##
## On all sites, provide Plinth on a default path: /plinth
##
## Requires the following Apache modules to be enabled:
##   mod_headers
##   mod_proxy
##   mod_proxy_http
##
<Location /plinth>
    ProxyPass        http://127.0.0.1:8000/plinth
    ## Send the scheme from user's request to enable Plinth to redirect
    ## URLs, set cookies, set absolute URLs (if any) properly.
    RequestHeader    set X-Forwarded-Proto 'https' env=HTTPS

    ## Ignore any X-FORWARDED-FOR headers sent by the client and their
    ## proxies. Apache will still set this header with the remote
    ## address of the client. Apache is the first and only trusted entry
    ## point for FreedomBox. Any code that does not deal with this
    ## header properly will remain safe. For example:
    ## https://github.com/jazzband/django-axes/issues/286
    RequestHeader    unset X-Forwarded-For
</Location>