From 63cddbd7819dd4bdad76ec15fa57863345c21c7f Mon Sep 17 00:00:00 2001
From: Christoph <chris@0x711.de>
Date: Wed, 20 Aug 2025 13:48:45 +0200
Subject: [PATCH] =?UTF-8?q?apache=20config=20files=20hinzugef=C3=BCgt,=20R?=
 =?UTF-8?q?eadme=20angepasst?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                    |  5 ++-
 apache_site_recording.example.tld.proxy.conf | 30 ++++++++++++++
 apache_site_signal.example.tld.proxy.conf    | 42 ++++++++++++++++++++
 docker-compose.yml                           | 36 +++++++++++++++++
 4 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100644 apache_site_recording.example.tld.proxy.conf
 create mode 100644 apache_site_signal.example.tld.proxy.conf
 create mode 100644 docker-compose.yml

diff --git a/README.md b/README.md
index c2e459a..2a03e51 100644
--- a/README.md
+++ b/README.md
@@ -2,4 +2,7 @@ Dockerfile für das Spreed/Talk High Performance Backend
 
 Vorsicht: aio-talk-recording setzt per default den pfad (HPB_PATH) auf `https://domain.example/standalone-signaling/`
 
-Wurde das Backend mit aio-talk erstellt ist der Pfad nur `https://domain.example/` 
+Wurde das Backend mit aio-talk erstellt ist der Pfad nur `https://domain.example/`
+
+
+Die beiden Apache config Dateien sind für die Proxy Einstellungen für den Signaling bzw. Recording Container.
diff --git a/apache_site_recording.example.tld.proxy.conf b/apache_site_recording.example.tld.proxy.conf
new file mode 100644
index 0000000..96f8084
--- /dev/null
+++ b/apache_site_recording.example.tld.proxy.conf
@@ -0,0 +1,30 @@
+<VirtualHost *:443>
+    ServerName recording.example.tld
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/example.tld/fullchain.pem
+
+    SSLCertificateKeyFile /etc/letsencrypt/live/example.tld/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Protocols h2 http/1.1
+
+    # Logging
+    ErrorLog ${APACHE_LOG_DIR}/recording_error.log
+    CustomLog ${APACHE_LOG_DIR}/recording_access.log combined
+
+    # Proxy-Einstellungen
+    ProxyPreserveHost On
+    ProxyRequests Off
+
+    <Proxy *>
+        Require all granted
+    </Proxy>
+
+    ProxyPass "/" "http://127.0.0.1:1234/"
+    ProxyPassReverse "/" "http://127.0.0.1:1234/"
+
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-XSS-Protection "1; mode=block"
+</VirtualHost>
diff --git a/apache_site_signal.example.tld.proxy.conf b/apache_site_signal.example.tld.proxy.conf
new file mode 100644
index 0000000..7b1441a
--- /dev/null
+++ b/apache_site_signal.example.tld.proxy.conf
@@ -0,0 +1,42 @@
+<VirtualHost *:80>
+    ServerName signal.example.tld
+    Redirect permanent / https://signal.example.tld/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName signal.example.tld
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/example.tld/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/example.tld/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    # Optional, wenn vorhanden:
+
+    # Protocols h2 http/1.1
+
+
+    # Logs
+    ErrorLog ${APACHE_LOG_DIR}/signal_error.log
+
+    CustomLog ${APACHE_LOG_DIR}/signal_access.log combined
+
+    # Security Header
+    <IfModule mod_headers.c>
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    </IfModule>
+
+    # Proxy-Setup
+    ProxyPreserveHost On
+    ProxyRequests Off
+    ProxyAddHeaders On
+
+
+    # Leite alles an den Backend-Dienst weiter und erlaube WebSocket-Upgrades
+    ProxyPass        / http://127.0.0.1:8181/ upgrade=websocket keepalive=On
+    ProxyPassReverse / http://127.0.0.1:8181/
+
+
+    # Weitergereichte Header
+    RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
+    RequestHeader set X-Real-IP        expr=%{REMOTE_ADDR}
+</VirtualHost>
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..a741de8
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,36 @@
+services:
+  nc-talk:
+    container_name: talk_hpb
+    image: ghcr.io/nextcloud-releases/aio-talk:latest
+    init: true
+    ports:
+      - 3487:3478/tcp
+      - 3487:3478/udp
+      - 8181:8081/tcp
+
+    environment:
+      - NC_DOMAIN=nextcloud.example.tld
+      - TALK_HOST=signal.example.tld
+      - TURN_SECRET=BBBBBB
+
+      - SIGNALING_SECRET=CCCCCC
+      - TZ=Europe/Berlin
+      - TALK_PORT=3478
+      - INTERNAL_SECRET=AAAAAA
+    restart: unless-stopped
+
+  aio-talk-recording:
+    container_name: talk_record
+    image: nextcloud/aio-talk-recording:latest
+
+    environment:
+      - HPB_DOMAIN=signal.example.tld
+      - HPB_PATH=
+      - NC_DOMAIN=nextcloud.example.tld
+      - RECORDING_SECRET=DDDDDD
+      - INTERNAL_SECRET=AAAAAA
+
+      - TZ=Europe/Berlin
+    ports:
+      - 127.0.0.1:1234:1234
+    restart: unless-stopped