From 2d9a1b2c97051bad8e6fffa8dfcb5c8dfb07d7be Mon Sep 17 00:00:00 2001
From: "N. Geisler" <ngeisler@fachschaft.informatik.tu-darmstadt.de>
Date: Fri, 25 Oct 2019 14:47:32 +0200
Subject: [PATCH] update apache config for ssl

---
 README.md              |  2 +-
 apache-akplanning.conf | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 79d82835..e9da8cf5 100644
--- a/README.md
+++ b/README.md
@@ -96,7 +96,7 @@ Remember to use a secret key that is not stored in any repository or similar, an
     ProxyPass / uwsgi://127.0.0.1:3035/
     ```
 
-    or create a new config (.conf) file (similar to ``apache-akplanning.conf``) replacing $SUBDOMAIN with the subdomain the system should be available under, and $MAILADDRESS with the e-mail address of your administrator. Copy or symlink it to ``/etc/apache2/sites-available``. Then symlink it to ``sites-enabled`` e.g. by using ``ln -s /etc/apache2/sites-available/akplanning.conf /etc/apache2/sites-enabled/akplanning.conf``.
+    or create a new config (.conf) file (similar to ``apache-akplanning.conf``) replacing $SUBDOMAIN with the subdomain the system should be available under, and $MAILADDRESS with the e-mail address of your administrator and $PATHTO with the appropriate paths. Copy or symlink it to ``/etc/apache2/sites-available``. Then symlink it to ``sites-enabled`` e.g. by using ``ln -s /etc/apache2/sites-available/akplanning.conf /etc/apache2/sites-enabled/akplanning.conf``.
 1. restart Apache ``sudo systemctl restart apache2.service``
 1. create a dedicated user, e.g. ``adduser django``
 1. transfer ownership of the folder to the new user ``chown -R django:django /srv/WannaDB``
diff --git a/apache-akplanning.conf b/apache-akplanning.conf
index 7d1b54ee..4e9da445 100644
--- a/apache-akplanning.conf
+++ b/apache-akplanning.conf
@@ -19,3 +19,30 @@
   RewriteCond %{SERVER_NAME} =$SUBDOMAIN
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+
+  ServerName $SUBDOMAIN
+
+  ServerAdmin $MAILADDRESS
+
+
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  Alias /static /srv/AKPlanning/static
+  <Directory /srv/AKPlanning/static>
+  Require all granted
+  </Directory>
+
+
+  ProxyPassMatch ^/static/ !
+  ProxyPass / uwsgi://127.0.0.1:3035/
+  ProxyPassReverse / uwsgi://127.0.0.1:3035/
+
+
+  Include /etc/letsencrypt/options-ssl-apache.conf
+  SSLCertificateFile $PATHTOfullchain.pem
+  SSLCertificateKeyFile $PATHTOprivkey.pem
+</VirtualHost>
+</IfModule>
-- 
GitLab