We Keep Coding

Convert Nginx template to Apache2

I'm struggling creating proper Apache2 .conf file for my Funkwhale instance from the nginx.template. Could you help me?
Here is the template:
# This file was generated from Funkwhale's nginx.template
upstream funkwhale-api {
# depending on your setup, you may want to update this
server ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT};
}
server {
listen 80;
listen [::]:80;
# update this to match your instance name
server_name ${FUNKWHALE_HOSTNAME};
# useful for Let's Encrypt
location /.well-known/acme-challenge/ {
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
# Required for websocket support.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
charset utf-8;
server_name ${FUNKWHALE_HOSTNAME};
# TLS
# Feel free to use your own configuration for SSL here or simply remove the
# lines and move the configuration to the previous server block if you
# don't want to run funkwhale behind https (this is not recommended)
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/${FUNKWHALE_HOSTNAME}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${FUNKWHALE_HOSTNAME}/privkey.pem;
# HSTS
add_header Strict-Transport-Security "max-age=31536000";
add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Service-Worker-Allowed "/";
root ${FUNKWHALE_FRONTEND_PATH};
# compression settings
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/javascript
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# end of compression settings
location /api/ {
include /etc/nginx/funkwhale_proxy.conf;
# This is needed if you have file import via upload enabled.
client_max_body_size ${NGINX_MAX_BODY_SIZE};
proxy_pass http://funkwhale-api;
}
location / {
alias ${FUNKWHALE_FRONTEND_PATH}/;
expires 1d;
try_files $uri $uri/ /index.html;
}
location = /embed.html {
add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
add_header Referrer-Policy "strict-origin-when-cross-origin";
alias ${FUNKWHALE_FRONTEND_PATH}/embed.html;
expires 1d;
}
location /federation/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api;
}
# You can comment this if you do not plan to use the Subsonic API.
location /rest/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/api/subsonic/rest/;
}
location /.well-known/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api;
}
location /media/ {
alias ${MEDIA_ROOT}/;
add_header Access-Control-Allow-Origin '*';
}
# This is an internal location that is used to serve
# media (uploaded) files once correct permission / authentication
# has been checked on API side.
# Comment the "NON-S3" commented lines and uncomment "S3" commented lines
# if you're storing media files in a S3 bucket.
location ~ /_protected/media/(.+) {
internal;
alias ${MEDIA_ROOT}/$1; # NON-S3
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
# proxy_set_header Authorization ""; # S3
# proxy_pass $1; # S3
add_header Access-Control-Allow-Origin '*';
}
location /_protected/music/ {
# This is an internal location that is used to serve
# local music files once correct permission / authentication
# has been checked on API side.
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting.
internal;
alias ${MUSIC_DIRECTORY_SERVE_PATH};
add_header Access-Control-Allow-Origin '*';
}
location /manifest.json {
return 302 /api/v1/instance/spa-manifest.json;
}
}
And here is the apache2 conf I tried to create:
# Following variables MUST be modified according to your setup
Define funkwhale-sn funkwhale.example.net
# Following variables should be modified according to your setup and if you
# use different configuration than what is described in our installation guide.
Define funkwhale-api http://localhost:5000
Define funkwhale-api-ws ws://localhost:5000
Define FUNKWHALE_ROOT_PATH /var/www/datas/funkwhale
Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/music
Define MEDIA_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/media
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ${funkwhale-sn}
ServerAlias www.funkwhale.example.net music.example.net musique.example.net www.musique.example.net www.music.example.net
# Path to ErrorLog and access log
ErrorLog ${APACHE_LOG_DIR}/funkwhale_error.log
CustomLog ${APACHE_LOG_DIR}/funkwhale_access.log combined
# Default is to force https
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =${funkwhale-sn}
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
<Location "/.well-known/acme-challenge/">
Options None
Require all granted
</Location>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLProxyEngine On
# Tell the api that the client is using https
RequestHeader set X-Forwarded-Proto "https"
# Configure Proxy settings
# ProxyPreserveHost pass the original Host header to the backend server
ProxyVia On
ProxyPreserveHost On
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
</IfModule>
# Turning ProxyRequests on and allowing proxying from all may allow
# spammers to use your proxy to send e-mail.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order Allow,Deny
Allow from all
</Proxy>
<Location "/api/">
# similar to nginx 'client_max_body_size 100M;'
LimitRequestBody 104857600
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
<Location "/federation/">
ProxyPass ${funkwhale-api}
ProxyPassReverse ${funkwhale-api}
</Location>
# You can comment this if you don't plan to use the Subsonic API
<Location "/rest">
ProxyPass ${funkwhale-api}/api/subsonic/rest
ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
</Location>
<Location "/.well-known/">
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
<Location "/">
ProxyPass "!"
</Location>
Alias / ${FUNKWHALE_ROOT_PATH}/front/dist
<Location "/embed.html">
ProxyPass "!"
</Location>
Alias /embed.html ${FUNKWHALE_ROOT_PATH}/front/dist/embed.html
<Location "/media">
ProxyPass "!"
</Location>
Alias /media ${FUNKWHALE_ROOT_PATH}/data/media
<Location "/manifest.json">
ProxyPass "!"
</Location>
Alias /manifest.json ${FUNKWHALE_ROOT_PATH}/api/v1/instance/spa-manifest.json
<Location "/staticfiles">
ProxyPass "!"
</Location>
Alias /staticfiles ${FUNKWHALE_ROOT_PATH}/data/static
<Location "/_protected/music/">
ProxyPass "!"
</Location>
Alias /_protected/music/ ${MUSIC_DIRECTORY_PATH}/
# Activating WebSockets
<Location "/api/v1/activity">
ProxyPass ${funkwhale-api-ws}/api/v1/activity
</Location>
# Setting appropriate access levels to serve frontend
<Directory "${FUNKWHALE_ROOT_PATH}/data/static">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "${FUNKWHALE_ROOT_PATH}/front/dist">
Options FollowSymLinks
AllowOverride None
Require all granted
DirectoryIndex ${FUNKWHALE_ROOT_PATH}/front/dist/index.html
</Directory>
<Directory "${MEDIA_DIRECTORY_PATH}">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# XSendFile is serving audio files
# WARNING : permissions on paths specified below overrides previous definition,
# everything under those paths is potentially exposed.
# Following directive may be needed to ensure xsendfile is loaded
LoadModule xsendfile_module modules/mod_xsendfile.so
<IfModule mod_xsendfile.c>
XSendFile On
XSendFilePath ${MEDIA_DIRECTORY_PATH}
XSendFilePath ${MUSIC_DIRECTORY_PATH}
SetEnv MOD_X_SENDFILE_ENABLED 1
</IfModule>
SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem
</VirtualHost>
</IfModule>
Unfortunately, trying to access to various paths (embed.html or the root of the subdomain) leads to errors (403 for the root, 404 for embed.html or /subscriptions)
Could you help me fix this?
Thanks for your help.

Converting Nginx configuration to Apache

I'm trying to set-up this self-hosted service but the example web configuration they give is for Nginx and I only have experience with Apache. Could someone help me write the equivalent config of below into Apache?
server {
listen 80 default_server;
listen [::]:80 ipv6only=on default_server;
server_name pretix.mydomain.com;
}
server {
listen 443 default_server;
listen [::]:443 ipv6only=on default_server;
server_name pretix.mydomain.com;
ssl on;
ssl_certificate /path/to/cert.chain.pem;
ssl_certificate_key /path/to/key.pem;
add_header Referrer-Policy same-origin;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://localhost:8345/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
}
location /media/ {
alias /var/pretix/data/media/;
expires 7d;
access_log off;
}
location ^~ /media/cachedfiles {
deny all;
return 404;
}
location ^~ /media/invoices {
deny all;
return 404;
}
location /static/ {
alias /var/pretix/venv/lib/python3.5/site-packages/pretix/static.dist/;
access_log off;
expires 365d;
add_header Cache-Control "public";
}
}
Edit: This is what I tried as best as I could to try to translate between the two. I think I got caught up on the reverse proxy piece.
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
ServerName tickets.mydomain.com
ServerAlias www.tickets.mydomain.com
DocumentRoot /var/pretix/data/media/
ProxyPass / http://127.0.0.1:8345/
ProxyPassReverse / http://127.0.0.1:8345/
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
<Directory /var/pretix/data/media/>
AllowOverride All
Require all granted
</Directory>
<Directory /var/pretix/venv/lib/python3.6/site-packages/pretix/static.dist/>
AllowOverride All
Require all granted
</Directory>
Alias /media "/var/pretix/data/media/"
Alias /static "/var/pretix/venv/lib/python3.6/site-packages/pretix/static.dist/"
<Directory /var/pretix/data/media/cachedfiles>
order deny,allow
deny from all
</Directory>
<Directory /var/pretix/data/media/invoices>
order deny,allow
deny from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =tickets.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =www.tickets.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Nginx as reverse proxy for Apache does not load CSS or javascript

I am trying to insert a new website in a digital ocean server. There are currently 4 websites being hosted there in Nginx. I've created a Nginx Virtual Host that works as a reverse proxy for Apache, which is listening in the port 8000. It is currently redirecting when I try to access the domain, but it is failing to load all the CSS and Javascript. It just loads the HTML. But if I access it through www.domain.com:8000 it loads perfectly.
The Nginx configuration file for the website:
server {
listen 80;
root /usr/share/nginx/html/;
index index.php index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.html?$args;
# include /etc/nginx/mime.types;
}
# location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
# expires 1s;
# }
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
location ~ \.html$ {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://example.com:8000;
}
location ~ /\.ht {
deny all;
}
}
The Apache .conf file:
Listen 8000
<VirtualHost *:8000>
ServerAdmin admin#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I don't use PHP on the website, just HTML, CSS and JavaScript.

How to enable CORS on Apache (or should be Nginx?) which it act as a proxy to another local Nginx server?

I deplyed two web-server on my machine, one is Apache (port 80) which launches the PHP5.3, the other one is Nginx (port 8080) which launches the PHP 7.0.2.
I had made Apache to act as a proxy to Nginx.
I set a VirtualHost of Apache, below is the setting:
<VirtualHost *:80>
ServerAdmin 369273264#qq.com
ServerName wxforum.com
ServerAlias wxforum.com
Header set Access-Control-Allow-Origin "http://wxforum.com"
ErrorLog "/private/var/log/apache2/wxforum.com-error_log"
CustomLog "/private/var/log/apache2/wxforum-access_log" common
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
Below is the partial setting of Nginx:
server {
listen 8080;
server_name localhost;
set $root_path '/usr/local/var/www';
root $root_path;
#index index.php index.html index.htm
#charset koi8-r;
access_log /usr/local/var/log/nginx/localhost.access.log main;
error_log /usr/local/var/log/nginx/localhost.error.log;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php$is_args$query_string;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root $root_path;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
#root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index /index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Now When I access http://wxforum.com, the Nginx works, But when I issue an AJAX request, it fails, and shows me:
XMLHttpRequest cannot load http://127.0.0.1:8080/_debugbar/open?op=get&id=9932e2decca12d5f5109a1a61d4ce5dc. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://wxforum.com' is therefore not allowed access..
In this case, how could I enable CORS on pure web-server?

I solved my problem after reading Using CORS, CORS on Nginx, it does not need to edit configuration file of Apache, thanks so much!
Finally, my nginx.conf is like below:
server {
listen 8080;
server_name localhost;
set $root_path '/usr/local/var/www';
root $root_path;
#charset koi8-r;
access_log /usr/local/var/log/nginx/localhost.access.log main;
error_log /usr/local/var/log/nginx/localhost.error.log;
index index.php index.html index.htm;
# enable CORS
# http://www.html5rocks.com/en/tutorials/cors/#toc-cors-server-flowchart
# http://enable-cors.org/server_nginx.html
# http://stackoverflow.com/questions/14499320/how-to-properly-setup-nginx-access-control-allow-origin-into-response-header-bas/29113949#29113949
set $allow_origin 'http://wxforum.com';
add_header 'Access-Control-Allow-Origin' $allow_origin;
add_header 'Access-Control-Allow-Methods' 'GET, POST';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
location / {
# add_header Access-Control-Allow-Origin $cors_header;
try_files $uri $uri/ /index.php$is_args$query_string;
}
...
}

Nginx error log - invalid local address

I have a Amazon EC2 Server setup with Nginx 1.8.1 on port 80 and Apache 2.4 on port 8080.
My Nginx error log is filled with invalid local address "www.domain.com:80"
Can someone advise how to fix this error?
My domain.com under /etc/nginx/sites-enabled is as below
server {
listen 80;
server_name domain.com www.domain.com;
root /home/domain/public_html/;
index index.php index.htm index.html;
location / {
#try_files $uri $uri/ /index.php;
#try_files $uri $uri/ $uri.php;
try_files $uri $uri/ /index.php?/$request_uri;
}
location ~ \.php$ {
proxy_bind $host:80;
proxy_pass http://www.domain.com:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Cache-Status $upstream_cache_status;
# Cache configuration
proxy_cache my-cache;
proxy_cache_valid 10s;
proxy_no_cache $cookie_PHPSESSID;
proxy_cache_bypass $cookie_PHPSESSID;
proxy_cache_key "$scheme$host$request_uri";
}
# Disable Cache for the file type html, json
location ~* .(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
# Enable Cache the file 30 days
location ~* .(jpg|png|gif|jpeg|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
proxy_cache_valid 200 120m;
expires 30d;
proxy_cache my-cache;
#access_log off;
add_header X-Cache-Status $upstream_cache_status;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
}
My domain.com under Apache Virtual Host is as below
<VirtualHost 172.31.xx.xxx:8080>
DocumentRoot /home/domain/public_html/
ServerName domaine.com
ServerAlias www.domain.com n1.domain.com
ErrorLog /home/domain/logs/error_log
CustomLog /home/domain/logs/access_log combined
<Directory /home/domain/public_html>
Options -Includes -ExecCGI
AllowOverride All
</Directory>

Is there any particular reason as to why you have the proxy_bind $host:80; directive? If not, remove it and it should stop the error (note that the address that you're binding to must be local, if you chose to go that route).