commit 4c67c9e88103aee2922536a6d4e81ce94250e1e2
Author: david.sorber <david.sorber@gmail.com>
Date:   Sun Jan 25 20:48:10 2026 -0500

    Adding current brutus Apache config.

diff --git a/configs/brutus/main.conf b/configs/brutus/main.conf
new file mode 100644
index 0000000..0e700ce
--- /dev/null
+++ b/configs/brutus/main.conf
@@ -0,0 +1,170 @@
+
+<VirtualHost *:80>
+	Redirect permanent / https://brutus.gleeze.com
+</VirtualHost>
+
+<VirtualHost _default_:443>
+	ServerName https://brutus.gleeze.com
+        ServerAdmin webmaster@localhost
+
+        DocumentRoot /var/www
+        <Directory />
+                Options FollowSymLinks
+                AllowOverride None
+        </Directory>
+        <Directory /var/www/>
+                Options Indexes FollowSymLinks MultiViews
+                AllowOverride None
+		Require all granted
+        </Directory>
+
+        Alias /htdocs /var/htdocs
+        <Directory /var/htdocs>
+		Require all granted
+        </Directory>
+
+	ErrorDocument 403 /error_pages/404.html
+	ErrorDocument 404 /error_pages/404.html
+
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+
+        # Possible values include: debug, info, notice, warn, error, crit,
+        # alert, emerg.
+        LogLevel warn
+
+	SSLEngine On
+	#SSLCertificateFile /etc/apache2/ssl/brutus.crt
+	#SSLCertificateKeyFile /etc/apache2/ssl/brutus.key
+	SSLCertificateFile    /etc/letsencrypt/live/brutus.gleeze.com/cert.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/brutus.gleeze.com/privkey.pem
+	SSLCertificateChainFile /etc/letsencrypt/live/brutus.gleeze.com/fullchain.pem
+	Protocols h2 http/1.1
+
+	# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
+	SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
+	SSLHonorCipherOrder on
+
+	# Disable all SSL/TLS versions except v1.3
+	SSLProtocol -all +TLSv1.3
+	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+	
+        # --- Nextcloud ------------------------------------------------
+        Alias /nextcloud/ "/var/www/nextcloud/"
+        <Directory /var/www/nextcloud/>
+                Require all granted
+                AllowOverride All
+                Options FollowSymLinks MultiViews
+
+                <IfModule mod_dav.c>
+                        Dav off
+                </IfModule>
+
+                <IfModule mod_headers.c>
+                        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+                </IfModule>
+
+                SetEnv HOME /var/www/nextcloud
+                SetEnv HTTP_HOME /var/www/nextcloud
+        </Directory>
+
+	# --- Redmine ---------------------------------------------------
+	Alias /redmine /var/www/redmine/
+        <Directory /var/www/redmine/>
+                Options Indexes FollowSymLinks MultiViews
+                AllowOverride None
+                Order allow,deny
+                allow from all
+                PassengerAppRoot /srv/redmine
+                RailsBaseURI /redmine
+        </Directory>
+
+	# --- Redmine Git ----------------------------------------------
+       PerlLoadModule Apache2::Redmine
+
+	Alias /git /var/www/grack/public
+	<Location /git>
+		PassengerBaseURI /git
+	   	PassengerAppRoot /var/www/grack
+	
+	   	AuthType Basic
+	   	AuthName "Redmine git repositories"
+	   	Require valid-user
+	   	AuthUserFile /dev/null
+
+	   	PerlAccessHandler Apache::Authn::Redmine::access_handler
+	   	PerlAuthenHandler Apache::Authn::Redmine::authen_handler
+	   	#RedmineDSN "DBI:mysql:database=bitnami_redmine;host=localhost;mysql_socket=/opt/bitnami/mysql/tmp/mysql.sock"
+	   	RedmineDSN "DBI:Pg:dbname=redmine;host=localhost"
+	   	RedmineDbUser "redmine"
+	   	RedmineDbPass "SemolinaPilchardPornographicPriestess"
+	   	RedmineGitSmartHttp yes
+	</Location>
+
+	<Directory "/var/www/grack/public">
+		Options None
+	    	AllowOverride None
+	    	<IfVersion < 2.3 >
+	        	Order allow,deny
+	        	Allow from all
+	    	</IfVersion>
+	    	<IfVersion >= 2.3>
+	        	Require all granted
+	   	</IfVersion>
+	</Directory>
+
+	# --- Transmission ---------------------------------------------
+        ProxyRequests Off
+	<Location /transmission>
+        	AuthType Digest
+	        AuthName "engine"
+        	AuthDigestProvider file
+	        AuthUserFile /home/dsorber/web_users
+        	Require valid-user
+                ProxyPass http://127.0.0.1:9565/transmission
+                ProxyPassReverse http://127.0.0.1:9565/transmission
+	</Location>
+
+	# --- ttyd -----------------------------------------------------
+        #ProxyRequests Off
+	<Location /terminal>
+        	ProxyPreserveHost On
+	        RewriteEngine on
+        	RewriteCond %{HTTP:Upgrade} websocket [NC]
+	        RewriteCond %{HTTP:Connection} upgrade [NC]
+        	RewriteRule /terminal/?(.*) "ws://127.0.0.1:9772/$1" [P,L]
+		ProxyPass http://127.0.0.1:9772/
+		ProxyPassReverse http://127.0.0.1:9772/
+                ProxyPass  ws://127.0.0.1:9772/
+                ProxyPassReverse  ws://127.0.0.1:9772/
+	</Location>
+
+        # --- jellyfin -------------------------------------------------
+	<Location /daveflix/socket>
+		ProxyPreserveHost On
+		ProxyPass "ws://127.0.0.1:8096/daveflix/socket"
+		ProxyPassReverse "ws://127.0.0.1:8096/daveflix/socket"
+	</Location>
+	<Location /daveflix>
+		ProxyPass "http://127.0.0.1:8096/daveflix"
+		ProxyPassReverse "http://127.0.0.1:8096/daveflix"
+	</Location>
+
+        # --- Trilium ------------------------------------------------
+        <Location /trilium/>
+                RewriteEngine On
+
+                # Proxy WebSocket connections
+                RewriteCond %{HTTP:Connection} Upgrade [NC]
+                RewriteCond %{HTTP:Upgrade} websocket [NC]
+                RewriteRule /(.*) ws://127.0.0.1:8086/$1 [P,L]
+
+                # Proxy standard HTTP connections
+                ProxyPreserveHost On
+                ProxyPass http://127.0.0.1:8086/
+                ProxyPassReverse http://127.0.0.1:8086/
+
+                RequestHeader set X-Forwarded-Proto "https"
+        </Location>
+
+</VirtualHost>
