# Apache vhost pour admin.alpinux.org
# À créer via ISPConfig : Sites > Ajouter un site web
# Domaine : admin.alpinux.org
# Activer SSL Let's Encrypt dans ISPConfig
#
# L'app admin Flask tourne derrière Gunicorn sur 127.0.0.1:5002

<VirtualHost *:80>
    ServerName admin.alpinux.org
    Redirect permanent / https://admin.alpinux.org/
</VirtualHost>

<VirtualHost *:443>
    ServerName admin.alpinux.org

    # ── Proxy vers Gunicorn ──────────────────────────────────────
    ProxyPreserveHost On
    ProxyPass        / http://127.0.0.1:5002/
    ProxyPassReverse / http://127.0.0.1:5002/

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-For   "%{REMOTE_ADDR}s"

    # ── Sécurité ─────────────────────────────────────────────────
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options        "DENY"
    Header always set Referrer-Policy        "strict-origin-when-cross-origin"

    # ── Logs ─────────────────────────────────────────────────────
    ErrorLog  /var/log/apache2/admin.alpinux.org-error.log
    CustomLog /var/log/apache2/admin.alpinux.org-access.log combined

    SSLEngine on
    SSLCertificateFile    /etc/letsencrypt/live/admin.alpinux.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/admin.alpinux.org/privkey.pem
</VirtualHost>