Listen 80
Listen 443
Listen 8080

<VirtualHost *:8080>
  ServerName redirect

  Header always set Cache-Control "no-store"
  # trailing '?' drops request query string:
  RedirectMatch seeother  ^.*$ https://portal.example.com?
  KeepAlive off
</VirtualHost>

<VirtualHost *:80>
  ServerName portal.example.com
  ServerAlias portal-node1.example.com

  Redirect permanent / https://portal.example.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName portal.example.com
  ServerAlias portal-node1.example.com

  SSLEngine on
  SSLCertificateFile      "/etc/ssl/certs/portal.example.com-with-chain.crt"
  SSLCertificateKeyFile   "/etc/ssl/private/portal.example.com.key"

  # The static directory of your theme (or the builtin one)
  Alias /static "/var/lib/python-capport/custom/static"

  Header always set X-Frame-Options DENY
  Header always set Referrer-Policy same-origin
  Header always set X-Content-Type-Options nosniff
  Header always set Strict-Transport-Security "max-age=31556926;"

  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}

  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass /static !
  ProxyPass / http://127.0.0.1:5001/
</VirtualHost>