52 lines
1.8 KiB
Plaintext
52 lines
1.8 KiB
Plaintext
# Apache SSL VirtualHost für NinjaCross
|
|
# Datei: /etc/apache2/sites-available/ninjaserver-ssl.conf
|
|
|
|
<VirtualHost *:443>
|
|
ServerName ninja.reptilfpv.de
|
|
DocumentRoot /var/www/html
|
|
|
|
# SSL Configuration
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/ninja.reptilfpv.de/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/ninja.reptilfpv.de/privkey.pem
|
|
|
|
# Security Headers für Kamera-Zugriff
|
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
|
Header always set X-Content-Type-Options nosniff
|
|
Header always set X-Frame-Options DENY
|
|
Header always set Referrer-Policy strict-origin-when-cross-origin
|
|
|
|
# Wichtig für Kamera-Zugriff
|
|
Header always set Permissions-Policy "camera=self, microphone=()"
|
|
|
|
# WebSocket Support - MUSS vor dem generellen Proxy stehen
|
|
RewriteEngine On
|
|
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
|
RewriteCond %{HTTP:Connection} upgrade [NC]
|
|
RewriteRule ^/?(.*) "ws://localhost:3000/$1" [P,L]
|
|
|
|
# Socket.IO spezifische WebSocket-Routen
|
|
ProxyPass /socket.io/ ws://localhost:3000/socket.io/
|
|
ProxyPassReverse /socket.io/ ws://localhost:3000/socket.io/
|
|
|
|
# Standard HTTP/HTTPS Reverse Proxy zu Node.js
|
|
ProxyPreserveHost On
|
|
ProxyPass /socket.io/ !
|
|
ProxyPass / http://localhost:3000/
|
|
ProxyPassReverse / http://localhost:3000/
|
|
|
|
# WebSocket Proxy-Einstellungen
|
|
ProxyTimeout 3600
|
|
ProxyBadHeader Ignore
|
|
|
|
# Logging
|
|
ErrorLog ${APACHE_LOG_DIR}/ninjaserver_ssl_error.log
|
|
CustomLog ${APACHE_LOG_DIR}/ninjaserver_ssl_access.log combined
|
|
</VirtualHost>
|
|
|
|
# HTTP zu HTTPS Redirect
|
|
<VirtualHost *:80>
|
|
ServerName ninja.reptilfpv.de
|
|
Redirect permanent / https://ninja.reptilfpv.de/
|
|
</VirtualHost>
|