From d457ebf213617a8890ceddc025d236d633e5b1a9 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Sun, 21 Jun 2020 10:50:59 -0500
Subject: [PATCH] Separate out our proxy from our frontend

---
 roles/gitea/templates/apache2-vhost-ssl.conf | 12 ++++++++++++
 roles/matrix/tasks/main.yml                  |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/roles/gitea/templates/apache2-vhost-ssl.conf b/roles/gitea/templates/apache2-vhost-ssl.conf
index c0f7337..36c655b 100644
--- a/roles/gitea/templates/apache2-vhost-ssl.conf
+++ b/roles/gitea/templates/apache2-vhost-ssl.conf
@@ -25,6 +25,18 @@ SSLProxyEngine on
 		AllowOverride All
 		Options MultiViews FollowSymlinks
 	</Directory>
+
+	RequestHeader set X_FORWARDED_PROTO 'https'
+	RequestHeader set X-Forwarded-Ssl on
+</VirtualHost>
+<VirtualHost *:8448>
+	SSLEngine on
+	SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
+	SSLCipherSuite {{ ssl_cipher_suite }}
+	ServerName {{ gitea_url }}
 	ProxyPreserveHost On
 	ProxyRequests Off
 	ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 4331439..3ca2342 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -19,6 +19,10 @@
           apt:
             name:
               - "matrix-synapse-py3"
+    - name: Set up MySQL
+      block:
+        - name: Create DB
+
     - name: Set up Apache
       block:
         - name: Enable modules