this is what I currently have for apache and works, but how can I add that http is redirected to https for plex?
<VirtualHost *:80>
ServerName plex.mydomain.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:32400/
ProxyPassReverse / http://localhost:32400/
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/web
RewriteCond %{HTTP:X-Plex-Device} ^$
RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>
this is how it works for other subdomains, but this doesn't work for plex:
<VirtualHost *:80>
ServerName somesub.mydomain.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^somesub.mydomain.com
RewriteRule (.*) https://%{SERVER_NAME} [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName somesub.mydomain.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:5555/
ProxyPassReverse / http://localhost:5555/
</VirtualHost>
This is what i'm using now and works (Ubuntu 17.04, Apache2.4)
<VirtualHost *:80>
ServerName my.sub.domain.com
Redirect permanent / https://my.sub.domain.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName my.sub.domain.com
ServerAlias ""
Options -Includes -ExecCGI
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
LimitRequestBody 512000
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/my.sub.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.sub.domain.com/privkey.pem
SSLProtocol +TLSv1.2
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
FileETag None
TraceEnable off
#Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
Header set X-XSS-Protection "1; mode=block"
Timeout 60
<Location /:/websockets/notifications>
ProxyPass wss://localhost:32400/:/websockets/notifications
ProxyPassReverse wss://localhost:32400/:/websockets/notifications
</Location>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ProxyPass / http://localhost:32400/
ProxyPassReverse / http://localhost:32400/
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/web
RewriteCond %{HTTP:X-Plex-Device} ^$
RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>
</IfModule>
You'll need to change localhost (probably not) and my.sub.domain.com to your own values and generate the ssl certificates before restarting the apache service (I used LetsEncrypt)
This vhost configuration is something I've adapted from numerous posts (some from here, some from the plex forum). It may not be complete or optimized, but it does work
For more details/alternatives, visit https://forums.plex.tv/
Alex's answer is good, but all you need in order to redirect traffic from 80 to 443 are these lines of code added into your plex.conf file:
<VirtualHost *:80>
ServerName plex.mydomain.com
DocumentRoot /var/www/html
ServerAdmin admin#plex.mydomain.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =plex.mydomain.com
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
For reference, here is my plex apache2 conf file:
EDIT: Update as of 4/17/2019.
You will need to be using Apache2 >= 2.4.11 to use this and several mods (proxy, ssl, proxy_wstunnel, http, dir, env, headers, proxy_balancer, proxy_http, rewrite I think is all of them):
<IfModule mod_ssl.c>
DEFINE plex_url 192.168.1.22
DEFINE plex_port 32400
DEFINE serv_name plex.domain.com
ServerTokens Prod
SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
ModPagespeed Off
<VirtualHost *:80>
ServerName ${serv_name}
DocumentRoot /var/www/html
ServerAdmin aw#hell.no
RewriteEngine On
RewriteCond %{SERVER_NAME} =${serv_name}
RewriteCond %{HTTPS} Off
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName ${serv_name}
DocumentRoot /var/www/html
ServerAdmin aw#hell.no
ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
### Let's Encrypt Section ###
SSLCertificateFile /etc/letsencrypt/live/${serv_name}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/${serv_name}/privkey.pem
#Include /etc/letsencrypt/options-ssl-apache.conf
Options -Includes -ExecCGI
### Deny http1.0 requests ###
RewriteEngine On
RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
#RewriteCond %{REQUEST_URI} !^/404/$
RewriteRule ^ - [F]
### Harden Security ###
ProxyRequests Off
ProxyPreserveHost On
ProxyTimeout 600
ProxyReceiveBufferSize 4096
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ServerSignature Off
SSLCompression Off
SSLUseStapling On
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors Off
SSLSessionTickets Off
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
Header always set Strict-Transport-Security "max-age=15552000; preload"
Header always set X-Content-Type-Options nosniff
Header always set X-Robots-Tag none
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "same-origin"
Header always set Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none';"
Header always set Content-Security-Policy "default-src 'self' https:; font-src 'self' data: ${plex_url} ${serv_name}; media-src 'self' blob: ${plex_url} ${serv_name}; script-src 'self' 'unsafe-inline' ${plex_url} ${serv_name} plex.tv www.gstatic.com; style-src 'self' ${plex_url} ${serv_name}; img-src 'self' data: blob: ${plex_url} ${serv_name} plex.tv *.plex.tv; worker-src *; frame-src 'none'; connect-src 'self' wss: https: ${plex_url} ${serv_name} plex.tv *.plex.direct *.plex.tv;"
SSLCipherSuite ECDHE+RSA+AES256+GCM+SHA512:DHE+RSA+AES256+GCM+SHA512:ECDHE+RSA+AES256+GCM+SHA384:DHE+RSA+AES256+GCM+SHA384:ECDHE+RSA+AES256+SHA384:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
### Plex Specific Section ###
ProxyPass / http://${plex_url}:${plex_port}/
ProxyPassReverse / http://${plex_url}:${plex_port}/
ProxyPass /:/ ws://${plex_url}:${plex_port}/:/
ProxyPassReverse /:/ ws://${plex_url}:${plex_port}/:/
ProxyPass /:/ wss://${plex_url}:${plex_port}/:/
ProxyPassReverse /:/ wss://${plex_url}:${plex_port}/:/
LimitRequestBody 512000
FileETag None
TraceEnable off
#Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
Timeout 60
<Location /:/websockets/notifications>
ProxyPass wss://${plex_url}:${plex_port}/:/websockets/notifications
ProxyPassReverse wss://${plex_url}:${plex_port}/:/websockets/notifications
</Location>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/web
RewriteCond %{HTTP:X-Plex-Device} ^$
RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>
</IfModule>
Related
HTTPD is configure as following:
#redirectder edit Location "(^http[s]?://)([^/]+)" "" port 80 to secure
<VirtualHost *:80>
ServerName mitestui02.sn.test.net
#ServerAlias server server2.domain.com server2
ServerAdmin support.p240#test.com
ErrorLog /var/log/test/iiq/appserver/apache-error.log
CustomLog /var/log/test/iiq/appserver/apache-access.log common
Redirect /identityiq/ https://mitestui02.sn.test.net/identityiq/
Redirect / https://mitestui02.sn.test.net/identityiq/
</VirtualHost>
#redirect to port 8080 on localhost
<VirtualHost *:443>
ServerName mitestui02.sn.test.net
# ServerAlias mitestui02 mitestui02.sn.test.net
ServerAdmin support.p240#test.com
SSLProxyEngine On
SSLEngine On
#allow only tls
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384...
SSLCertificateFile /etc/opt/test/iiq/appserver/secure/ssl/web-iiq.crt
SSLCertificateKeyFile /etc/opt/test/iiq/appserver/secure/ssl/apache-iiq.key
Redirect /identityiq/ https://mitestui02.sn.test.net/
Redirect / https://mitestui02.sn.test.net/identityiq/
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /identityiq/ http://localhost:8080/identityiq/
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^OPTIONS
RewriteRule .* - [F]
<If "%{THE_REQUEST} =~ m#.jsf/?[?\s]#">
Header add X-UI-Source "mitestui02"
Header add X-UA-Compatible "IE=edge"
Header add Referrer-Policy "strict-origin-when-cross-origin"
Header add Feature-Policy "microphone 'none'; geolocation 'none'; usb 'none'; payment 'none'; document-domain 'none'; camera 'none'; display-capture 'none'; ambient-light-sensor 'none'"
Header add Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
Header add Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header add Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"
Header add X-Content-Type-Options "nosniff"
Header always edit Set-Cookie (.*) "$1; Secure; SameSite=Strict"
Header onsuccess edit Set-Cookie (.*) "$1; Secure; SameSite=Strict"
</If>
</VirtualHost>
When I connect to the front-end URL, https://mitest.sn.test.net/ I get redirected with a response code 302 and Location header pointing to https://mitestui02.sn.test.net/identityiq/ instead of https://mitest.sn.test.net/identityiq/ .
This doesn't happen when connecting to https://mitest.sn.test.net/identity/ directly.
I have tried with different ProxyPass and ProxyPassReverse directives and also rewriting the Location header, nothing seems to help.
Thanks
So the issue seemed to be related to the Redirect directives.
We removed them and added the following for 443:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301,NE]
# Redirect / to /identiyiq
RedirectMatch ^/$ /identityiq
We removed them and added the following for 80:
Redirect permanent / https://mitestui02.sn.test.net/
Now it is working as expected.
This is my apache configuration. As far as I can tell, redirecting from 80 to 443 should be working, but it's not. I also tried the Redirect directive without quotes and deleting the ProxyPass & ProxyPassReverse from the 80 virtual host without avail.
What am I doing wrong?
<VirtualHost *:80>
ServerName myserver.com
ServerAlias www.myserver.com
ProxyPass / http://myserver.com:8080/
ProxyPassReverse / http://myserver.com:8080/
Redirect "/" "https://myserver.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName myserver.com
ServerAlias www.myserver.com
ProxyRequests Off
RewriteEngine on
# Rewrites websocket configuration
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^keep-alive,\ Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P]
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile /path/fullchain.pem
SSLCertificateKeyFile /path/privkey.pem
ProxyPass / http://myserver.com:8080/
ProxyPassReverse / http://myserver.com:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Can you try this code?
<VirtualHost *:80>
ServerName myserver.com
ServerAlias www.myserver.com
Redirect Permanent / https://myserver.com/
</VirtualHost>
<VirtualHost *:443>
ServerName myserver.com
ServerAlias www.myserver.com
RewriteEngine on
SSLEngine on
ProxyRequests Off
ProxyPass / http://myserver.com:8080/
ProxyPassReverse / http://myserver.com:8080/
RewriteCond %{SERVER_NAME} =myserver.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /path/fullchain.pem
SSLCertificateKeyFile /path/privkey.pem
</VirtualHost>
After trying many different combinations to redirect my shopware6 installation on a server with apache2, I am not able to make the www to non-www redirection work.
Here's my conf file :
<VirtualHost *:80>
ServerName vanparysbakery.emakers.be
ServerAlias www.vanparysbakery.emakers.be
RewriteCond %{HTTPS} off
RewriteEngine On
ServerSignature Off
</VirtualHost>
<VirtualHost *:443>
Protocols h2 h2c http/1.1
LoadModule ssl_module /usr/lib64/apache2-prefork/mod_ssl.so
DocumentRoot /var/www/bakery/public
ServerName vanparysbakery.emakers.be
ServerAlias www.vanparysbakery.emakers.be
<Directory /var/www/bakery/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!ADH:!DH:!RC4
SSLHonorCipherOrder on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/vanparysbakery.emakers.be/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vanparysbakery.emakers.be/privkey.pem
</VirtualHost>
Here are the different ways I tried to make the redirection (added this below "RewriteEngine on" in the conf file) :
RewriteCond %{HTTP_HOST} ^www.vanparysbakery.emakers.be [NC]
RewriteRule ^(.*)$ http://vanparysbakery.emakers.be/$1 [L,R=301]
&&&&
RewriteCond %{SERVER_NAME} =www.vanparysbakery.emakers.be [OR]
RewriteCond %{SERVER_NAME} =vanparysbakery.emakers.be
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Also tried this in the .htaccess file of my shopware folder :
RewriteEngine On
RewriteRule ^(.*) http://vanparysbakery.emakers.be/$1 [QSA,L,R=301]
&&&&
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
What am I doing wrong? I learned many things about this and all the solutions I found did not give the expected result. I suspect an apache configuration to "block" this redirection.
Any kind of help would be great :)
UPDATE (new content of my conf file as suggested by #MikeMoy) :
<VirtualHost *:80>
ServerName vanparysbakery.emakers.be
ServerAlias www.vanparysbakery.emakers.be
RewriteEngine on
#Redirect 301 / http://vanparysbakery.emakers.be/
RewriteCond %{HTTP_HOST} www.vanparysbakery.emakers.be [NC]
RewriteRule ^/?(.) vanparysbakery.emakers.be/$1 [L,R,NE]
ServerSignature Off
</VirtualHost>
<VirtualHost *:443>
Protocols h2 h2c http/1.1
LoadModule ssl_module /usr/lib64/apache2-prefork/mod_ssl.so
DocumentRoot /var/www/bakery/public
ServerName vanparysbakery.emakers.be
ServerAlias www.vanparysbakery.emakers.be
<Directory /var/www/bakery/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} www.vanparysbakery.emakers.be [NC]
RewriteRule ^/?(.) https://vanparysbakery.emakers.be/$1 [L,R,NE]
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!ADH:!DH:!RC4
SSLHonorCipherOrder on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/vanparysbakery.emakers.be/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vanparysbakery.emakers.be/privkey.pem
</VirtualHost>
UPDATE 2 :
I tried the same fix for another website on which we have the same behaviour 'covarmed.emakers.be'. After what I am executing this command : curl -I www.covarmed.emakers.be (I also tried this with "covarmed.emakers.be" & "http://www.covarmed.emakers.be"). The response was everytime the same :
HTTP/1.1 302 Found
Date: Fri, 27 Aug 2021 09:42:09 GMT
Server: Apache/2.4.38 (Debian)
Location: https://covarmed.emakers.be//
Content-Type: text/html; charset=iso-8859-1
But in browsers, the result is still the same, the redirection is NOT working.
something like this, then restart your server for new config to be loaded
<VirtualHost *:80>
RewriteRule ^(.*)$ https://vanparysbakery.emakers.be/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
RewriteCond %{HTTP_HOST} www.vanparysbakery.emakers.be [NC]
RewriteRule ^/?(.*) https://vanparysbakery.emakers.be/$1 [L,R,NE]
</VirtualHost>
I have installed SSL Certificates on my website and on the example.com everything works fine, meaning that typing example.com redirects correctly to https://example.com. However, I have installed a certificate for a subdomain as well such that the link becomes: subdomain.example.com.
My goal is to have subdomain.example.com redirect to https://subdomain.example.com . This might sound weird but this semi-works meaning that when I first surf to subdomain.example.com it uses the http protocol but when I refresh that same page it switches to https protocol.
This is my VirtualHost conf file (port 80):
<VirtualHost *:80>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://example.com/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#RewriteCond %{SERVER_PORT} !443
#RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/ [R=301,L]
</VirtualHost>
I have removed to non related lines from this sample above. Here is the 443 conf file:
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://domain/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subexample.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
Header always set Content-Security-Policy upgrade-insecure-requests
</VirtualHost>
</IfModule>
Worth noting is that I am using certbot.
Hopefully someone can help me.
You say "My goal is to have subdomain.example.com redirect to https://subdomain.example.com".
Then why have all that proxy configuration in your :80 VirtualHost? Simply force the redirection to :443, and let :443 handle the proxy (and other).
So your VirtualHost would become:
<VirtualHost *:80>
ServerName subdomain.example.com
CustomLog logs/subdomain_80_access.log combined
ErrorLog logs/subdomain_80_error.log
RewriteEngine On
RedirectMatch ^/(.*)$ https://subdomain.example.com/$1
</VirtualHost>
I use the official Gitlab Apache 2.4 template for my gitlab installation. When accessing git.example.com the first time, I get a timeout. After visiting https://git.example.com the redirect works even when accessing git.example.com whats going wrong there?
here is the template:
<VirtualHost *:80>
ServerName git.example.com
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLCompression Off
SSLCertificateFile /etc/httpd/ssl.crt/YOUR_SERVER_FQDN.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/YOUR_SERVER_FQDN.key
SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
ServerName YOUR_SERVER_FQDN
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://git.example.com/
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
</VirtualHost>