# Configuration for {{ gitea_url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Need this for SSL proxying, apparently
SSLProxyEngine on
# Website configuration
ServerName {{ gitea_url }}
Redirect permanent / https://{{ gitea_url }}
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitea_url }}
DocumentRoot {{ gitea_webroot }}
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitea_url }}
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
ProxyPassReverse / https://127.0.0.1:3000/
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on