Revisions · e8392376d2397e397e4a1c9c9886318e

TAM (Teppei Tamra) revised this on 10 Jan 2018

No changes. d7bebc5

TAM (Teppei Tamra) revised this on 10 Jan 2018

84cec0a

reverseproxy
<VirtualHost :443> ServerName mastodon.hoge Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload " Header add X-Content-Type-Options nosniff Header add Referrer-Policy "unsafe-url" Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'" SSLEngine on SSLHonorCipherOrder on SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem ProxyPreserveHost On ProxyRequests Off ProxyPass /api/v1/streaming/ ws://localhost:4000/ ProxyPass / http://localhost:3000/ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ ProxyPassReverse / http://localhost:3000/ RequestHeader set X-Forwarded-Proto "https" </VirtualHost> <VirtualHost :80> ServerName mastodon.hoge DocumentRoot /home/htdocs/dummy RewriteEngine on RewriteRule "^/.well-known/acme-challenge" "-" [END] RewriteCond %{HTTP_HOST} ^mastodon\.hoge RewriteRule ^/(.*)$ https://mastodon.hoge/$1 [R=301,L] </VirtualHost>

reverseproxy

<VirtualHost *:443>
  ServerName mastodon.hoge
  Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload "
  Header add X-Content-Type-Options nosniff
  Header add Referrer-Policy "unsafe-url"
  Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'"
  SSLEngine on
  SSLHonorCipherOrder on
  SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
  SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem
  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass /api/v1/streaming/ ws://localhost:4000/
  ProxyPass / http://localhost:3000/
  ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/
  ProxyPassReverse / http://localhost:3000/
  RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

<VirtualHost *:80>
  ServerName mastodon.hoge
  DocumentRoot /home/htdocs/dummy
  RewriteEngine on
  RewriteRule "^/.well-known/acme-challenge" "-" [END]
  RewriteCond %{HTTP_HOST} ^mastodon\.hoge
  RewriteRule ^/(.*)$ https://mastodon.hoge/$1 [R=301,L]
</VirtualHost>

リバースプロキシの設定例
<VirtualHost :443> ServerName mastodon.hoge Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload " Header add X-Content-Type-Options nosniff Header add Referrer-Policy "unsafe-url" Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'" SSLEngine on SSLHonorCipherOrder on SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem ProxyPreserveHost On ProxyRequests Off ProxyPass /api/v1/streaming/ ws://localhost:4000/ ProxyPass / http://localhost:3000/ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ ProxyPassReverse / http://localhost:3000/ RequestHeader set X-Forwarded-Proto "https" </VirtualHost> <VirtualHost :80> ServerName mastodon.hoge DocumentRoot /home/htdocs/dummy RewriteEngine on RewriteRule "^/.well-known/acme-challenge" "-" [END] RewriteCond %{HTTP_HOST} ^mastodon\.hoge RewriteRule ^/(.*)$ https://mastodon.hoge/$1 [R=301,L] </VirtualHost>

リバースプロキシの設定例

TAM (Teppei Tamra) revised this on 11 Nov 2017

f66c371

reverseproxy
<VirtualHost :443> ServerName mastodon.hoge Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload " Header add X-Content-Type-Options nosniff Header add Referrer-Policy "unsafe-url" Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'" SSLEngine on SSLHonorCipherOrder on SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem ProxyPreserveHost On ProxyRequests Off ProxyPass /api/v1/streaming/ ws://localhost:4000/ ProxyPass / http://localhost:3000/ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ ProxyPassReverse / http://localhost:3000/ RequestHeader set X-Forwarded-Proto "https" </VirtualHost> <VirtualHost :80> ServerName mastodon.hoge DocumentRoot /home/htdocs/dummy RewriteEngine on RewriteRule "^/.well-known/acme-challenge" "-" [END] RewriteCond %{HTTP_HOST} ^mastodon\.hoge RewriteRule ^/(.)$ https://mastodon.hoge/$1 [R=301,L] </VirtualHost> <VirtualHost :443> ServerName mastodon.hoge Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload " Header add X-Content-Type-Options nosniff Header add Referrer-Policy "unsafe-url" Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'" SSLEngine on SSLHonorCipherOrder on SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem ProxyPreserveHost On ProxyRequests Off ProxyPass /api/v1/streaming/ ws://localhost:4000/ ProxyPass / http://localhost:3000/ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ ProxyPassReverse / http://localhost:3000/ RequestHeader set X-Forwarded-Proto "https" </VirtualHost> <VirtualHost :80> ServerName mastodon.hoge DocumentRoot /home/htdocs/dummy RewriteEngine on RewriteRule "^/.well-known/acme-challenge" "-" [END] RewriteCond %{HTTP_HOST} ^mastodon\.hoge RewriteRule ^/(.)$ https://mastodon.hoge/$1 [R=301,L] </VirtualHost>

reverseproxy

TAM (Teppei Tamra) revised this on 11 Nov 2017

4a78238

reverseproxy
<VirtualHost :443> ServerName mastodon.hoge Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload " Header add X-Content-Type-Options nosniff Header add Referrer-Policy "unsafe-url" Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'" SSLEngine on SSLHonorCipherOrder on SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem ProxyPreserveHost On ProxyRequests Off ProxyPass /api/v1/streaming/ ws://localhost:4000/ ProxyPass / http://localhost:3000/ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ ProxyPassReverse / http://localhost:3000/ RequestHeader set X-Forwarded-Proto "https" </VirtualHost> <VirtualHost :80> ServerName mastodon.hoge DocumentRoot /home/htdocs/dummy RewriteEngine on RewriteRule "^/.well-known/acme-challenge" "-" [END] RewriteCond %{HTTP_HOST} ^mastodon\.hoge RewriteRule ^/(.*)$ https://mastodon.hoge/$1 [R=301,L] </VirtualHost>

reverseproxy