<VirtualHost *:80>
    ServerName signal.example.tld
    Redirect permanent / https://signal.example.tld/
</VirtualHost>

<VirtualHost *:443>
    ServerName signal.example.tld

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.tld/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.tld/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    # Optional, wenn vorhanden:

    # Protocols h2 http/1.1


    # Logs
    ErrorLog ${APACHE_LOG_DIR}/signal_error.log

    CustomLog ${APACHE_LOG_DIR}/signal_access.log combined

    # Security Header
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    </IfModule>

    # Proxy-Setup
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyAddHeaders On


    # Leite alles an den Backend-Dienst weiter und erlaube WebSocket-Upgrades
    ProxyPass        / http://127.0.0.1:8181/ upgrade=websocket keepalive=On
    ProxyPassReverse / http://127.0.0.1:8181/


    # Weitergereichte Header
    RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
    RequestHeader set X-Real-IP        expr=%{REMOTE_ADDR}
</VirtualHost>