apache-portal.conf

<VirtualHost *:80>
    ServerName yourdomain.com
    DocumentRoot /var/www
    RewriteEngine On

    RewriteCond %{HTTPS} !=on
    RewriteCond %{HTTP_HOST} !=localhost
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    <Directory /var/www>
        Options -Indexes
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    ServerName yourdomain.com
    DocumentRoot /var/www
    RewriteEngine On
    SSLEngine On
    SSLProxyEngine On
    SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    ProxyPreserveHost On
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    Redirect permanent /gui /rslsync/gui

    <Directory /var/www>
        Options -Indexes
    </Directory>

    <Location /public>
        Require all granted
    </Location>

    <Location /rutorrent>
        Require valid-user
        AuthType form
        AuthFormProvider file
        AuthUserFile "/etc/apache2/passwd"
        AuthName "My Login"
        Session On
        SessionMaxAge 1800
        SessionCookieName session path=/
        SessionCryptoPassphrase CHANGEME
        ErrorDocument 401 /login.html
    </Location>

    <LocationMatch /rutorrent/(conf|share)>
        Require all denied
    </LocationMatch>

    <Location /sonarr>
        Require valid-user
        AuthType form
        AuthFormProvider file
        AuthFormLoginSuccessLocation /sonarr
        AuthUserFile "/etc/apache2/passwd"
        AuthName "My Login"
        Session On
        SessionMaxAge 1800
        SessionCookieName session path=/
        SessionCryptoPassphrase CHANGEME
        ErrorDocument 401 /login.html
        ProxyPass http://localhost:8989/sonarr
        ProxyPassReverse http://localhost:8989/sonarr
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
    </Location>

    <Location /radarr>
        Require valid-user
        AuthType form
        AuthFormProvider file
        AuthFormLoginSuccessLocation /radarr
        AuthUserFile "/etc/apache2/passwd"
        AuthName "My Login"
        Session On
        SessionMaxAge 1800
        SessionCookieName session path=/
        SessionCryptoPassphrase CHANGEME
        ErrorDocument 401 /login.html
        ProxyPass http://localhost:7878/radarr
        ProxyPassReverse http://localhost:7878/radarr
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
    </Location>

    <Location /rslsync>
        Require valid-user
        AuthType form
        AuthFormProvider file
        AuthFormLoginSuccessLocation /rslsync
        AuthUserFile "/etc/apache2/passwd"
        AuthName "My Login"
        Session On
        SessionMaxAge 1800
        SessionCookieName session path=/
        SessionCryptoPassphrase CHANGEME
        ErrorDocument 401 /login.html
        ProxyPass http://localhost:8888
        ProxyPassReverse http://localhost:8888
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
    </Location>

    <LocationMatch /logout$>
        SetHandler form-logout-handler
        AuthFormLogoutLocation /logout.html
        Session On
        SessionMaxAge 1
        SessionCookieName session path=/
        SessionCryptoPassphrase CHANGEME
        ProxyPass !
    </LocationMatch>

    <LocationMatch /\.(svn|git)>
        Require all denied
    </LocationMatch>
</VirtualHost>