{% if 'address' in ansible_default_ipv6 %} {% else %} {% endif %} ServerAdmin {{ server_admin }} ServerName {{ site_name }} ServerAlias {{ site_name }} ErrorLog /var/log/apache2/{{ site_name }}-error.log CustomLog /var/log/apache2/{{ site_name }}-access.log common Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge RewriteEngine On RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] {% if 'address' in ansible_default_ipv6 %} {% else %} {% endif %} ServerAdmin {{ server_admin }} ServerName {{ site_name }} ServerAlias {{ site_name }} ErrorLog /var/log/apache2/{{ site_name }}-error.log CustomLog /var/log/apache2/{{ site_name }}-access.log common SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS} # see documentation of wstunnel: This allwos generic websocket passthrough RewriteEngine On RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L]