# This is a sample file demonstrating how to set up reverse-proxy for element.DOMAIN.
# If you're not using Element (`matrix_client_element_enabled: false`), you won't need this.

<VirtualHost *:80>
	ServerName element.DOMAIN

	ProxyVia On

	# Map /.well-known/acme-challenge to the certbot server
	# If you manage SSL certificates by yourself, this will differ.
	<Location /.well-known/acme-challenge>
		ProxyPreserveHost On
		ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
	</Location>

	Redirect permanent / https://element.DOMAIN/
</VirtualHost>

<VirtualHost *:443>
	ServerName element.DOMAIN

	SSLEngine On

	# If you manage SSL certificates by yourself, these paths will differ.
	SSLCertificateFile /matrix/ssl/config/live/element.DOMAIN/fullchain.pem
	SSLCertificateKeyFile /matrix/ssl/config/live/element.DOMAIN/privkey.pem

	SSLProxyEngine on
	SSLProxyProtocol +TLSv1.2 +TLSv1.3
	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia On

	ProxyPass / http://127.0.0.1:8765/
	ProxyPassReverse / http://127.0.0.1:8765/

	ErrorLog ${APACHE_LOG_DIR}/element.DOMAIN-error.log
	CustomLog ${APACHE_LOG_DIR}/element.DOMAIN-access.log combined
</VirtualHost>