From 9744b0940ca8f397a2fe1b7d4b45dac0c362db56 Mon Sep 17 00:00:00 2001
From: Semyon <118789525+EmoticonOrden@users.noreply.github.com>
Date: Wed, 25 Mar 2026 16:35:05 +0700
Subject: [PATCH 1/5] Added apache.mdx

One more option for HTTPS, not only Caddy.
---
 content/docs/https/apache.mdx | 128 ++++++++++++++++++++++++++++++++++
 1 file changed, 128 insertions(+)
 create mode 100644 content/docs/https/apache.mdx

diff --git a/content/docs/https/apache.mdx b/content/docs/https/apache.mdx
new file mode 100644
index 0000000..7a49e05
--- /dev/null
+++ b/content/docs/https/apache.mdx
@@ -0,0 +1,128 @@
+---
+title: Apache
+description: Use Apache as a reverse proxy for Sharkord.
+icon: Network
+---
+
+This page will guide you through setting up a simple Apache server as a reverse proxy for Sharkord and enabling HTTPS through certbot with automatic certificate renewal.
+
+### Assumptions
+
+1. You have Sharkord running on your server with default ports.
+2. You are running Ubuntu Server.
+3. You have a domain name pointing to your server's IP address (e.g., `sharkord.yourdomain.com`).
+
+If any of these assumptions are not true, you may need to adjust the instructions accordingly.
+
+### Step 1: Update and Install Dependencies
+
+```bash
+sudo apt update && sudo apt upgrade -y
+sudo apt install -y wget ufw curl nano 
+```
+
+### Step 2: Install Apache and Certbot with Apache module
+
+```bash
+sudo apt install apache2 certbot python3-certbot-apache
+
+# check installation
+apache2 -v
+certbot --version
+```
+
+### Step 3: Configure Apache
+
+Before configuring the proxy itself, we need to enable the following modules:
+
+```bash
+sudo a2enmod proxy proxy_http proxy_wstunnel
+```
+
+Then, we can create a new Virtual Host file for Sharkord (replace 001-sharkord for your name, if you need):
+
+```bash
+sudo nano /etc/apache2/sites-available/001-sharkord.conf 
+```
+
+And paste the following configuration, replacing `sharkord.yourdomain.com` with the domain you want to use:
+
+```
+<VirtualHost *:80>
+    ServerName sharkord.yourdomain.com
+    Redirect permanent / https://sharkord.yourdomain.com
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName sharkord.yourdomain.com
+
+    ProxyPreserveHost On
+    ProxyPass / http://localhost:4991/
+    ProxyPassReverse / http://localhost:4991/
+
+    ProxyPass /ws ws://localhost:4991/ws
+    ProxyPassReverse /ws ws://localhost:4991/ws
+
+    ProxyTimeout 86400
+
+    RewriteEngine On
+    RewriteCond %{HTTP:Upgrade} =websocket [NC]
+    RewriteRule /(.*) ws://localhost:4991/$1 [P,L]
+
+    SetEnv proxy-nokeepalive 1
+    SetEnv proxy-initial-not-pooled 1
+
+    ErrorLog ${APACHE_LOG_DIR}/sharkord_error.log
+    CustomLog ${APACHE_LOG_DIR}/sharkord_access.log combined
+</VirtualHost>
+```
+
+And the final touch, enable your Sharkord as a site:
+
+```bash
+sudo a2ensite 001-sharkord.conf
+```
+
+### Step 4: Turn on HTTPS
+
+```bash
+sudo certbot --apache -d sharkord.yourdomain.com
+```
+
+This command will acquire a certificate from Let's Encrypt and add a some rules in your Virtual Host file for enabling HTTPS correctly.
+
+### Step 5: Restart Apache
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl restart apache2
+```
+
+### Step 6: Configure Firewall
+
+First check if you have UFW enabled:
+
+```bash
+sudo ufw status
+```
+
+If it's active, allow the necessary ports:
+
+```bash
+sudo ufw allow 22/tcp
+
+sudo ufw allow 80/tcp
+sudo ufw allow 443/tcp
+
+sudo ufw allow 40000/tcp
+sudo ufw allow 40000/udp
+
+sudo ufw enable
+sudo ufw reload
+```
+
+If it's not active, you can skip this step. But it's **recommended** to have a firewall enabled for security.
+
+### Step 7: Access Sharkord
+
+You should now be able to access Sharkord securely at `https://sharkord.yourdomain.com`.

From 6b941e1a56c679b06ff2decbef88347e0de48c5c Mon Sep 17 00:00:00 2001
From: Semyon <118789525+EmoticonOrden@users.noreply.github.com>
Date: Wed, 25 Mar 2026 16:36:09 +0700
Subject: [PATCH 2/5] Update meta.json

Added a Apache page.
---
 content/docs/https/meta.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/https/meta.json b/content/docs/https/meta.json
index 8d1ea29..3d16532 100644
--- a/content/docs/https/meta.json
+++ b/content/docs/https/meta.json
@@ -2,5 +2,5 @@
   "title": "HTTPS Setup",
   "icon": "Lock",
   "defaultOpen": true,
-  "pages": ["why", "caddy"]
+  "pages": ["why", "caddy", "apache"]
 }

From 1406f97e7b0e5984719e3387b1bb84b5e6898adb Mon Sep 17 00:00:00 2001
From: Semyon <118789525+EmoticonOrden@users.noreply.github.com>
Date: Wed, 25 Mar 2026 16:41:49 +0700
Subject: [PATCH 3/5] Update why.mdx

---
 content/docs/https/why.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/https/why.mdx b/content/docs/https/why.mdx
index f3214ba..a90c5e9 100644
--- a/content/docs/https/why.mdx
+++ b/content/docs/https/why.mdx
@@ -10,7 +10,7 @@ See [MediaDevices](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices
 
 ### How to Set Up HTTPS?
 
-To set up HTTPS for your Sharkord instance, you can use a reverse proxy like Caddy or Nginx to handle SSL termination. This involves obtaining an SSL certificate (you can get a free one from Let's Encrypt) and configuring your reverse proxy to serve your Sharkord instance over HTTPS.
+To set up HTTPS for your Sharkord instance, you can use a reverse proxy like Caddy, Nginx and Apache to handle SSL termination. This involves obtaining an SSL certificate (you can get a free one from Let's Encrypt) and configuring your reverse proxy to serve your Sharkord instance over HTTPS.
 
 ## TL;DR
 

From 6d320e39b30273b8755ba8b60ab69a10dd613e3a Mon Sep 17 00:00:00 2001
From: Semyon <118789525+EmoticonOrden@users.noreply.github.com>
Date: Wed, 25 Mar 2026 16:42:18 +0700
Subject: [PATCH 4/5] Update apache.mdx

---
 content/docs/https/apache.mdx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/docs/https/apache.mdx b/content/docs/https/apache.mdx
index 7a49e05..c39642c 100644
--- a/content/docs/https/apache.mdx
+++ b/content/docs/https/apache.mdx
@@ -69,6 +69,8 @@ And paste the following configuration, replacing `sharkord.yourdomain.com` with
     RewriteCond %{HTTP:Upgrade} =websocket [NC]
     RewriteRule /(.*) ws://localhost:4991/$1 [P,L]
 
+    RequestHeader set X-Forwarded-Proto "https"
+
     SetEnv proxy-nokeepalive 1
     SetEnv proxy-initial-not-pooled 1
 

From fdba8c0258dd3bf46d8d5b9e2b6bb536d295d26a Mon Sep 17 00:00:00 2001
From: Semyon <118789525+EmoticonOrden@users.noreply.github.com>
Date: Mon, 27 Apr 2026 11:09:58 +0700
Subject: [PATCH 5/5] Fixing and upgrading example configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Added some comments and sorted some directives for readability.
- Added HTTP2 and TCP KeepAlive for more faster and stable frontend working.
- Added some header and some SSL settings for greater security.
- Fixed string (№38) about Apache modules.
---
 content/docs/https/apache.mdx | 39 +++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/content/docs/https/apache.mdx b/content/docs/https/apache.mdx
index c39642c..29a7420 100644
--- a/content/docs/https/apache.mdx
+++ b/content/docs/https/apache.mdx
@@ -36,7 +36,7 @@ certbot --version
 Before configuring the proxy itself, we need to enable the following modules:
 
 ```bash
-sudo a2enmod proxy proxy_http proxy_wstunnel
+sudo a2enmod rewrite proxy proxy_http proxy_wstunnel
 ```
 
 Then, we can create a new Virtual Host file for Sharkord (replace 001-sharkord for your name, if you need):
@@ -54,28 +54,45 @@ And paste the following configuration, replacing `sharkord.yourdomain.com` with
 </VirtualHost>
 
 <VirtualHost *:443>
+    # Site name and http2 (for speed and stability)
     ServerName sharkord.yourdomain.com
+    ServerSignature off
+    Protocols h2 http/1.1
 
-    ProxyPreserveHost On
-    ProxyPass / http://localhost:4991/
-    ProxyPassReverse / http://localhost:4991/
-
-    ProxyPass /ws ws://localhost:4991/ws
-    ProxyPassReverse /ws ws://localhost:4991/ws
-
-    ProxyTimeout 86400
+    # TCP KeepAlive for frontend stability
+    KeepAlive On
+	KeepAliveTimeout 5
+	MaxKeepAliveRequests 150
 
+    # Websocket for Voice/Video functionality
     RewriteEngine On
     RewriteCond %{HTTP:Upgrade} =websocket [NC]
     RewriteRule /(.*) ws://localhost:4991/$1 [P,L]
 
+    # Headers
     RequestHeader set X-Forwarded-Proto "https"
+    Header always unset "X-Powered-By"
+	Header always unset "Server"
 
+    # Logging
+    ErrorLog ${APACHE_LOG_DIR}/sharkord_error.log
+    CustomLog ${APACHE_LOG_DIR}/sharkord_access.log combined
+
+    # Proxy from localhost
+    ProxyPreserveHost On
+    ProxyPass / http://localhost:4991/
+    ProxyPassReverse / http://localhost:4991/
+    ProxyPass /ws ws://localhost:4991/ws
+    ProxyPassReverse /ws ws://localhost:4991/ws
+    ProxyTimeout 86400
     SetEnv proxy-nokeepalive 1
     SetEnv proxy-initial-not-pooled 1
 
-    ErrorLog ${APACHE_LOG_DIR}/sharkord_error.log
-    CustomLog ${APACHE_LOG_DIR}/sharkord_access.log combined
+    # SSL
+    SSLEngine on
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+    SSLCompression off
+    SSLSessionTickets off
 </VirtualHost>
 ```