# Configuration for {{ gitea.url }}
# vim:ft=apache:

# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Need this for SSL proxying, apparently
SSLProxyEngine on

# Website configuration
<VirtualHost *:80>
	ServerName {{ gitea.url }}
	Redirect permanent / https://{{ gitea.url }}
</VirtualHost>
<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile /etc/pki/cert/crt/{{ gitea.url }}.crt
	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea.url }}.key
	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea.url }}-fullchain.crt
	SSLProtocol {{ ssl_protocol }}
	SSLCipherSuite {{ ssl_cipher_suite }}
	ServerName {{ gitea.url }}
	DocumentRoot {{ gitea_webroot }}
	<Directory "{{ gitea_webroot }}">
		Require all granted
		AllowOverride All
		Options MultiViews FollowSymlinks
	</Directory>
	ProxyPreserveHost On
	ProxyRequests Off
	ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
	ProxyPassReverse / https://127.0.0.1:3000/

	RequestHeader set X_FORWARDED_PROTO 'https'
	RequestHeader set X-Forwarded-Ssl on
	# Used for embedding in Nextcloud
	Header unset X-Frame-Options
</VirtualHost>