# VHostHTTP for http only # VHostHTTPS for http & https w/ optional http to https redirect # VHostHTTPSVarnish for https -> Varnish -> http # VHostSubdomainHTTP # VHostSubdomainHTTPS # VHostSubdomainHTTPSVarnish # *only use one of the VHost options above at at time* # # VMailHTTPS for webmail at mail. subdomain assumes & requires https w/ valid cert # Mailman3HTTPS for mailman3 lists at lists. subdomain assumes & requires https w/ valid cert # # RedirectHTTP for http only # RedirectHTTPS for http & https # *only use one of the Redirect options above at at time* # # VHostAliasHTTP for http only # VHostAliasHTTPS for http & https # VHostAliasHTTPSVarnish for http & https # *only use one of the Alias options above at at time* # Optional AliasDomain for accessing VirtualHosts. # Uncomment and change example.com to suit your needs. #Define AliasDomain example.com # Uncomment to force a redirect from HTTP to HTTPS for all VirtualHosts that have HTTPS enabled #Define ForceHTTPS # VHostHTTP - HTTP on Port 80 ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" ServerName $subdomain.$vhost ServerAlias $subdomain.$vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html/$subdomain SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" # VHostHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem Alias /stats /var/lib/webalizer/$vhost AddExternalAuth pwauth /usr/sbin/pwauth SetExternalAuthMethod pwauth pipe AuthType Basic AuthName "Usage Statistics for $vhost" AuthBasicProvider external AuthExternal pwauth Require ip 127.0.0.1 Require user $username # VHostSubdomainHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain ServerName $subdomain.$vhost ServerAlias $subdomain.$vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html/$subdomain Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" ServerName $subdomain.$vhost ServerAlias $subdomain.$vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html/$subdomain SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem # VHostHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80 ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} RequestHeader set X-Forwarded-Proto https ProxyPreserveHost On ProxyPass / http://127.0.0.1:6081/ ProxyPassReverse / http://127.0.0.1:6081/ SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem # VHostSubdomainHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80 ServerName $subdomain.$vhost ServerAlias $subdomain.$vhost.${AliasDomain} DocumentRoot /srv/www/$vhost/html/$subdomain SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" ServerName $subdomain.$vhost ServerAlias $subdomain.$vhost.${AliasDomain} RequestHeader set X-Forwarded-Proto https ProxyPreserveHost On ProxyPass / http://127.0.0.1:6081/ ProxyPassReverse / http://127.0.0.1:6081/ SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem # Webmail - HTTP Port 80 Redirects to HTTPS Port 443. Expects mail. subdomain ServerName $vhost Redirect / https://$vhost ServerName $vhost DocumentRoot /srv/www/html/roundcube/public_html SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem # Mailman3 - HTTP Port 80 Redirects to HTTPS Port 443. Expects lists. subdomain ServerName $vhost Redirect / https://$vhost ServerName $vhost DocumentRoot /srv/www/html Include /etc/mailman3/apache.conf RedirectMatch ^/$ /mailman3 SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} Redirect 301 "$redirect%{REQUEST_URI}" ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} Redirect 301 "$redirect%{REQUEST_URI}" ServerName $vhost ServerAlias www.$vhost ServerAlias $vhost.${AliasDomain} Redirect 301 "$redirect%{REQUEST_URI}" SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem ServerName $alias ServerAlias www.$alias ServerAlias $alias.${AliasDomain} DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" ServerName $alias ServerAlias www.$alias ServerAlias $alias.${AliasDomain} DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" ServerName $alias ServerAlias www.$alias ServerAlias $alias.${AliasDomain} DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] SetHandler "proxy:unix:/run/php/php$phpVersion-fpm-$username.sock|fcgi://localhost" SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$alias.pem