XForwardedProto to https & covers granted

deploy/apache.conf

@@ -9,7 +9,7 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
 # Define funkwhale-api-ws ws://localhost:5000
 
 
-# HTTP request redirected to HTTPS
+# HTTP requests redirected to HTTPS
 <VirtualHost *:80>
    ServerName ${funkwhale-sn}
 
@@ -22,7 +22,6 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
       Options None
       Require all granted
    </Location>
-
 </VirtualHost>
 
 
@@ -46,6 +45,8 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
    SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
 
+   # Tell the api that the client is using https
+   RequestHeader set X-Forwarded-Proto "https"
 
    DocumentRoot /srv/funkwhale/front/dist
 
@@ -112,6 +113,12 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
       Require all granted
    </Directory>
 
+   <Directory /srv/funkwhale/data/media/albums>
+      Options FollowSymLinks
+      AllowOverride None
+      Require all granted
+   </Directory>
+
    # XSendFile is serving audio files
    # WARNING : permissions on paths specified below overrides previous definition,
    # everything under those paths is potentially exposed.
@@ -123,6 +130,5 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
       XSendFilePath ${MUSIC_DIRECTORY_PATH}
       SetEnv MOD_X_SENDFILE_ENABLED 1
    </IfModule>
-
 </VirtualHost>
 </IfModule>