From e3a4e54796e908dc5cbb9aa1ca03f234adcd8888 Mon Sep 17 00:00:00 2001
From: Jeff Moe <moe@spacecruft.org>
Date: Wed, 11 May 2022 20:26:17 -0600
Subject: [PATCH] apache configs

---
 apache/000-default-le-ssl.conf | 101 +++++++++++++++++++++++++++++++++
 apache/000-default.conf        |   7 +++
 2 files changed, 108 insertions(+)
 create mode 100644 apache/000-default-le-ssl.conf
 create mode 100644 apache/000-default.conf

diff --git a/apache/000-default-le-ssl.conf b/apache/000-default-le-ssl.conf
new file mode 100644
index 0000000..8b0ac43
--- /dev/null
+++ b/apache/000-default-le-ssl.conf
@@ -0,0 +1,101 @@
+SSLProtocol -All TLSv1.3 -TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite AES256+EECDH
+SSLHonorCipherOrder on
+SSLCompression off
+SSLVerifyClient None
+SSLSessionTickets Off
+SSLOptions +StrictRequire
+Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+
+ServerAdmin webmaster@localhost
+DocumentRoot /var/www/html
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+RewriteEngine on
+
+ProxyVia On
+ProxyPreserveHost On
+RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
+
+
+<VirtualHost galmonmap.spacecruft.org:443>
+    ServerName galmonmap.spacecruft.org
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule /(.*) ws://127.0.0.1:8080/$1 [P]
+    <Location />
+        ProxyPass http://127.0.0.1:8080/
+    </Location>
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/galmonmap.spacecruft.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/galmonmap.spacecruft.org/privkey.pem
+</VirtualHost>
+
+<VirtualHost gnss.spacecruft.org:443>
+    ServerName gnss.spacecruft.org
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule /(.*) ws://127.0.0.1:8050/$1 [P]
+    <Location />
+        ProxyPass http://127.0.0.1:8050/
+    </Location>
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/galmonmap.spacecruft.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/galmonmap.spacecruft.org/privkey.pem
+</VirtualHost>
+
+<VirtualHost beidou.spacecruft.org:443>
+    ServerName beidou.spacecruft.org
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule /(.*) ws://127.0.0.1:8051/$1 [P]
+    <Location />
+        ProxyPass http://127.0.0.1:8051/
+    </Location>
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/galmonmap.spacecruft.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/galmonmap.spacecruft.org/privkey.pem
+</VirtualHost>
+
+<VirtualHost galileo.spacecruft.org:443>
+    ServerName galileo.spacecruft.org
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule /(.*) ws://127.0.0.1:8052/$1 [P]
+    <Location />
+        ProxyPass http://127.0.0.1:8052/
+    </Location>
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/galmonmap.spacecruft.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/galmonmap.spacecruft.org/privkey.pem
+</VirtualHost>
+
+<VirtualHost gps.spacecruft.org:443>
+    ServerName gps.spacecruft.org
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule /(.*) ws://127.0.0.1:8053/$1 [P]
+    <Location />
+        ProxyPass http://127.0.0.1:8053/
+    </Location>
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/galmonmap.spacecruft.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/galmonmap.spacecruft.org/privkey.pem
+</VirtualHost>
+
+<VirtualHost glonass.spacecruft.org:443>
+    ServerName glonass.spacecruft.org
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule /(.*) ws://127.0.0.1:8054/$1 [P]
+    <Location />
+        ProxyPass http://127.0.0.1:8054/
+    </Location>
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/galmonmap.spacecruft.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/galmonmap.spacecruft.org/privkey.pem
+</VirtualHost>
+
diff --git a/apache/000-default.conf b/apache/000-default.conf
new file mode 100644
index 0000000..96294c1
--- /dev/null
+++ b/apache/000-default.conf
@@ -0,0 +1,7 @@
+<VirtualHost *:80>
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+