# Configuration for {{ matrix_url }} # vim:ft=apache: # Accept connections from non-SNI clients SSLStrictSNIVHostCheck off # Need this for SSL proxying, apparently SSLProxyEngine on # Website configuration ServerName {{ matrix_url }} Redirect permanent / https://{{ matrix_url }} SSLEngine on SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt SSLProtocol {{ ssl_protocol }} SSLCipherSuite {{ ssl_cipher_suite }} ServerName {{ matrix_url }} DocumentRoot {{ matrix_webroot }} Require all granted AllowOverride All Options MultiViews FollowSymlinks ProxyPreserveHost On ProxyRequests Off ProxyPass / http://127.0.0.1:8008/ nocanon retry=1 ProxyPassReverse / https://127.0.0.1:8008/ RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on