ansible/roles/gitea/templates/apache2-vhost-ssl.conf

# Configuration for {{ gitea_url }}
# vim:ft=apache:

# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off

# Website configuration
<VirtualHost *:80>
	ServerName {{ gitea_url }}
	Redirect permanent / https://{{ gitea_url }}
</VirtualHost>
<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
	ServerName {{ gitea_url }}
	DocumentRoot {{ gitea_webroot }}
	<Directory "{{ gitea_webroot }}">
		Require all granted
		AllowOverride All
		Options MultiViews FollowSymlinks
	</Directory>
	ProxyRequests off
	ProxyPass / https://127.0.0.1:3000/ nocanon
	ProxyPassReverse / https://127.0.0.1:3000/

	RequestHeader set X_FORWARDED_PROTO 'https'
	RequestHeader set X-Forwarded-Ssl on
</VirtualHost>
Add Gitea role 2020-04-30 05:06:49 -05:00			`# Configuration for {{ gitea_url }}`
			`# vim:ft=apache:`

			`# Accept connections from non-SNI clients`
			`SSLStrictSNIVHostCheck off`

			`# Website configuration`
			`<VirtualHost *:80>`
			`ServerName {{ gitea_url }}`
			`Redirect permanent / https://{{ gitea_url }}`
			`</VirtualHost>`
			`<VirtualHost *:443>`
			`SSLEngine on`
			`SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt`
			`SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key`
			`SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt`
			`ServerName {{ gitea_url }}`
			`DocumentRoot {{ gitea_webroot }}`
			`<Directory "{{ gitea_webroot }}">`
			`Require all granted`
			`AllowOverride All`
			`Options MultiViews FollowSymlinks`
			`</Directory>`
			`ProxyRequests off`
			`ProxyPass / https://127.0.0.1:3000/ nocanon`
			`ProxyPassReverse / https://127.0.0.1:3000/`

			`RequestHeader set X_FORWARDED_PROTO 'https'`
			`RequestHeader set X-Forwarded-Ssl on`
			`</VirtualHost>`