Listen 8000
<VirtualHost *:8000>
    ServerName localhost

    # Add error log
    CustomLog /proc/self/fd/1 proxy
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    ErrorLog /proc/self/fd/2
    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
    LogLevel ${AIO_LOG_LEVEL}

    # KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
    # Without this each asset (JS, CSS, image) would require a full TCP handshake,
    # which is especially expensive on TLS connections and noticeably slows down
    # Nextcloud's login page and file manager that load dozens of resources at once.
    KeepAlive On
    # KeepAliveTimeout: close an idle keep-alive connection after 5 seconds.
    # A short timeout frees Apache worker threads quickly so they are available
    # for new requests; 5 s is long enough to cover the gap between requests
    # that a browser issues while rendering a page (typically < 1 s), yet short
    # enough to avoid holding threads open for idle or slow clients.
    KeepAliveTimeout 5
    # MaxKeepAliveRequests: allow at most 500 requests per persistent connection.
    # 100 (the Apache default) is too low for Nextcloud: the desktop and mobile
    # sync clients issue many small API calls (PROPFIND, GET, PUT, checksums …)
    # per sync cycle and routinely exceed 100 requests on a single connection.
    # Hitting the limit forces a new TCP/TLS handshake, adding latency and CPU
    # overhead. 500 gives sync clients enough headroom while still periodically
    # recycling threads to contain per-process memory growth.
    MaxKeepAliveRequests 500

    # sendfile(2) is disabled because it bypasses Apache's output-filter chain: with
    # it enabled, mod_brotli is silently skipped for static files (JS, CSS, SVG),
    # negating the compression configured below.  MMAP is also
    # disabled because files can be replaced by Nextcloud at any time and mmap'd
    # pages could serve stale data.
    EnableSendfile Off
    EnableMMAP Off

    # PHP match
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
    </FilesMatch>

    <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
    </Proxy>

    # Compress JS, CSS and SVG responses with Brotli (quality 4 gives good
    # compression with reasonable CPU cost; the default of 0 barely compresses).
    # Other plain-text files are already compressed by Nextcloud itself.
    # No deflate fallback is needed: every browser that Nextcloud supports
    # (Chrome 49+, Firefox 44+, Safari 11+, Edge 15+ — all from 2016-2017)
    # supports Brotli. Internet Explorer, the only browser that never gained
    # Brotli support, was dropped by Nextcloud with NC15 (2019).
    # Desktop and mobile sync clients never request JS/CSS/SVG assets.
    <IfModule mod_brotli.c>
        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
        BrotliCompressionQuality 4
    </IfModule>

    # Nextcloud dir
    DocumentRoot /var/www/html/
    <Directory /var/www/html/>
        Options FollowSymLinks MultiViews
        Require all granted
        AllowOverride All
        <IfModule mod_dav.c>
            Dav off
        </IfModule>
    </Directory>
    # Deny access to .ht files
    <Files ".ht*">
        Require all denied
    </Files>

    # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
    LimitRequestBody ${APACHE_MAX_SIZE}

    # See https://httpd.apache.org/docs/current/mod/core.html#timeout
    Timeout ${APACHE_MAX_TIME}

    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
    ProxyTimeout ${APACHE_MAX_TIME}

    # See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
    TraceEnable Off
</VirtualHost>