43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
<VirtualHost *:80>
|
|
ServerName signal.example.tld
|
|
Redirect permanent / https://signal.example.tld/
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName signal.example.tld
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/example.tld/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/example.tld/privkey.pem
|
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
# Optional, wenn vorhanden:
|
|
|
|
# Protocols h2 http/1.1
|
|
|
|
|
|
# Logs
|
|
ErrorLog ${APACHE_LOG_DIR}/signal_error.log
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/signal_access.log combined
|
|
|
|
# Security Header
|
|
<IfModule mod_headers.c>
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
</IfModule>
|
|
|
|
# Proxy-Setup
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
ProxyAddHeaders On
|
|
|
|
|
|
# Leite alles an den Backend-Dienst weiter und erlaube WebSocket-Upgrades
|
|
ProxyPass / http://127.0.0.1:8181/ upgrade=websocket keepalive=On
|
|
ProxyPassReverse / http://127.0.0.1:8181/
|
|
|
|
|
|
# Weitergereichte Header
|
|
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
|
|
RequestHeader set X-Real-IP expr=%{REMOTE_ADDR}
|
|
</VirtualHost>
|