81 lines
2.5 KiB
Plaintext
81 lines
2.5 KiB
Plaintext
|
|
# Required Apache2 modules
|
|
# ========================
|
|
#
|
|
# Apache2 web server is modular. We need to enable the required modules for this reverse
|
|
# proxy setup. We can use the a2enmod command to enable modules. If a module has been
|
|
# enabled already, nothing happens.
|
|
#
|
|
# Enable proxy in general: a2enmod proxy
|
|
#
|
|
# Enable proxy for HTTP protocol: a2enmod proxy_http
|
|
#
|
|
# Enable SSL support: a2enmod proxy_connect
|
|
#
|
|
# Enable proxy of websockets: a2enmod proxy_wstunnel
|
|
|
|
|
|
<VirtualHost <IPV4-ADDRESS>:443 [IPV6-ADDRESS]:443>
|
|
|
|
ServerName <FULL-QUALIFIED-SITE-NAME>
|
|
|
|
Options -Indexes
|
|
|
|
# Encoded slashes need to be allowed
|
|
AllowEncodedSlashes NoDecode
|
|
|
|
# Container uses a unique non-signed certificate
|
|
SSLProxyEngine On
|
|
SSLProxyVerify None
|
|
SSLProxyCheckPeerCN Off
|
|
SSLProxyCheckPeerName Off
|
|
|
|
# keep the host
|
|
ProxyPreserveHost On
|
|
|
|
|
|
# static html, js, images, etc. served from coolwsd
|
|
# browser is the client part of Collabora Online
|
|
ProxyPass /browser https://127.0.0.1:9980/browser retry=0
|
|
ProxyPassReverse /browser https://127.0.0.1:9980/browser
|
|
|
|
|
|
# WOPI discovery URL
|
|
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
|
|
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
|
|
|
|
|
|
# Capabilities
|
|
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
|
|
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
|
|
|
|
# Main websocket
|
|
ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon
|
|
|
|
|
|
# Admin Console websocket
|
|
ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws
|
|
|
|
|
|
# Download as, Fullscreen presentation and Image upload operations
|
|
ProxyPass /cool https://127.0.0.1:9980/cool
|
|
ProxyPassReverse /cool https://127.0.0.1:9980/cool
|
|
|
|
|
|
# Compatibility with integrations that use the /lool/convert-to endpoint
|
|
ProxyPass /lool https://127.0.0.1:9980/cool
|
|
ProxyPassReverse /lool https://127.0.0.1:9980/cool
|
|
|
|
|
|
SSLEngine on
|
|
|
|
SSLCertificateFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/fullchain.pem
|
|
SSLCertificateKeyFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/privkey.pem
|
|
|
|
CustomLog /var/log/apache2/ip_requests.log base_requests
|
|
|
|
CustomLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>.log combined
|
|
ErrorLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-error.log
|
|
|
|
</VirtualHost>
|