apache2-site.conf

# vim: set ft=apache ts=4 sw=4 ai si et:

<VirtualHost *:80>
    ServerName your.domain.tld
    ServerSignature off
    LogLevel warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <IfModule mod_rewrite.c>
        <IfModule mod_ssl.c>
            RewriteEngine On
            RewriteCond %{HTTP_HOST} ^your\.domain\.tld$ [NC]
            RewriteCond %{HTTPS} !^on$ [NC]
            RewriteRule . https://%{HTTP_HOST} [L]
        </IfModule>
    </IfModule>
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName your.domain.tld
        ServerSignature off
        LogLevel warn

        ErrorLog ${APACHE_LOG_DIR}/your.domain.tld.error.log
        CustomLog ${APACHE_LOG_DIR}/your.doamin.tld.access.log combined

        # enable ssl
        SSLEngine on
        SSLOptions +StrictRequire
        SSLCertificateFile      /etc/letsencrypt/live/your.domain.tld/fullchain.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/your.domain.tld/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/your.domain.tld/chain.pem
        SSLCACertificateFile    /etc/ssl/certs/ca-certificates.crt

        ProxyRequests off
        ProxyPreserveHost on
        RewriteEngine on
        RewriteRule ^(.*) - [E=CLIENT_IP:%{REMOTE_ADDR},L]
        RequestHeader set X-Forwarded-Port "443"
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set x-forwarded-for %{CLIENT_IP}e
        ProxyPass / http://127.0.0.1:8082/ nocanon
        ProxyPassReverse / http://127.0.0.1:8082/

        Header set X-Robots-Tag "noindex, nofollow"

        <FilesMatch ".pdf$">
            Header set Cache-Control no-store
        </FilesMatch>
    </VirtualHost>
</IfModule>