# Please make sure that you have the modules mod_ssl, mod_headers,
# mod_proxy and mod_proxy_http enabled. If not, you can use following
# command:
# $ sudo a2enmod ssl headers proxy proxy_http

<VirtualHost *:443>
        ServerName localhost

        # Enable secure communication using HTTPS
        # Adjust the paths to the certificates files to your environment
        SSLEngine on
        SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        # In order that tusd can construct correct upload URLs, we tell tusd
        # that the HTTPS protocol is used and also forward the original Host
        # Header.
        RequestHeader set X-Forwarded-Proto "https"
        ProxyPreserveHost on

        # Pass requests to tusd server
        ProxyPass /files http://localhost:1080/files
        ProxyPassReverse /files http://localhost:1080/files
</VirtualHost>

# This SSL configuration has been taken from Mozilla SSL Generator:
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1e&hsts=no&profile=intermediate
SSLProtocol             all -SSLv3
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-$
SSLHonorCipherOrder     on
SSLCompression          off

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)