# Configuration for {{ gitea.url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Need this for SSL proxying, apparently
SSLProxyEngine on
# Website configuration
ServerName {{ gitea.url }}
Redirect permanent / https://{{ gitea.url }}
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitea.url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea.url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea.url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitea.url }}
DocumentRoot {{ gitea_webroot }}
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
ProxyPassReverse / https://127.0.0.1:3000/
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
# Used for embedding in Nextcloud
Header unset X-Frame-Options