{"p":"","h":{"iv":"ROXSYW+cfvEbFHu5","at":"ocxplSQjdRC3tXEtB/9/wg=="}}
- 2y ·
-
Public·
-
thread.seam.rip
@dev@microblog.pub Okay, here's the apache configs. They're in two seperate files, because I use Let's Encrypt, so I start with the non-encrypted one and Certbot copies it to the encrypted version, though I think? you can have both in one file.
<VirtualHost *:80>
ServerName thread.seam.rip
ServerAdmin webmaster@localhost
ProxyPass "/" "http://localhost:8000/"
ProxyPassReverse "/" "http://localhost:8000/"
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{SERVER_NAME} =thread.seam.rip
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And the SSL one!
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName thread.seam.rip
ServerAdmin webmaster@localhost
ProxyPass "/" "http://localhost:8000/"
ProxyPassReverse "/" "http://localhost:8000/"
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
SSLCertificateFile /etc/letsencrypt/live/thread.seam.rip/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/thread.seam.rip/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
The ProxyPass, ProxyReverse, ProxyPreserveHeader, and RequestHeader lines are the important ones. The first three you will find in most Apache proxy write-ups but the RequestHeader is a bit of a gotcha, and missing it will cause weird errors with forms (as they try to post to HTTP and not HTTPS). The rewrite and SSL stuff is added by Certbot - you can start with just the HTTP version, minus the rewrite rules, run Certbot, and then get the updated version and SSL version (which needs the header option set)