Use of NCP's Apache2 itself as a reverse proxy

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
, ,
1

I’m running NCP 26.0.2 which deploys my routers ( FRITZ!Box 7590 AX) ports 80/443 as usual to the net. I want to use NCP’s Apache2 itself as a reverse proxy to expose my “homeassistant.home.net” instance to the same port 443 in order to adress my homeassistant via https. The reason to do it like this is: Letsencrypt certificates exist for the whole domain incl. subdomains thru cname records.
These are the sites config files

GNU nano 5.4                            /etc/apache2/sites-enabled/000-default.conf                                      
<VirtualHost _default_:80>
DocumentRoot /var/www/nextcloud
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteRule ^.well-known/acme-challenge/ - [L]
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
  <IfModule mod_dav.c>
    Dav off
  </IfModule>
  LimitRequestBody 0
</Directory>
</VirtualHost>

  GNU nano 5.4                             /etc/apache2/sites-enabled/nextcloud.conf                                       
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    DocumentRoot /var/www/nextcloud
    ServerName nextcloudpi.xxx.xx
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile   /etc/letsencrypt/live/nextcloudpi.xxx.xx/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nextcloudpi.xxx.xx/privkey.pem

    # For notify_push app in NC21
    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/
  </VirtualHost>

  <Directory /var/www/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
    LimitRequestBody 0
    SSLRenegBufferSize 10486000
  </Directory>
  <IfModule mod_headers.c>


  GNU nano 5.4                           /etc/apache2/sites-enabled/homeassistant.conf                                     
<VirtualHost *:80>
  ServerName homeassistant.xxx.xx
  ProxyPreserveHost On
  ProxyPass /.well-known !
  ProxyPass / http://192.168.1.90:8123/
  ProxyPassReverse / http://192.168.1.90:8123
</VirtualHost>

#<VirtualHost *:443>
#
#              ServerName homeassistant.xxx.xx
#               ProxyPreserveHost On
#               ProxyPass /.well-known !
#               SSLEngine on
#               SSLCertificateFile   /etc/letsencrypt/live/nextcloudpi.xxx.xx/fullchain.pem
#               SSLCertificateKeyFile /etc/letsencrypt/live/nextcloudpi.xxx.xx/privkey.pem
#               ProxyPass / http://192.168.1.90:8123/
#               ProxyPassReverse / http://192.168.1.90:8123/
#</VirtualHost>

Furthermore the subdomain is covered by the Letsencrypt certificate, ncp itself is listet under the “trusted proxies” section in config.php , external access is configured in homeassistant’s configuration.yaml
I tried different setups but none was successfull . You can see the <VirtualHost *:443> part commented out.
Is my approach generally ok ? What do I oversee?