VirtualHost on proxy server:
<VirtualHost *:80>
ServerName demo.bethicoleague.org
Redirect 301 / https://demo.bethicoleague.org/
ErrorLog ${APACHE_LOG_DIR}/http-error.log
CustomLog ${APACHE_LOG_DIR}/http-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =demo.bethicoleague.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName demo.bethicoleague.org
ServerAdmin bernard@condrau.com
php_value date.timezone "Asia/Bangkok"
ErrorLog ${APACHE_LOG_DIR}/bco/joomla5-error.log
CustomLog ${APACHE_LOG_DIR}/bco/joomla5-access.log combined
SSLEngine on
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests Off
ProxyPreserveHost On
ProxyPass "/" "http://serenity.condrau.com:8080/"
ProxyPassReverse "/" "http://serenity.condrau.com:8080/"
<Proxy *>
Require all granted
</Proxy>
<Location "/">
# Block aggressive spiders by giving 429, too many requests
Include conf-available/bco-spiders.conf
</Location>
<Location "/html/">
# Allow access for Bernard's locations only
Include conf-available/bco-remote-addr.conf
</Location>
## make sure nobody gets the htaccess, README, COPYING or VERSION files
<Files ~ "^([\._]ht|README$|VERSION$|COPYING$)">
Require all denied
</Files>
## Don't allow access to git directories
<IfModule alias_module>
RedirectMatch 404 /\.git
</IfModule>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/bethicoleague.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bethicoleague.com/privkey.pem
</VirtualHost>