Here's a basic vhost config
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www/vhosts/www.example.com
DirectoryIndex index.html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>Add the following to your config and adjust the file paths
<VirtualHost *:443>
...
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
...
</VirtualHost>To disable HSTS in the event of using a self-signed cert
Header always set Strict-Transport-Security "max-age=0"With Apache as a webserver behind a reverse proxy, the default behavior is for Apache to report the IP of the reverse proxy as the client IP. This is obviously not desired.
Create the following config file and modify it to use the correct reverse proxy IP and Header that you're using.
bash -c "cat > /etc/apache2/conf-available/remoteip.conf" <<'EOF'
RemoteIPHeader (X-Real-IP|X-Forwarded-For|<whatever-header>)
RemoteIPInternalProxy <x.x.x.x>
EOFEnable the remoteip module and new config
a2enconf remoteip && \
a2enmod remoteip && \
systemctl restart apache2.serviceThe default access logs should now show the real client IP address instead of the upstream reverse proxy IP.
ServerSignature Off
ErrorDocument 404 /error/404.html