fedora-infra_ansible/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf

RequestHeader unset Expect early
RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Forwarded-Proto https early

# Cannot redirect to HTTPS for *.id.fedoraproject.org or set 
# "includeSubdomains", because relying parties need to be able to access 
# username.id.fedoraproject.org via plain HTTP 
Header always add Strict-Transport-Security "max-age=15768000; preload" 

RewriteEngine on

RewriteRule ^(.+) - [PT]

<Location /login>
    # required for rewrite rule
    Options +SymLinksIfOwnerMatch
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Location>


ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}