<VirtualHost *:443>
ServerName squaresdb.dehnerts.com
SSLProxyEngine on
- # Really I want to validate that the name matches squaresdb.dehnerts.com,
- # but apparently that's not a thing, AFAICT.
- SSLProxyCheckPeerName off
+ SSLProxyVerify require
+ SSLProxyVerifyDepth 2
+ SSLProxyCACertificatePath /etc/ssl/certs
+ SSLProxyCheckPeerName on
ProxyPass "/" "https://squaresdb.lushan-vms.dehnerts.com/"
ProxyPassReverse "/" "https://squaresdb.lushan-vms.dehnerts.com/"
ProxyPreserveHost on
SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
</VirtualHost>
</IfModule>
+
+<VirtualHost *:80>
+ ServerName zulip.dehnerts.com
+ ServerAlias *.zulip.dehnerts.com
+ ProxyPassReverse "/" "http://zulip.lushan-vms.dehnerts.com/"
+ ProxyPreserveHost on
+
+ DocumentRoot /var/www/letsencrypt-verify/
+ RewriteEngine on
+ RewriteCond /var/www/letsencrypt-verify/%{REQUEST_URI} !-f
+ RewriteRule ^/.well-known/acme-challenge/(.*)$ http://zulip.lushan-vms.dehnerts.com/.well-known/acme-challenge/$1 [P,QSA,L]
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+ ServerName zulip.dehnerts.com
+ ServerAlias *.zulip.dehnerts.com
+ SSLProxyEngine on
+ SSLProxyVerify require
+ SSLProxyVerifyDepth 2
+ SSLProxyCACertificatePath /etc/ssl/certs
+ SSLProxyCheckPeerName on
+ ProxyPass "/" "https://zulip.lushan-vms.dehnerts.com/"
+ ProxyPassReverse "/" "https://zulip.lushan-vms.dehnerts.com/"
+ ProxyPreserveHost on
+ Include sites-common/ssl-common
+ SSLCertificateFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/zulip.dehnerts.com/privkey.pem
+</VirtualHost>
+</IfModule>