ServerName {{ matrix_server_name }} Include conf.d/ssl.include # This certificate must contain the hostname of THIS MACHINE in its # subject/subjectAltName, so it can be validated by the reverse # proxy. The reverse proxy presents the "real" certificate to # clients on the Internet. SSLCertificateKeyFile {{ apache_ssl_certificate_key }} SSLCertificateFile {{ apache_ssl_certificate }} AllowEncodedSlashes NoDecode ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix Listen 8448 ServerName {{ matrix_server_name }} Include conf.d/ssl.include {% if matrix_tls_key is defined %} # This certificate is the "real" certificate, as clients on the # Internet connect to this virtual host directly, not through the # reverse proxy. SSLCertificateKeyFile /etc/pki/tls/private/{{ matrix_tls_key|basename }} {% else %} SSLCertificateKeyFile {{ apache_ssl_certificate_key }} {% endif %} {% if matrix_tls_cert is defined %} SSLCertificateFile /etc/pki/tls/certs/{{ matrix_tls_cert|basename }} {% else %} SSLCertificateFile {{ apache_ssl_certificate }} {% endif %} AllowEncodedSlashes NoDecode ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix