ServerName mastodon.hoge Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload " Header add X-Content-Type-Options nosniff Header add Referrer-Policy "unsafe-url" Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'" SSLEngine on SSLHonorCipherOrder on SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem ProxyPreserveHost On ProxyRequests Off ProxyPass /api/v1/streaming/ ws://localhost:4000/ ProxyPass / http://localhost:3000/ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ ProxyPassReverse / http://localhost:3000/ RequestHeader set X-Forwarded-Proto "https" ServerName mastodon.hoge DocumentRoot /home/htdocs/dummy RewriteEngine on RewriteRule "^/.well-known/acme-challenge" "-" [END] RewriteCond %{HTTP_HOST} ^mastodon\.hoge RewriteRule ^/(.*)$ https://mastodon.hoge/$1 [R=301,L]