ofus/jenkins.example.com.conf

## jenkins.example.com.conf
<VirtualHost *:80>
    ServerName jenkins.example.com
    ServerAdmin webmaster@example.com
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName jenkins.example.com
    ServerAdmin webmaster@example.com

    CustomLog /var/log/apache2/jenkins.example.com-access.log vhost_combined
    ErrorLog /var/log/apache2/jenkins.example.com-error.log
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
    LogFormat "%v %h %l %u %t \"%r\" %>s %b"
    LogLevel warn

    SSLEngine on

    SSLProtocol             all -SSLv2 -SSLv3
    SSLCipherSuite          ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA384:DHE-DSS-AES128-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLCompression          off

    SSLOptions +StrictRequire

    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    ProxyRequests       Off
    ProxyPreserveHost   On
    AllowEncodedSlashes NoDecode
    <Proxy *>
        Order allow,deny
        Allow from all
    </Proxy>
    ProxyPass           /   http://localhost:8080/ nocanon
    ProxyPassReverse    /   http://localhost:8080/
    ProxyPassReverse    /   https://jenkins.example.com/
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
</VirtualHost>

</IfModule>
	<VirtualHost *:80>
	ServerName jenkins.example.com
	ServerAdmin webmaster@example.com
	RewriteEngine on
	RewriteCond %{SERVER_PORT} !^443$
	RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
	</VirtualHost>

	<IfModule mod_ssl.c>
	<VirtualHost *:443>
	ServerName jenkins.example.com
	ServerAdmin webmaster@example.com

	CustomLog /var/log/apache2/jenkins.example.com-access.log vhost_combined
	ErrorLog /var/log/apache2/jenkins.example.com-error.log
	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
	LogFormat "%v %h %l %u %t \"%r\" %>s %b"
	LogLevel warn

	SSLEngine on

	SSLProtocol all -SSLv2 -SSLv3
	SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA384:DHE-DSS-AES128-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
	SSLHonorCipherOrder on
	SSLCompression off

	SSLOptions +StrictRequire

	SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
	Include /etc/letsencrypt/options-ssl-apache.conf

	ProxyRequests Off
	ProxyPreserveHost On
	AllowEncodedSlashes NoDecode
	<Proxy *>
	Order allow,deny
	Allow from all
	</Proxy>
	ProxyPass / http://localhost:8080/ nocanon
	ProxyPassReverse / http://localhost:8080/
	ProxyPassReverse / https://jenkins.example.com/
	RequestHeader set X-Forwarded-Proto "https"
	RequestHeader set X-Forwarded-Port "443"
	</VirtualHost>

	</IfModule>