From 7c13875b64e22ab08c4fa8bc9d5e4db088a89d41 Mon Sep 17 00:00:00 2001
From: Hazmo <florentin.vallee@lab-solutec.fr>
Date: Thu, 26 Apr 2018 12:32:21 +0200
Subject: [PATCH 1/2] First version of Apache2 conf (transcoding, auth and ws
 missing)

---
 deploy/apache.conf | 126 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 126 insertions(+)
 create mode 100644 deploy/apache.conf

diff --git a/deploy/apache.conf b/deploy/apache.conf
new file mode 100644
index 000000000..a9f427fac
--- /dev/null
+++ b/deploy/apache.conf
@@ -0,0 +1,126 @@
+# Following variables should be modified according to your setup
+Define funkwhale-api http://192.168.1.199:5000
+Define funkwhale-api-ws ws://192.168.1.199:5000
+Define funkwhale-sn funkwhale.duckdns.org
+Define MUSIC_DIRECTORY_PATH /music/directory/path
+
+
+# HTTP request redirected to HTTPS
+<VirtualHost *:80>
+   ServerName ${funkwhale-sn}
+   
+   # Default is to force https
+   RewriteEngine on
+   RewriteCond %{SERVER_NAME} =${funkwhale-sn}
+   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+   <Location "/.well-known/acme-challenge/">
+      Options None
+      Require all granted
+   </Location>
+
+</VirtualHost>
+
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+   ServerName ${funkwhale-sn}
+
+   # Path to ErrorLog and access log 
+   ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
+   CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
+
+   # TLS
+   # Feel free to use your own configuration for SSL here or simply remove the
+   # lines and move the configuration to the previous server block if you
+   # don't want to run funkwhale behind https (this is not recommanded)
+   # have a look here for let's encrypt configuration:
+   # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
+   SSLEngine on
+   SSLProxyEngine On
+   SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
+   SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
+   Include /etc/letsencrypt/options-ssl-apache.conf
+
+
+   DocumentRoot /srv/funkwhale/front/dist
+
+   FallbackResource /index.html
+
+   # Configure Proxy settings
+   # ProxyPreserveHost pass the original Host header to the backend server
+   ProxyVia On
+   ProxyPreserveHost On
+   <IfModule mod_remoteip.c>
+      RemoteIPHeader X-Forwarded-For
+   </IfModule>
+
+   # Turning ProxyRequests on and allowing proxying from all may allow
+   # spammers to use your proxy to send email. 
+   ProxyRequests Off
+  
+   <Proxy *>    
+      AddDefaultCharset off
+      Order Allow,Deny
+      Allow from all
+      # Here you can set a password using htpasswd to protect your proxy server
+      #Authtype Basic
+      #Authname "Password Required"
+      #AuthUserFile /etc/apache2/.htpasswd
+      #Require valid-user
+   </Proxy>
+
+   # Activating WebSockets (not working)
+   ProxyPass "/api/v1/instance/activity"  "ws://192.168.1.199:5000/api/v1/instance/activity"
+
+   <Location "/api">
+      # similar to nginx 'client_max_body_size 30M;'
+      LimitRequestBody 31457280 
+
+      ProxyPass ${funkwhale-api}/api
+      ProxyPassReverse ${funkwhale-api}/api
+   </Location>
+   <Location "/federation">
+      ProxyPass ${funkwhale-api}/federation
+      ProxyPassReverse ${funkwhale-api}/federation
+   </Location>
+  
+   <Location "/.well-known/webfinger">
+      ProxyPass ${funkwhale-api}/.well-known/webfinger
+      ProxyPassReverse ${funkwhale-api}/.well-known/webfinger
+   </Location>
+
+   Alias /media /srv/funkwhale/data/media
+
+   # Following alias is bypassing the auth check done in nginx
+   Alias /_protected/media /srv/funkwhale/data/media
+
+   Alias /staticfiles /srv/funkwhale/data/static
+
+   # Setting appropriate access levels to serve frontend
+   <Directory "/srv/funkwhale/data/static">  
+      Options FollowSymLinks
+      AllowOverride None  
+      Require all granted
+   </Directory>
+
+   <Directory /srv/funkwhale/front/dist>
+      Options FollowSymLinks
+      AllowOverride None
+      Require all granted
+   </Directory>
+
+   # XSendFile is serving audio files
+   # WARNING : permissions on paths specified below overrides previous definition,
+   # everything under those paths is potentially exposed.
+   # Following directive may be needed to ensure xsendfile is loaded
+   #LoadModule xsendfile_module modules/mod_xsendfile.so
+   <IfModule mod_xsendfile.c>
+      XSendFile On
+      XSendFilePath /srv/funkwhale/data/media 
+      XSendFilePath ${MUSIC_DIRECTORY_PATH}
+      SetEnv MOD_X_SENDFILE_ENABLED 1
+   </IfModule>
+
+</VirtualHost>
+</IfModule>

From 2dc70dcd25bdcfd4730168ba95cbb38b2b721517 Mon Sep 17 00:00:00 2001
From: Hazmo <florentin.vallee@lab-solutec.fr>
Date: Thu, 26 Apr 2018 13:14:44 +0200
Subject: [PATCH 2/2] Minor fixes on debian doc

---
 docs/installation/debian.rst                | 2 +-
 docs/installation/external_dependencies.rst | 2 +-
 docs/installation/index.rst                 | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/installation/debian.rst b/docs/installation/debian.rst
index c4e54218d..eb0c3f0ea 100644
--- a/docs/installation/debian.rst
+++ b/docs/installation/debian.rst
@@ -31,7 +31,7 @@ Layout
 
 All funkwhale-related files will be located under ``/srv/funkwhale`` apart
 from database files and a few configuration files. We will also have a
-dedicated ``funwhale`` user to launch the processes we need and own those files.
+dedicated ``funkwhale`` user to launch the processes we need and own those files.
 
 You are free to use different values here, just remember to adapt those in the
 next steps.
diff --git a/docs/installation/external_dependencies.rst b/docs/installation/external_dependencies.rst
index 059226979..52f9f92c3 100644
--- a/docs/installation/external_dependencies.rst
+++ b/docs/installation/external_dependencies.rst
@@ -18,7 +18,7 @@ On debian-like systems, you would install the database server like this:
 
 .. code-block:: shell
 
-    sudo apt-get install postgresql
+    sudo apt-get install postgresql postgresql-contrib
 
 The remaining steps are heavily inspired from `this Digital Ocean guide <https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04>`_.
 
diff --git a/docs/installation/index.rst b/docs/installation/index.rst
index 776c22424..c2a70421b 100644
--- a/docs/installation/index.rst
+++ b/docs/installation/index.rst
@@ -103,7 +103,8 @@ Then, download our sample virtualhost file and proxy conf:
 .. parsed-literal::
 
     curl -L -o /etc/nginx/funkwhale_proxy.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/funkwhale_proxy.conf"
-    curl -L -o /etc/nginx/sites-enabled/funkwhale.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/nginx.conf"
+    curl -L -o /etc/nginx/sites-available/funkwhale.conf "https://code.eliotberriot.com/funkwhale/funkwhale/raw/|version|/deploy/nginx.conf"
+    ln -s /etc/nginx/sites-available/funkwhale.conf /etc/nginx/sites-enabled/
 
 Ensure static assets and proxy pass match your configuration, and check the configuration is valid with ``nginx -t``. If everything is fine, you can restart your nginx server with ``service nginx restart``.