9a251e4e46
Continuation of 1f0cc92b330b42. As an explanation for the problem: when saying `localhost` on the host, it sometimes gets resolved to `::1` and sometimes to `127.0.0.1`. On the unfortunate occassions that it gets resolved to `::1`, the container won't be able to serve the request, because Docker containers don't have IPv6 enabled by default. To avoid this problem, we simply prevent any lookups from happening and explicitly use `127.0.0.1`.
42 lines
1.2 KiB
Plaintext
42 lines
1.2 KiB
Plaintext
# This is a sample file demonstrating how to set up reverse-proxy for the riot.DOMAIN.
|
|
# If you're not using Riot (`matrix_riot_web_enabled: false`), you won't need this.
|
|
|
|
<VirtualHost *:80>
|
|
ServerName riot.DOMAIN
|
|
|
|
# Map /.well-known/acme-challenge to the certbot server
|
|
# If you manage SSL certificates by yourself, this will differ.
|
|
<Location /.well-known/acme-challenge>
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
ProxyVia On
|
|
ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
|
|
</Location>
|
|
|
|
Redirect permanent / https://riot.DOMAIN/
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName riot.DOMAIN
|
|
|
|
SSLEngine On
|
|
|
|
# If you manage SSL certificates by yourself, these paths will differ.
|
|
SSLCertificateFile /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem
|
|
SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
|
|
|
|
SSLProxyEngine on
|
|
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
ProxyVia On
|
|
|
|
ProxyPass / http://127.0.0.1:8765/
|
|
ProxyPassReverse / http://127.0.0.1:8765/
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/riot.DOMAIN-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/riot.DOMAIN-access.log combined
|
|
</VirtualHost>
|