# Configuration for {{ matrix_url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Need this for SSL proxying, apparently
SSLProxyEngine on
# Website configuration
ServerName {{ matrix_url }}
Redirect permanent / https://{{ matrix_url }}
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ matrix_url }}
DocumentRoot {{ matrix_webroot }}
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:8008/ nocanon retry=1
ProxyPassReverse / https://127.0.0.1:8008/
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on