After a whole night of digging I found a configuration that works-for-me(tm).
< VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLCompression Off
SSLCertificateChainFile /etc/apache2/ssl/zcore_ORG_chain.pem
SSLCertificateFile /etc/apache2/ssl/zcore.intra.pem
SSLCertificateKeyFile /etc/apache2/ssl/zcore.intra.key.pem
ServerName mattermost.zcore.intra
ServerSignature Off
ServerAlias mattermostProxyPreserveHost On
ProxyRequests OffRewriteEngine on
RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http:// 127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto "https"< Location /api/v1/websocket>
Require all granted
ProxyPassReverse http:// 127.0.0.1:8065
ProxyPassReverseCookieDomain 127.0.0.1 mattermost.zcore.intra
< /Location>
< Location />
Require all granted
ProxyPassReverse http:// 127.0.0.1:8065
ProxyPassReverseCookieDomain 127.0.0.1 mattermost zcore.intra
< /Location>LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_error.log
CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_forwarded.log common_forwarded
CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_access.log combined env=!dontlog
CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra.log combined
< /VirtualHost>
< VirtualHost *:80>
ServerName mattermost.zcore.intra
Redirect permanent / https:// mattermost.zcore.intra
< /VirtualHost>
Hope I didn't miss anything.
Regs,
Rob