configpolicy/roles/gitea/templates/gitea.httpd.conf.j2

# vim: set ft=apache :
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]

<VirtualHost _default_:443>
    ServerName {{ gitea_http_domain }}

    SSLCertificateFile {{ gitea_ssl_certificate }}
    SSLCertificateKeyFile {{ gitea_ssl_certificate_key }}
    SSLCertificateChainFile {{ gitea_ssl_certificate }}

    RewriteEngine On
    RewriteCond %{HTTPS} !on
    RewriteRule /.* https://%{SERVER_NAME}$0

    Header always set \
        Strict-Transport-Security "max-age=63072000; includeSubDomains"

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://localhost:3000/ nocanon
    ProxyPassReverse / http://localhost:3000/
    AllowEncodedSlashes NoDecode
</VirtualHost>