ServerName mastodon.hoge
Header add Strict-Transport-Security "max-age=31536000 ; includeSubdomains ; Preload "
Header add X-Content-Type-Options nosniff
Header add Referrer-Policy "unsafe-url"
Header add Content-Security-Policy "frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none'"
SSLEngine on
SSLHonorCipherOrder on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/letsencrypt/live/mastodon.hoge/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mastodon.hoge/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mastodon.hoge/chain.pem
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /api/v1/streaming/ ws://localhost:4000/
ProxyPass / http://localhost:3000/
ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/
ProxyPassReverse / http://localhost:3000/
RequestHeader set X-Forwarded-Proto "https"
ServerName mastodon.hoge
DocumentRoot /home/htdocs/dummy
RewriteEngine on
RewriteRule "^/.well-known/acme-challenge" "-" [END]
RewriteCond %{HTTP_HOST} ^mastodon\.hoge
RewriteRule ^/(.*)$ https://mastodon.hoge/$1 [R=301,L]