# Setting up Apache
The following configurations works for HTTPS (with an HTTP redirection).
> NOTE: Make sure you follow the [prerequisites](./README.md).
### Airsonic Advanced configuration
You will need to make sure Airsonic Advanced uses the correct headers for redirects, by setting the `server.forward-headers-strategy` property to `native` or `framework`.
`framework` is the recommended value, but you can set it to `native` if you want to use the Apache headers.
Note that in case you opt for using `native` it might be necessary to also set `X-Forwarded-Host` and/or `X-Forwarded-Port` as stated in [prerequisites](./README.md).
### Apache configuration
Create a new virtual host file:
```
sudo nano /etc/apache2/sites-available/airsonic.conf
```
Paste the following configuration in the virtual host file:
```
ServerName example.com
Redirect permanent / https://example.com/
ServerName example.com
SSLEngine On
SSLCertificateFile cert.pem
SSLCertificateKeyFile key.pem
SSLProxyEngine on
LogLevel warn
ProxyPass /airsonic/websocket ws://127.0.0.1:4040/airsonic/websocket
ProxyPassReverse /airsonic/websocket ws://127.0.0.1:4040/airsonic/websocket
ProxyPass /airsonic http://127.0.0.1:4040/airsonic
ProxyPassReverse /airsonic http://127.0.0.1:4040/airsonic
RequestHeader set X-Forwarded-Proto "https"
```
Alternatively, if you want to use an existing configuration, you can also paste the configuration below inside an existing `VirtualHost` block:
```
ProxyPass /airsonic/websocket ws://127.0.0.1:4040/airsonic/websocket
ProxyPassReverse /airsonic/websocket ws://127.0.0.1:4040/airsonic/websocket
ProxyPass /airsonic http://127.0.0.1:8080/airsonic
ProxyPassReverse /airsonic http://127.0.0.1:8080/airsonic
RequestHeader set X-Forwarded-Proto "https"
```
You will need to make a couple of changes in the configuration file:
- Replace `example.com` with your own domain name.
- Be sure to set the right path to your `cert.pem` and `key.pem` files.
- Change `/airsonic` following your Airsonic context path.
- Change `http://127.0.0.1:4040/airsonic` following you Airsonic Advanced server location, port and path.
Activate the host:
```
sudo a2ensite airsonic.conf
```
Activate the following Apache modules:
```
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_wstunnel
sudo a2enmod ssl
sudo a2enmod headers
```
Restart the `apache2` service:
```
sudo systemctl restart apache2.service
```
## Content Security Policy
You may face some `Content-Security-Policy` issues. To fix this, add the following line to your Apache configuration:
```
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com; img-src 'self' *.akamaized.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self'; object-src 'none'"
```