ServerName {{ FQDN }}
ServerName www.{{ FQDN }}
ServerAlias {{ FQDN }}
# Redirect permanent / https://www.{{ FQDN }}/
Redirect / https://www.{{ FQDN }}/
ServerName {{ FQDN }}
ProxyPass /api/ http://backend:8000/api/
ProxyPassReverse /api/ http://backend:8000/api/
SSLEngine on
SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
ServerName api.{{ FQDN }}
ProxyPass / http://backend:8000/api/
ProxyPassReverse / http://backend:8000/api/
SSLEngine on
SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
ServerName www.{{ FQDN }}
ServerAlias {{ FQDN }}
DocumentRoot /var/www/html
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
SSLEngine on
SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
ServerName profiles.{{ FQDN }}
ProxyPass / http://profiles:8108/
ProxyPassReverse / http://profiles:8108/
SSLEngine on
SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
{% if not DEBUG %}
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
{% endif %}
ErrorLog /dev/stderr
TransferLog /dev/stdout