RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule /.* https://%{SERVER_NAME}$0

<VirtualHost _default_:443>
Include conf.d/ssl.include

SSLCertificateFile {{ apache_ssl_certificate }}
SSLCertificateKeyFile {{ apache_ssl_certificate_key }}
SSLCertificateChainFile {{ apache_ssl_certificate }}
{% if apache_ssl_ca_certificate is defined %}
SSLCACertificateFile {{ apache_ssl_ca_certificate }}
{% endif %}

Header always set \
	Strict-Transport-Security "max-age=63072000; includeSubDomains"

RewriteEngine On
{% if bitwarden_host is defined %}
RewriteCond %{SERVER_NAME} !{{ bitwarden_host }}
RewriteRule /.* https://{{ bitwarden_host }}$0
{% endif %}
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [QSA,P,L]

ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
</VirtualHost>