# VHostHTTP for http only
# VHostHTTPS for http & https w/ optional http to https redirect
# VHostHTTPSVarnish for https -> Varnish -> http
# VHostSubdomainHTTP
# VHostSubdomainHTTPS
# VHostSubdomainHTTPSVarnish
# *only use one of the VHost options above at at time*
#
# VMailHTTPS for webmail at mail. subdomain assumes & requires https w/ valid cert
#
# RedirectHTTP for http only
# RedirectHTTPS for http & https
# *only use one of the Redirect options above at at time*
#
# VHostAliasHTTP for http only
# VHostAliasHTTPS for http & https
# VHostAliasHTTPSVarnish for http & https
# *only use one of the Alias options above at at time*

# Optional AliasDomain for accessing VirtualHosts.
# Uncomment and change example.com to suit your needs.
#Define AliasDomain example.com

# Uncomment to force a redirect from HTTP to HTTPS for all VirtualHosts that have HTTPS enabled
#Define ForceHTTPS

# VHostHTTP - HTTP on Port 80
<Macro VHostHTTP $vhost $username>
  <VirtualHost *:80>
    ServerName  $vhost
    ServerAlias www.$vhost
    <IfDefine AliasDomain>
      ServerAlias $vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html
    ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
    RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
</Macro>

<Macro VHostSubdomainHTTP $vhost $username $subdomain>
  <VirtualHost *:80>
    ServerName  $subdomain.$vhost
    <IfDefine AliasDomain>
      ServerAlias $subdomain.$vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html/$subdomain
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
</Macro>

# VHostHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain
<Macro VHostHTTPS $vhost $username>
  <VirtualHost *:80>
    ServerName  $vhost
    ServerAlias www.$vhost
    <IfDefine AliasDomain>
      ServerAlias $vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html
    ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
    RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
    <IfDefine ForceHTTPS>
      <Location "/">
        <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
          Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
        </If>
      </Location>
    </IfDefine>
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
  <VirtualHost *:443>
    ServerName    $vhost
    ServerAlias   www.$vhost
    <IfDefine AliasDomain>
      ServerAlias   $vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html
    ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
    RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
    SSLEngine on
    SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
    Alias /stats /srv/www/$vhost/stats
    AddExternalAuth pwauth /usr/sbin/pwauth
    SetExternalAuthMethod pwauth pipe
    <Location /stats>
      AuthType Basic
      AuthName "Usage Statistics for $vhost"
      AuthBasicProvider external
      AuthExternal pwauth
      <RequireAny>
        Require ip 127.0.0.1
        Require user $username
      </RequireAny>
    </Location>
  </VirtualHost>
</Macro>

# VHostSubdomainHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain
<Macro VHostSubdomainHTTPS $vhost $username $subdomain>
  <VirtualHost *:80>
    ServerName  $subdomain.$vhost
    <IfDefine AliasDomain>
      ServerAlias $subdomain.$vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html/$subdomain
    <IfDefine ForceHTTPS>
      <Location "/">
        <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
          Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
        </If>
      </Location>
    </IfDefine>
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
  <VirtualHost *:443>
    ServerName    $subdomain.$vhost
    <IfDefine AliasDomain>
      ServerAlias   $subdomain.$vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html/$subdomain
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
    SSLEngine on
    SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem
  </VirtualHost>
</Macro>

# VHostHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80
<Macro VHostHTTPSVarnish $vhost $username>
  <VirtualHost *:80>
    ServerName  $vhost
    ServerAlias www.$vhost
    <IfDefine AliasDomain>
      ServerAlias $vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html
    ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
    RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
  <VirtualHost *:443>
    ServerName    $vhost
    ServerAlias   www.$vhost
    <IfDefine AliasDomain>
      ServerAlias   $vhost.${AliasDomain}
    </IfDefine>
    RequestHeader set X-Forwarded-Proto https
    ProxyPreserveHost       On
    ProxyPass               / http://127.0.0.1:6081/
    ProxyPassReverse        / http://127.0.0.1:6081/
    SSLEngine on
    SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
  </VirtualHost>
</Macro>

# VHostSubdomainHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80
<Macro VHostSubdomainHTTPSVarnish $vhost $username $subdomain>
  <VirtualHost *:80>
    ServerName  $subdomain.$vhost
    <IfDefine AliasDomain>
      ServerAlias $subdomain.$vhost.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html/$subdomain
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
  <VirtualHost *:443>
    ServerName    $subdomain.$vhost
    <IfDefine AliasDomain>
      ServerAlias   $subdomain.$vhost.${AliasDomain}
    </IfDefine>
    RequestHeader set X-Forwarded-Proto https
    ProxyPreserveHost       On
    ProxyPass               / http://127.0.0.1:6081/
    ProxyPassReverse        / http://127.0.0.1:6081/
    SSLEngine on
    SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem
  </VirtualHost>
</Macro>

# Webmail - HTTP Port 80 Redirects to HTTPS Port 443
<Macro VMailHTTPS $vhost>
  <VirtualHost *:80>
    ServerName    $vhost
    <Location "/">
      <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
        Redirect / https://$vhost
      </If>
    </Location>
  </VirtualHost>
  <VirtualHost *:443>
    ServerName    $vhost
    DocumentRoot  /srv/www/html/roundcube/public_html
    SSLEngine on
    SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
  </VirtualHost>
</Macro>

<Macro RedirectHTTP $vhost $redirect>
  <VirtualHost *:80>
    ServerName  $vhost
    ServerAlias www.$vhost
    <IfDefine AliasDomain>
      ServerAlias $vhost.${AliasDomain}
    </IfDefine>
    <Location "/">
      <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
        Redirect 301 "$redirect%{REQUEST_URI}"
      </If>
    </Location>
  </VirtualHost>
</Macro>

<Macro RedirectHTTPS $vhost $redirect>
  <VirtualHost *:80>
    ServerName  $vhost
    ServerAlias www.$vhost
    <IfDefine AliasDomain>
      ServerAlias $vhost.${AliasDomain}
    </IfDefine>
    <Location "/">
      <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
        Redirect 301 "$redirect%{REQUEST_URI}"
      </If>
    </Location>
  </VirtualHost>
  <VirtualHost *:443>
    ServerName  $vhost
    ServerAlias www.$vhost
    <IfDefine AliasDomain>
      ServerAlias $vhost.${AliasDomain}
    </IfDefine>
    <Location "/">
      <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
        Redirect 301 "$redirect%{REQUEST_URI}"
      </If>
    </Location>
    SSLEngine on
    SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
  </VirtualHost>
</Macro>

<Macro VHostAliasHTTP $vhost $username $alias>
  <VirtualHost *:80>
    ServerName  $alias
    ServerAlias www.$alias
    <IfDefine AliasDomain>
      ServerAlias $alias.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html
    ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
    RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
</Macro>

<Macro VHostAliasHTTPS $vhost $username $alias>
  <VirtualHost *:80>
    ServerName  $alias
    ServerAlias www.$alias
    <IfDefine AliasDomain>
      ServerAlias $alias.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html
    ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
    RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
    <IfDefine ForceHTTPS>
      <Location "/">
        <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
          Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
        </If>
      </Location>
    </IfDefine>
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
  </VirtualHost>
  <VirtualHost *:443>
    ServerName    $alias
    ServerAlias   www.$alias
    <IfDefine AliasDomain>
      ServerAlias $alias.${AliasDomain}
    </IfDefine>
    DocumentRoot  /srv/www/$vhost/html
    ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
    RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
    <FilesMatch ".+\.ph(ar|p|tml)$">
      SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost"
    </FilesMatch>
    SSLEngine on
    SSLCertificateFile /etc/ssl/letsencrypt/$alias.pem
  </VirtualHost>
</Macro>