configpolicy/roles/gitea/templates/gitea.httpd.conf.j2

{#- vim: set ft=apache.jinja : -#}
# vim: set sw=4 ts=4 sts=4 et :
{% macro proxypass() -%}
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:3000/ nocanon
ProxyPassReverse / http://localhost:3000/
AllowEncodedSlashes NoDecode
{%- endmacro -%}

<VirtualHost _default_:80>
    ServerName {{ gitea_http_domain }}

    RewriteEngine on
    RewriteCond %{HTTPS} !on
    RewriteCond %{REQUEST_FILENAME} !\.ks$
    RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]

    {{ proxypass() | indent(4) }}
</VirtualHost>

<VirtualHost _default_:443>
    ServerName {{ gitea_http_domain }}

    SSLCertificateFile {{ gitea_ssl_certificate }}
    SSLCertificateKeyFile {{ gitea_ssl_certificate_key }}
    SSLCertificateChainFile {{ gitea_ssl_certificate }}

    Header always set \
        Strict-Transport-Security "max-age=63072000; includeSubDomains"

    {{ proxypass() | indent(4) }}
</VirtualHost>