80574a83f3
Remplace portail.alpinux.org.admin.conf (snippet incorrectement formaté) par scripts/admin.alpinux.org.vhost.conf : VirtualHost complet HTTP+HTTPS, reverse proxy Gunicorn port 5002, même structure que les autres vhosts. admin/app.py : supprime x_prefix=1 du ProxyFix (plus de sous-chemin /admin/) admin/.env.example : client Keycloak renommé admin-alpinux scripts/alpinux-admin.service : description mise à jour redirect_uri Keycloak attendu : https://admin.alpinux.org/auth/callback Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
36 lines
1.6 KiB
Text
36 lines
1.6 KiB
Text
# Apache vhost pour admin.alpinux.org
|
|
# À créer via ISPConfig : Sites > Ajouter un site web
|
|
# Domaine : admin.alpinux.org
|
|
# Activer SSL Let's Encrypt dans ISPConfig
|
|
#
|
|
# L'app admin Flask tourne derrière Gunicorn sur 127.0.0.1:5002
|
|
|
|
<VirtualHost *:80>
|
|
ServerName admin.alpinux.org
|
|
Redirect permanent / https://admin.alpinux.org/
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName admin.alpinux.org
|
|
|
|
# ── Proxy vers Gunicorn ──────────────────────────────────────
|
|
ProxyPreserveHost On
|
|
ProxyPass / http://127.0.0.1:5002/
|
|
ProxyPassReverse / http://127.0.0.1:5002/
|
|
|
|
RequestHeader set X-Forwarded-Proto "https"
|
|
RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
|
|
|
|
# ── Sécurité ─────────────────────────────────────────────────
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set X-Frame-Options "DENY"
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
# ── Logs ─────────────────────────────────────────────────────
|
|
ErrorLog /var/log/apache2/admin.alpinux.org-error.log
|
|
CustomLog /var/log/apache2/admin.alpinux.org-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/admin.alpinux.org/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/admin.alpinux.org/privkey.pem
|
|
</VirtualHost>
|