# Configuration for {{ gitlab_url }}
# vim:ft=apache:

# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off

# Website configuration
<VirtualHost *:80>
	ServerName {{ gitlab_url }}
	Redirect permanent / https://{{ gitlab_url }}
</VirtualHost>
<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
	SSLProtocol {{ ssl_protocol }}
	SSLCipherSuite {{ ssl_cipher_suite }}
	ServerName {{ gitlab_url }}
	DocumentRoot {{ gitlab_webroot }}
	<Directory "{{ gitlab_webroot }}">
		Require all granted
		AllowOverride All
		Options MultiViews FollowSymlinks
	</Directory>
	<Location />
		Require all granted
		ProxyPassReverse http://127.0.0.1:8086
		ProxyPassReverse http://git.9iron.club/
	</Location>

	# Forward all requets to GL except error docs and ACME challenges
	RewriteEngine on
	RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
	RewriteCond %{REQUEST_URI} ^/uploads/.*
	RewriteCond %{REQUEST_URI} !\.well-known-acme-challenge
	RewriteRule .* http://127.0.0.1:8086%{REQUEST_URI} [P,QSA,NE]

	RequestHeader set X_FORWARDED_PROTO 'https'
	RequestHeader set X-Forwarded-Ssl on
</VirtualHost>