mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-03-04 08:53:42 +00:00
e2ca5e0f12
- Don't hijack the entire SSL site for sake of Plinth. - Serve both HTTP and HTTPS sites with default configuration. - plinth-ssl configuration only make SSL compulsory. - Document modules required for configuration to work properly. - Don't disable default site during FreedomBox setup run. This is no longer required.
27 lines
1013 B
Plaintext
27 lines
1013 B
Plaintext
##
|
|
## On all sites, provide Plinth on a default path: /plinth
|
|
##
|
|
## Requires the following Apache modules to be enabled:
|
|
## mod_headers
|
|
## mod_proxy
|
|
## mod_proxy_http
|
|
##
|
|
<Location /plinth>
|
|
ProxyPass http://localhost:8000/plinth
|
|
## Send the scheme from user's request to enable Plinth to redirect
|
|
## URLs, set cookies, set absolute URLs (if any) properly.
|
|
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
|
|
|
|
## Allow traffic only from private networks
|
|
Order Deny,Allow
|
|
Deny from All
|
|
Allow from 127.0.0.0/8 # IPv4 local addresses
|
|
Allow from 169.254.0.0/16 # IPv4 link local addresses
|
|
Allow from 10.0.0.0/8 # IPv4 class A private addresses
|
|
Allow from 172.16.0.0/12 # IPv4 class B private addresses
|
|
Allow from 192.168.0.0/16 # IPv4 class C private addresses
|
|
Allow from ::1 # IPv6 local address
|
|
Allow from fe80::/10 # IPv6 link local addresses
|
|
Allow from fc00::/7 # IPv6 private addresses
|
|
</Location>
|