<VirtualHost *:443>

    ## Enable SSL
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

    ## Use HTTP Strict Transport Security to force client to use secure connections only
    Header always set Strict-Transport-Security "max-age=31536000"

    ## Shared options.
    ProxyPreserveHost on
    DocumentRoot /usr/share/plinth

    ## Use this rule to hang plinth off of plinth.(servername)
    # ServerName plinth
    # ServerAlias plinth.*
    # ProxyPass        /  http://localhost:8000/
    # ProxyPassReverse /  http://localhost:8000/
    # <Proxy *>
    #     Order Deny,Allow
    #     Deny from All
    #     Allow from 10.0.0.0/8
    #     Allow from 172.16.0.0/12
    #     Allow from 192.168.0.0/16
    # </Proxy>

    ## Use this rule to hang plinth off a subdir.
    ## Make sure to provide plinth with a default directory: /plinth
    <Location /plinth>
        ProxyPass        http://localhost:8000/plinth
        ProxyPassReverse http://localhost:8000/plinth

        Order Deny,Allow
        Deny from All
        Allow from 10.0.0.0/8
        Allow from 172.16.0.0/12
        Allow from 192.168.0.0/16
    </Location>
    ProxyPass    /plinth/static !

</VirtualHost>