Update Apache configuration for tt-tagebuch.de to support WebSocket and SSL

This commit modifies the Apache configuration for tt-tagebuch.de by adding WebSocket support and updating SSL settings. The configuration now includes a dedicated <LocationMatch> for WebSocket connections, ensuring proper handling of upgrade requests. Additionally, the SSL certificate paths have been updated to reflect the use of Let's Encrypt. The DocumentRoot and logging paths have also been adjusted for better organization and clarity. These changes enhance the server's capability to handle real-time communication and improve security.

apache.conf.example

@@ -1,104 +1,62 @@
-# Beispiel Apache-Konfiguration für tt-tagebuch.de
-# Diese Datei sollte in /etc/apache2/sites-available/tt-tagebuch.de.conf eingefügt werden
+# Apache-Konfiguration für tt-tagebuch.de mit WebSocket-Support
 # 
 # WICHTIG: Folgende Module müssen aktiviert sein:
 # sudo a2enmod proxy
 # sudo a2enmod proxy_http
 # sudo a2enmod proxy_wstunnel
 # sudo a2enmod rewrite
-# sudo a2enmod ssl
 # sudo a2enmod headers
 # sudo systemctl restart apache2
 
-<VirtualHost *:80>
-    ServerName tt-tagebuch.de
-    ServerAlias www.tt-tagebuch.de
-    
-    # Redirect HTTP zu HTTPS
-    Redirect permanent / https://tt-tagebuch.de/
-</VirtualHost>
-
 <VirtualHost *:443>
     ServerName tt-tagebuch.de
     ServerAlias www.tt-tagebuch.de
 
-    # SSL-Konfiguration (anpassen je nach Zertifikat)
+    DocumentRoot /var/www/tt-tagebuch.de
+
+    <Directory /var/www/tt-tagebuch.de>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/tt-tagebuch.de_error.log
+    CustomLog ${APACHE_LOG_DIR}/tt-tagebuch.de_access.log combined
+
     SSLEngine on
-    SSLCertificateFile /path/to/ssl/cert.pem
-    SSLCertificateKeyFile /path/to/ssl/key.pem
-    # Optional: SSLCertificateChainFile /path/to/ssl/chain.pem
+    SSLCertificateFile /etc/letsencrypt/live/tt-tagebuch.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/tt-tagebuch.de/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
 
-    # SSL-Einstellungen
-    SSLProtocol all -SSLv2 -SSLv3
-    SSLCipherSuite HIGH:!aNULL:!MD5
-    SSLHonorCipherOrder on
-
-    # Logging
-    ErrorLog ${APACHE_LOG_DIR}/tt-tagebuch.de-error.log
-    CustomLog ${APACHE_LOG_DIR}/tt-tagebuch.de-access.log combined
-
-    # Max Upload Size
-    LimitRequestBody 52428800
+    ProxyRequests Off
 
     # WebSocket-Proxy für Socket.IO
-    # WICHTIG: Diese Location muss VOR der allgemeinen /api Location stehen
+    # WICHTIG: Diese LocationMatch muss VOR den anderen ProxyPass-Direktiven stehen
     <LocationMatch "^/socket\.io/">
-        ProxyPass ws://localhost:3005/socket.io/
-        ProxyPassReverse ws://localhost:3005/socket.io/
-        
-        # WebSocket-Upgrade Headers
+        # WebSocket-Upgrade erkennen und weiterleiten
         RewriteEngine on
         RewriteCond %{HTTP:Upgrade} websocket [NC]
         RewriteCond %{HTTP:Connection} upgrade [NC]
-        RewriteRule ^/?(.*) "ws://localhost:3005/$1" [P,L]
+        RewriteRule ^/?(.*) "ws://localhost:3050/$1" [P,L]
         
-        # Fallback für HTTP (Polling)
-        ProxyPass http://localhost:3005/socket.io/
-        ProxyPassReverse http://localhost:3005/socket.io/
+        # Fallback für HTTP (Polling) - muss nach dem RewriteRule stehen
+        ProxyPass http://localhost:3050/socket.io/
+        ProxyPassReverse http://localhost:3050/socket.io/
         
-        # Headers
+        # Headers für WebSocket
         ProxyPreserveHost On
+        ProxyAddHeaders On
         RequestHeader set X-Forwarded-Proto "https"
         RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+        RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
     </LocationMatch>
 
     # API-Routen
-    <Location /api/>
-        ProxyPass http://localhost:3005/api/
-        ProxyPassReverse http://localhost:3005/api/
-        
-        ProxyPreserveHost On
-        RequestHeader set X-Forwarded-Proto "https"
-        RequestHeader set X-Real-IP %{REMOTE_ADDR}s
-    </Location>
+    ProxyPass /api http://localhost:3050/api
+    ProxyPassReverse /api http://localhost:3050/api
 
-    # Statische Frontend-Dateien
-    DocumentRoot /var/www/tt-tagebuch.de/frontend/dist
-    
-    <Directory /var/www/tt-tagebuch.de/frontend/dist>
-        Options -Indexes +FollowSymLinks
-        AllowOverride All
-        Require all granted
-        
-        # Fallback auf index.html für Vue Router
-        RewriteEngine On
-        RewriteBase /
-        RewriteRule ^index\.html$ - [L]
-        RewriteCond %{REQUEST_FILENAME} !-f
-        RewriteCond %{REQUEST_FILENAME} !-d
-        RewriteRule . /index.html [L]
-    </Directory>
-
-    # Cache-Control für statische Assets
-    <LocationMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$">
-        ExpiresActive On
-        ExpiresDefault "access plus 1 year"
-        Header set Cache-Control "public, immutable"
-    </LocationMatch>
-
-    # Security Headers
-    Header always set X-Frame-Options "SAMEORIGIN"
-    Header always set X-Content-Type-Options "nosniff"
-    Header always set X-XSS-Protection "1; mode=block"
+    # Alle anderen Anfragen an den Backend-Server (für Frontend)
+    ProxyPass / http://localhost:3050/
+    ProxyPassReverse / http://localhost:3050/
 </VirtualHost>