# Sample Apache config for Pleroma # # Simple installation instructions: # 1. Install your TLS certificate. We recommend using Let's Encrypt via Certbot # 2. Replace 'example.tld' with your instance's domain. # 3. This assumes a Debian-style Apache config. Copy this file to # /etc/apache2/sites-available/ and then activate the site by running # 'a2ensite pleroma-apache.conf', then restart Apache. # # Optional: enable disk-based caching for the media proxy # For details, see https://git.pleroma.social/pleroma/pleroma/wikis/How%20to%20activate%20mediaproxy # # 1. Create a directory as shown below for the CacheRoot and make sure # the Apache user can write to it. # 2. Configure Apache's htcacheclean to clean the directory periodically. # Your OS may provide a service you can enable to do this automatically. Define servername example.tld <IfModule !proxy_module> LoadModule proxy_module libexec/apache24/mod_proxy.so </IfModule> <IfModule !proxy_http_module> LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so </IfModule> <IfModule !proxy_wstunnel_module> LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so </IfModule> <IfModule !rewrite_module> LoadModule rewrite_module libexec/apache24/mod_rewrite.so </IfModule> <IfModule !ssl_module> LoadModule ssl_module libexec/apache24/mod_ssl.so </IfModule> <IfModule !cache_module> LoadModule cache_module libexec/apache24/mod_cache.so </IfModule> <IfModule !cache_disk_module> LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so </IfModule> ServerName ${servername} ServerTokens Prod # If you want Pleroma-specific logs #ErrorLog /var/log/httpd-pleroma-error.log #CustomLog /var/log/httpd-pleroma-access.log combined <VirtualHost *:80> RewriteEngine on RewriteCond %{SERVER_NAME} =${servername} RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/letsencrypt/live/${servername}/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/${servername}/privkey.pem # Make sure you have the certbot-apache module installed Include /etc/letsencrypt/options-ssl-apache.conf # Uncomment the following to enable MediaProxy caching on disk #CacheRoot /tmp/pleroma-media-cache/ #CacheDirLevels 1 #CacheDirLength 2 #CacheEnable disk /proxy #CacheLock on #CacheHeader on #CacheDetailHeader on ## 16MB max filesize for caching, configure as desired #CacheMaxFileSize 16000000 #CacheDefaultExpire 86400 RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule /(.*) ws://127.0.0.1:4000/$1 [P,L] #ProxyRequests must be off or you open your server to abuse as an open proxy ProxyRequests off ProxyPass / http://127.0.0.1:4000/ ProxyPassReverse / http://127.0.0.1:4000/ ProxyPreserveHost On </VirtualHost>