Init

Passwörter.txt

+Nein, hier stehen keine Passwörter :)
+
+Die echten Passwörter wurden ersetzt durch:
+SHAREPHPPASSWORDBINGO
+SHAREDPHPPASSWORDBYTEWERK
+DATABASENAME
+DATABASEUSER
+DATABASEPASSWORD

README.md

+Doku: https://wiki.bytewerk.org/index.php?title=XMPP-Server

etc/apache2/vhosts.d/01-set-servername.conf

+ServerName xmpp.bytewerk.org
+

etc/apache2/vhosts.d/conference.bingo-ev.de.conf

+# Für Prosody
+# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "conference.bingo-ev.de" benötigt
+
+<VirtualHost *:80>
+    ServerName conference.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/conference.bingo-ev.de
+
+    # Logging
+    ErrorLog /var/log/apache2/conference.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName conference.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/conference.bingo-ev.de
+
+    # Logging
+    ErrorLog /var/log/apache2/conference.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/conference.bingo-ev.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/conference.bingo-ev.de/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Redirect 301 / https://jabber.bingo-ev.de/
+</VirtualHost>

etc/apache2/vhosts.d/conference.bytewerk.org.conf

+# Für Prosody
+# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "conference.bytewerk.org" benötigt
+
+<VirtualHost *:80>
+    ServerName conference.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/conference.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/conference.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName conference.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/conference.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/conference.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/conference.bytewerk.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/conference.bytewerk.org/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Redirect 301 / https://jabber.bytewerk.org/
+</VirtualHost>

etc/apache2/vhosts.d/proxy.bytewerk.org.conf

+# Für Prosody
+# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "proxy.bytewerk.org" benötigt
+
+<VirtualHost *:80>
+    ServerName proxy.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/proxy.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/proxy.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName proxy.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/proxy.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/proxy.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/proxy.bytewerk.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/proxy.bytewerk.org/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Redirect 301 / https://jabber.bytewerk.org/
+</VirtualHost>

etc/apache2/vhosts.d/proxy65.bingo-ev.de.conf

+# Für Prosody
+# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "proxy65.bingo-ev.de" benötigt
+
+<VirtualHost *:80>
+    ServerName proxy65.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/proxy65.bingo-ev.de
+
+    # Logging
+    ErrorLog /var/log/apache2/proxy65.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy65.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName proxy65.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/proxy65.bingo-ev.de
+
+    # Logging
+    ErrorLog /var/log/apache2/proxy65.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy65.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/proxy65.bingo-ev.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/proxy65.bingo-ev.de/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Redirect 301 / https://jabber.bingo-ev.de/
+</VirtualHost>

etc/apache2/vhosts.d/pubsub.bingo-ev.de.conf

+# Für Prosody
+# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "pubsub.bingo-ev.de" benötigt
+
+<VirtualHost *:80>
+    ServerName pubsub.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/pubsub.bingo-ev.de
+
+    # Logging
+    ErrorLog /var/log/apache2/pubsub.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName pubsub.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/pubsub.bingo-ev.de
+
+    # Logging
+    ErrorLog /var/log/apache2/pubsub.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/pubsub.bingo-ev.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/pubsub.bingo-ev.de/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Redirect 301 / https://jabber.bingo-ev.de/
+</VirtualHost>

etc/apache2/vhosts.d/pubsub.bytewerk.org.conf

+# Für Prosody
+# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "pubsub.bytewerk.org" benötigt
+
+<VirtualHost *:80>
+    ServerName pubsub.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/pubsub.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/pubsub.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName pubsub.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/pubsub.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/pubsub.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/pubsub.bytewerk.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/pubsub.bytewerk.org/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Redirect 301 / https://jabber.bytewerk.org/
+</VirtualHost>

etc/apache2/vhosts.d/upload.bingo-ev.de.conf

+# Für Prosody:
+# - LetsEncrypt-Zertifikat für upload.bingo-ev.de
+# - mod_upload_external/mod_upload (XEP-0363)
+
+<VirtualHost *:80>
+    ServerName upload.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/upload.bingo-ev.de
+    #DocumentRoot /var/www/jabber/upload
+
+    # Logging
+    ErrorLog /var/log/apache2/upload.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName upload.bingo-ev.de
+
+    ServerAdmin webmaster@bingo-ev.de
+
+    DocumentRoot /srv/var/www/vhosts/upload.bingo-ev.de
+
+    # Logging
+    ErrorLog /var/log/apache2/upload.bingo-ev.de-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bingo-ev.de-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/upload.bingo-ev.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/upload.bingo-ev.de/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    ####################################
+
+    # PHP
+    Include /etc/apache2/conf.d/mod_php7.conf
+
+    <Directory /srv/var/www/vhosts/upload.bingo-ev.de>
+        Require all granted
+
+        # share.php changes the Headers, SymLinksIfOwnerMatch allows that
+        Options +SymLinksIfOwnerMatch
+
+        # Allow cross site requests - Movim does an OPTION request where share.php cannot set the appropriate Headers
+        SetEnvIf Request_Method "^OPTIONS$" METHOD_OPTIONS
+        Header always set Access-Control-Allow-Origin "*" env=METHOD_OPTIONS
+        Header always set Access-Control-Allow-Headers "Content-Type" env=METHOD_OPTIONS
+        Header always set Access-Control-Allow-Methods "OPTIONS, PUT, GET" env=METHOD_OPTIONS
+
+        <Files *.php>
+            # Für Upload-Skript share_v2.php (aus mod_upload_external)
+            # Ein Upload darf max. eine Stunde dauern
+            php_value max_input_time 3600
+            php_value max_execution_time 3600
+        </Files>
+
+        # modify status code of preflight request
+        RewriteEngine On
+        RewriteCond %{REQUEST_METHOD} OPTIONS
+        RewriteRule ^(.*)$ $1 [R=200,L]
+    </Directory>
+</VirtualHost>

etc/apache2/vhosts.d/upload.bytewerk.org.conf

+# Für Prosody:
+# - LetsEncrypt-Zertifikat für upload.bytewerk.org
+# - mod_upload_external/mod_upload (XEP-0363)
+
+<VirtualHost *:80>
+    ServerName upload.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/upload.bytewerk.org
+    #DocumentRoot /var/www/jabber/upload
+
+    # Logging
+    ErrorLog /var/log/apache2/upload.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName upload.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/upload.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/upload.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/upload.bytewerk.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/upload.bytewerk.org/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    ####################################
+
+    # PHP
+    Include /etc/apache2/conf.d/mod_php7.conf
+
+    <Directory /srv/var/www/vhosts/upload.bytewerk.org>
+        Require all granted
+
+        # share.php changes the Headers, SymLinksIfOwnerMatch allows that
+        Options +SymLinksIfOwnerMatch
+
+        # Allow cross site requests - Movim does an OPTION request where share.php cannot set the appropriate Headers
+        SetEnvIf Request_Method "^OPTIONS$" METHOD_OPTIONS
+        Header always set Access-Control-Allow-Origin "*" env=METHOD_OPTIONS
+        Header always set Access-Control-Allow-Headers "Content-Type" env=METHOD_OPTIONS
+        Header always set Access-Control-Allow-Methods "OPTIONS, PUT, GET" env=METHOD_OPTIONS
+
+        <Files *.php>
+            # Für Upload-Skript share_v2.php (aus mod_upload_external)
+            # Ein Upload darf max. eine Stunde dauern
+            php_value max_input_time 3600
+            php_value max_execution_time 3600
+        </Files>
+
+        # modify status code of preflight request
+        RewriteEngine On
+        RewriteCond %{REQUEST_METHOD} OPTIONS
+        RewriteRule ^(.*)$ $1 [R=200,L]
+    </Directory>
+</VirtualHost>

etc/apache2/vhosts.d/xmpp.bytewerk.org.conf

+# Für Prosody:
+# - LetsEncrypt-Zertifikat xmpp.bytewerk.org
+# - Reverse Proxy für BOSH (unter https://xmpp.bytewerk.org/http-bind)
+# - Reverse Proxy für BOSH-Autoconfiguration (XEP-0156)
+# - Reverse Proxy für Websocket
+# - Reverse Proxy für Pastebin (TODO!)
+
+<VirtualHost *:80>
+    ServerName xmpp.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/xmpp.bytewerk.org
+
+    # Logging
+    ErrorLog /var/log/apache2/xmpp.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/xmpp.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    ###############################
+
+    # "Well-Known" URIs for service discovery (XEP-0156) autogenerated with Prosody's http_altconnect
+    # http_altconnect setzt selbst CORS-Header
+    RewriteEngine On
+    RewriteCond %{REQUEST_URI} "^/.well-known/host-meta(\.json)?$"
+    RewriteRule ^(.*)$ "http://localhost:5280/$1" [P]
+
+    ###############################
+
+    # Weiterleiten zu HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+
+
+<VirtualHost *:443>
+    ServerName xmpp.bytewerk.org
+
+    ServerAdmin webmaster@bytewerk.org
+
+    DocumentRoot /srv/var/www/vhosts/xmpp.bytewerk.org
+
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # Logging
+    ErrorLog /var/log/apache2/xmpp.bytewerk.org-error_log
+    CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/xmpp.bytewerk.org-access_log" combined env=!dontlog
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # LetsEncrypt
+    SSLCertificateFile /etc/letsencrypt/live/xmpp.bytewerk.org/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/xmpp.bytewerk.org/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    ###############################
+
+    # Static root page
+    <Location "/">
+	Require all granted
+	DirectoryIndex index.html
+    </Location>
+
+
+
+
+    #### Prosody ####
+    # Reverse Proxy für BOSH und Websocket
+    ProxyTimeout 900
+
+    # BOSH
+    <Location "/http-bind">
+	ProxyPreserveHost on
+	ProxyPass http://localhost:5280/http-bind
+	ProxyPassReverse http://localhost:5280/http-bind
+    </Location>
+
+    <Location "/xmpp-websocket">
+	ProxyPreserveHost On
+	ProxyPass "ws://127.0.0.1:5280/xmpp-websocket"
+    </Location>
+
+    # "Well-Known" URIs for service discovery (XEP-0156) autogenerated with Prosody's http_altconnect module
+    # Prosody-Modul "http_altconnect" setzt selbst CORS-Header
+    ProxyPass /.well-known http://localhost:5280/.well-known
+    ProxyPassReverse /.well-known http://localhost:5280/.well-known
+
+    # Pastebin
+    #ProxyPass /pastebin http://localhost:5280/pastebin
+    #ProxyPassReverse /pastebin http://localhost:5280/pastebin
+
+
+
+
+    #### MOVIM ####
+    # Requires Service "Movim"
+    # Movim configuration (taken from the Debian package)
+    ProxyPass /movim/ws/ ws://127.0.0.1:8080/
+
+    Alias /movim/ /usr/local/movim/public/
+    <Directory /usr/local/movim/public>