Sākums Izpētīt Palīdzība
Pierakstīties
mirrors
/
Radicale
spogulis no https://github.com/Kozea/Radicale
1
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Apache example configuration from Fedora 41

Peter Bieringer 1 gadu atpakaļ
vecāks
e9c7d4a671
revīzija
258b1024b3
1 mainītis faili ar 246 papildinājumiem un 0 dzēšanām
Apvienotais skats Rādīt salīdzināšanas statistiku
  1. 246 0
      contrib/apache/radicale.conf

+ 246 - 0
contrib/apache/radicale.conf
Parādīt failu 

@@ -0,0 +1,246 @@
 
+### Define how Apache should serve "radicale"
 
+## !!! Do not enable both at the same time !!!
 
+
 
+## Apache acting as reverse proxy and forward requests via ProxyPass to a running "radicale" server
 
+# SELinux WARNING: To use this correctly, you will need to set:
 
+#    setsebool -P httpd_can_network_connect=1
 
+#Define RADICALE_SERVER_REVERSE_PROXY
 
+
 
+
 
+## Apache starting WSGI server running with "radicale" application
 
+# MAY CONFLICT with other WSG servers on same system -> use then inside a VirtualHost
 
+# SELinux WARNING: To use this correctly, you will need to set:
 
+#    setsebool -P httpd_can_read_write_radicale=1
 
+#Define RADICALE_SERVER_WSGI
 
+
 
+
 
+### Extra options
 
+## Apache starting a dedicated VHOST with SSL
 
+#Define RADICALE_SERVER_VHOST_SSL
 
+
 
+
 
+### permit public access to "radicale"
 
+#Define RADICALE_PERMIT_PUBLIC_ACCESS
 
+
 
+
 
+### enforce SSL on default host
 
+#Define RADICALE_ENFORCE_SSL
 
+
 
+
 
+### Particular configuration EXAMPLES, adjust/extend/override to your needs
 
+
 
+##########################
 
+### default host
 
+##########################
 
+<IfDefine !RADICALE_SERVER_VHOST_SSL>
 
+
 
+## RADICALE_SERVER_REVERSE_PROXY
 
+<IfDefine RADICALE_SERVER_REVERSE_PROXY>
 
+	RewriteEngine On
 
+	RewriteRule ^/radicale$ /radicale/ [R,L]
 
+
 
+	<Location /radicale>
 
+		RequestHeader    set X-Script-Name /radicale
 
+
 
+		RequestHeader    set X-Forwarded-Port "%{SERVER_PORT}s"
 
+		RequestHeader    unset X-Forwarded-Proto
 
+		<If "%{HTTPS} =~ /on/">
 
+			RequestHeader    set X-Forwarded-Proto "https"
 
+		</If>
 
+
 
+		ProxyPass        http://localhost:5232/ retry=0
 
+		ProxyPassReverse http://localhost:5232/
 
+
 
+		## User authentication handled by "radicale"
 
+		Require local
 
+		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
 
+		Require all granted
 
+		</IfDefine>
 
+
 
+		## You may want to use apache's authentication (config: [auth] type = remote_user)
 
+		#AuthBasicProvider file
 
+		#AuthType Basic
 
+		#AuthName "Enter your credentials"
 
+		#AuthUserFile /path/to/httpdfile/
 
+		#AuthGroupFile /dev/null
 
+		#Require valid-user
 
+
 
+		<IfDefine RADICALE_ENFORCE_SSL>
 
+			<IfModule !ssl_module>
 
+				Error "RADICALE_ENFORCE_SSL selected but ssl module not loaded/enabled"
 
+			</IfModule>
 
+			SSLRequireSSL
 
+		</IfDefine>
 
+	</Location>
 
+</IfDefine>
 
+
 
+
 
+## RADICALE_SERVER_WSGI
 
+# For more information, visit:
 
+# http://radicale.org/user_documentation/#idapache-and-mod-wsgi
 
+<IfDefine RADICALE_SERVER_WSGI>
 
+<IfModule wsgi_module>
 
+
 
+	<Files /usr/share/radicale/radicale.wsgi>
 
+		SetHandler wsgi-script
 
+
 
+		Require local
 
+		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
 
+		Require all granted
 
+		</IfDefine>
 
+	</Files>
 
+
 
+	WSGIDaemonProcess radicale user=radicale group=radicale threads=1 umask=0027
 
+	WSGIProcessGroup radicale
 
+	WSGIApplicationGroup %{GLOBAL}
 
+	WSGIPassAuthorization On
 
+
 
+	WSGIScriptAlias /radicale /usr/share/radicale/radicale.wsgi
 
+
 
+	<Location /radicale>
 
+		RequestHeader    set X-Script-Name /radicale
 
+
 
+		## User authentication handled by "radicale"
 
+		Require local
 
+		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
 
+		Require all granted
 
+		</IfDefine>
 
+
 
+		## You may want to use apache's authentication (config: [auth] type = remote_user)
 
+		#AuthBasicProvider file
 
+		#AuthType Basic
 
+		#AuthName "Enter your credentials"
 
+		#AuthUserFile /path/to/httpdfile/
 
+		#AuthGroupFile /dev/null
 
+		#Require valid-user
 
+
 
+		<IfDefine RADICALE_ENFORCE_SSL>
 
+			<IfModule !ssl_module>
 
+				Error "RADICALE_ENFORCE_SSL selected but ssl module not loaded/enabled"
 
+			</IfModule>
 
+			SSLRequireSSL
 
+		</IfDefine>
 
+	</Location>
 
+</IfModule>
 
+<IfModule !wsgi_module>
 
+	Error "RADICALE_SERVER_WSGI selected but wsgi module not loaded/enabled"
 
+</IfModule>
 
+</IfDefine>
 
+
 
+</IfDefine>
 
+
 
+
 
+##########################
 
+### VHOST with SSL
 
+##########################
 
+<IfDefine RADICALE_SERVER_VHOST_SSL>
 
+
 
+<IfModule ssl_module>
 
+Listen 8443 https
 
+
 
+<VirtualHost _default_:8443>
 
+## taken from ssl.conf
 
+
 
+#ServerName www.example.com:443
 
+ErrorLog logs/ssl_error_log
 
+TransferLog logs/ssl_access_log
 
+LogLevel warn
 
+SSLEngine on
 
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
 
+SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
 
+SSLHonorCipherOrder on
 
+SSLCipherSuite PROFILE=SYSTEM
 
+SSLProxyCipherSuite PROFILE=SYSTEM
 
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
 
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
 
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
 
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
 
+#SSLVerifyClient require
 
+#SSLVerifyDepth  10
 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
 
+BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
 
+CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
+
 
+
 
+## RADICALE_SERVER_REVERSE_PROXY
 
+<IfDefine RADICALE_SERVER_REVERSE_PROXY>
 
+	<Location />
 
+		RequestHeader    set X-Script-Name /
 
+
 
+		RequestHeader    set X-Forwarded-Port "%{SERVER_PORT}s"
 
+		RequestHeader    set X-Forwarded-Proto "https"
 
+
 
+		ProxyPass        http://localhost:5232/ retry=0
 
+		ProxyPassReverse http://localhost:5232/
 
+
 
+		## User authentication handled by "radicale"
 
+		Require local
 
+		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
 
+		Require all granted
 
+		</IfDefine>
 
+
 
+		## You may want to use apache's authentication (config: [auth] type = remote_user)
 
+		#AuthBasicProvider file
 
+		#AuthType Basic
 
+		#AuthName "Enter your credentials"
 
+		#AuthUserFile /path/to/httpdfile/
 
+		#AuthGroupFile /dev/null
 
+		#Require valid-user
 
+	</Location>
 
+</IfDefine>
 
+
 
+
 
+## RADICALE_SERVER_WSGI
 
+# For more information, visit:
 
+# http://radicale.org/user_documentation/#idapache-and-mod-wsgi
 
+<IfDefine RADICALE_SERVER_WSGI>
 
+<IfModule wsgi_module>
 
+
 
+	<Files /usr/share/radicale/radicale.wsgi>
 
+		SetHandler wsgi-script
 
+
 
+		Require local
 
+		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
 
+		Require all granted
 
+		</IfDefine>
 
+	</Files>
 
+
 
+	WSGIDaemonProcess radicale user=radicale group=radicale threads=1 umask=0027
 
+	WSGIProcessGroup radicale
 
+	WSGIApplicationGroup %{GLOBAL}
 
+	WSGIPassAuthorization On
 
+
 
+	WSGIScriptAlias / /usr/share/radicale/radicale.wsgi
 
+
 
+	<Location />
 
+		RequestHeader    set X-Script-Name /
 
+
 
+		## User authentication handled by "radicale"
 
+		Require local
 
+		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
 
+		Require all granted
 
+		</IfDefine>
 
+
 
+		## You may want to use apache's authentication (config: [auth] type = remote_user)
 
+		#AuthBasicProvider file
 
+		#AuthType Basic
 
+		#AuthName "Enter your credentials"
 
+		#AuthUserFile /path/to/httpdfile/
 
+		#AuthGroupFile /dev/null
 
+		#Require valid-user
 
+	</Location>
 
+</IfModule>
 
+<IfModule !wsgi_module>
 
+	Error "RADICALE_SERVER_WSGI selected but wsgi module not loaded/enabled"
 
+</IfModule>
 
+</IfDefine>
 
+
 
+
 
+</VirtualHost>
 
+</IfModule>
 
+
 
+<IfModule !ssl_module>
 
+	Error "RADICALE_SERVER_VHOST_SSL selected but ssl module not loaded/enabled"
 
+</IfModule>
 
+
 
+</IfDefine>