# WARNING: uses Apache 2.4 syntax (instead of deprecated Order and Allow directives)

# {{sitename}} non-secure
<VirtualHost *:80>
    ServerName {{domain}}
    ## ServerAlias server

    ServerAdmin webmaster@localhost

    # Redirect to secure vhost (Match all paths except for ones that should stay as HTTP)
##     RedirectMatch permanent ^/(?!\.well-known)(.*) https://www.{{domain}}/$1

##     # -- FCGID and PHP user segregation --
##     SuexecUserGroup {{sitename}} {{sitename}}
##     FcgidWrapper /srv/web/{{sitename}}/libexec/php.fcgi

    # -- Access --
    # (Needed for Let's Encrypt)
    DocumentRoot /srv/web/{{subdir}}/docroot
    <Directory /srv/web/{{subdir}}/docroot>
        Require all granted

        Options FollowSymLinks MultiViews
        ## Options +Indexes
        AllowOverride None
        ## AllowOverrideList {{which}}
    </Directory>

    #
    # The following lines prevent files with an extension of .inc from being
    # viewed by Web clients.
    #
    <Files "*.inc">
        Require all denied
    </Files>

    # -- Logging --
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    ## LogLevel warn
    LogLevel notice

    ## ErrorLog ${APACHE_LOG_DIR}/{{sitename}}/error.log
    ## CustomLog ${APACHE_LOG_DIR}/{{sitename}}/access.log combined
</VirtualHost>


<IfModule mod_ssl.c>

# {{sitename}} secure
<VirtualHost *:443>
    ServerName {{domain}}
    ## ServerAlias server

    ServerAdmin webmaster@localhost

    # -- Access --
    DocumentRoot /srv/web/{{subdir}}/docroot
    <Directory /srv/web/{{subdir}}/docroot>
        Require all granted

        Options FollowSymLinks MultiViews
        ## Options +Indexes
        AllowOverride None
        ## AllowOverrideList {{which}}
    </Directory>

    #
    # The following lines prevent files with an extension of .inc from being
    # viewed by Web clients.
    #
    <Files "*.inc">
        Require all denied
    </Files>

    # -- Logging --
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    ## LogLevel warn
    LogLevel notice

    # If using custom logs for this site, don't forget to create
    # /var/log/apache2/{{sitename}}/ and set up log rotation
    ## ErrorLog ${APACHE_LOG_DIR}/{{sitename}}/error.log
    ## CustomLog ${APACHE_LOG_DIR}/{{sitename}}/access.log combined

    # -- SSL --
    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    ## SSLCertificateFile    /etc/ssl/certs/{{sitename}}.crt
    ## SSLCertificateKeyFile /etc/ssl/private/{{sitename}}.key
    SSLCertificateFile    /etc/letsencrypt/live/www.{{domain}}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.{{domain}}/privkey.pem

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    ## SSLCertificateChainFile /etc/ssl/certs/{{intermediate}}.crt
</VirtualHost>

</IfModule>


# vim: set filetype=apache tabstop=4 shiftwidth=4 :
# Local Variables:
# tab-width: 4
# end: