h2 http/1.1 Timeout 360 ProxyRequests Off ProxyPreserveHost On ProxyTimeout 600 ProxyReceiveBufferSize 4096 SSLProxyEngine On RequestHeader set Front-End-Https "On" ServerSignature Off SSLCompression Off SSLUseStapling On SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors Off SSLSessionTickets Off RequestHeader set X-Forwarded-Proto 'https' env=HTTPS Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" Header always set X-Content-Type-Options nosniff Header always set X-Robots-Tag none Header always set X-XSS-Protection "1; mode=block" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin" RequestHeader set X-Real-IP %{REMOTE_ADDR}s ### Untested CSP header ### # Header always set Content-Security-Policy "default-src 'none'; base-uri 'self'; font-src 'self' data: ${public_url}; media-src 'self' blob: data: https: ${public_url}; script-src 'self' 'unsafe-inline' 'unsafe-eval' ${public_url}; style-src 'self' 'unsafe-inline' ${public_url}; img-src 'self' data: blob: https: ${public_url}; worker-src * blob:; frame-src 'self'; connect-src 'self' wss: https: ${public_url}; form-action 'self'; frame-ancestors 'self' https://${public_url} https://${url_domain} https://*.${url_domain}; manifest-src 'self'" Header always set Permissions-Policy 'geolocation=(self "https://${public_url}"), midi=(self "https://${public_url}"), sync-xhr=(self "https://${public_url}"), microphone=(self "https://${public_url}"), camera=(self "https://${public_url}"), magnetometer=(self "https://${public_url}"), gyroscope=(self "https://${public_url}"), fullscreen=(self "https://${public_url}"), payment=(self "https://${public_url}")' SSLHonorCipherOrder Off ### Uncomment next line and comment out second to allow more endpoints ### #SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 ### Actually proxy the traffic and really the only important part ### #AllowEncodedSlashes NoDecode RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://${local_url}:${local_port}/$1 [P,L] ProxyPass / http://${local_url}:${local_port}/ nocanon connectiontimeout=6 timeout=240 ProxyPassReverse / http://${local_url}:${local_port}/ ErrorDocument 503 '<!DOCTYPE html>\n<html xml:lang="en" lang="en" dir="ltr" prefix="og: http://ogp.me/ns#">\n<meta http-equiv="refresh" content="15" />\n<head id="head">\n<meta http-equiv="X-UA-Compatible" content="IE=edge"/>\n<title>Offline</title>\n<style>html{width:100%}body{background-color:#a6a6a6;text-align:center;font-family:Helvetica,Tahoma}</style>\n</head>\n<body>\n<h1>${public_url}</h1>\n<p>Appears to be offline... will try again every 15 seconds.<br><br>Nothing happening? Contact the <a href="mailto:${email}" target="_blank">admin</a>.</p>\n</body>\n</html>' </VirtualHost>
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description(required)
App Version(required)
OS Version(required)
Snapshots
Log
Thanks for a great piece of software! I just wanted to share my apache2 config for reference to others. Enjoy!
The text was updated successfully, but these errors were encountered: