MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fixApacheCovers' into 'develop' 

XForwardedProto to https & covers granted

See merge request funkwhale/funkwhale!237
This commit is contained in:
Eliot Berriot 2018-06-07 09:02:34 +00:00
parent 0a7c719a46 c353d59d40
commit fd32d24044
2 changed files with 46 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
changes/changelog.d/264.enhancement Normal file
View File

@ -0,0 +1,37 @@
Album cover served in http (#264)
Apache is now serving album covers in https
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Two issues are addressed here. The first one was about Django replying with
mixed content (http) when queried for covers. Setting up the `X-Forwarded-Proto`
allows Django to know that the client is using https, and that the reply must
be https as well.
Second issue was a problem of permission causing Apache a denied access to
album cover folder. It was solved by adding another block for this path in
the Apache configuration file for funkwhale.
Here is how to modify your `funkwhale.conf` :
<VirtualHost *:443>
...
Include /etc/letsencrypt/options-ssl-apache.conf
#Add this new line
RequestHeader set X-Forwarded-Proto "https"
...
#Add this new block below the other <Directory/> blocks
<Directory /srv/funkwhale/data/media/albums>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
...
</VirtualHost>

12
deploy/apache.conf
View File

@ -9,7 +9,7 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
# Define funkwhale-api-ws ws://localhost:5000 # Define funkwhale-api-ws ws://localhost:5000
# HTTP request redirected to HTTPS # HTTP requests redirected to HTTPS
<VirtualHost *:80> <VirtualHost *:80>
ServerName ${funkwhale-sn} ServerName ${funkwhale-sn}
@ -22,7 +22,6 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
Options None Options None
Require all granted Require all granted
</Location> </Location>
</VirtualHost> </VirtualHost>
@ -46,6 +45,8 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf Include /etc/letsencrypt/options-ssl-apache.conf
# Tell the api that the client is using https
RequestHeader set X-Forwarded-Proto "https"
DocumentRoot /srv/funkwhale/front/dist DocumentRoot /srv/funkwhale/front/dist
@ -112,6 +113,12 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
Require all granted Require all granted
</Directory> </Directory>
<Directory /srv/funkwhale/data/media/albums>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# XSendFile is serving audio files # XSendFile is serving audio files
# WARNING : permissions on paths specified below overrides previous definition, # WARNING : permissions on paths specified below overrides previous definition,
# everything under those paths is potentially exposed. # everything under those paths is potentially exposed.
@ -123,6 +130,5 @@ Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
XSendFilePath ${MUSIC_DIRECTORY_PATH} XSendFilePath ${MUSIC_DIRECTORY_PATH}
SetEnv MOD_X_SENDFILE_ENABLED 1 SetEnv MOD_X_SENDFILE_ENABLED 1
</IfModule> </IfModule>
</VirtualHost> </VirtualHost>
</IfModule> </IfModule>