# Configuration for {{ gitea_url }} # vim:ft=apache: # Accept connections from non-SNI clients SSLStrictSNIVHostCheck off # Need this for SSL proxying, apparently SSLProxyEngine on # Website configuration ServerName {{ gitea_url }} Redirect permanent / https://{{ gitea_url }} SSLEngine on SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt SSLProtocol {{ ssl_protocol }} SSLCipherSuite {{ ssl_cipher_suite }} ServerName {{ gitea_url }} DocumentRoot {{ gitea_webroot }} Require all granted AllowOverride All Options MultiViews FollowSymlinks RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on SSLEngine on SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt SSLProtocol {{ ssl_protocol }} SSLCipherSuite {{ ssl_cipher_suite }} ServerName {{ gitea_url }} ProxyPreserveHost On ProxyRequests Off ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 ProxyPassReverse / https://127.0.0.1:3000/ RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on