# VHostHTTP for http only # VHostHTTPS for http & https w/ optional http to https redirect # VHostHTTPSVarnish for https -> Varnish -> http # VHostSubdomainHTTP # VHostSubdomainHTTPS # VHostSubdomainHTTPSVarnish # *only use one of the VHost options above at at time* # # VMailHTTPS for webmail at mail. subdomain assumes & requires https w/ valid cert # # RedirectHTTP for http only # RedirectHTTPS for http & https # *only use one of the Redirect options above at at time* # # VHostAliasHTTP for http only # VHostAliasHTTPS for http & https # VHostAliasHTTPSVarnish for http & https # *only use one of the Alias options above at at time* # Optional AliasDomain for accessing VirtualHosts. # Uncomment and change example.com to suit your needs. #Define AliasDomain example.com # Uncomment to force a redirect from HTTP to HTTPS for all VirtualHosts that have HTTPS enabled #Define ForceHTTPS # VHostHTTP - HTTP on Port 80 <Macro VHostHTTP $vhost $username> <VirtualHost *:80> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> </Macro> <Macro VHostSubdomainHTTP $vhost $username $subdomain> <VirtualHost *:80> ServerName $subdomain.$vhost <IfDefine AliasDomain> ServerAlias $subdomain.$vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html/$subdomain <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> </Macro> # VHostHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain <Macro VHostHTTPS $vhost $username> <VirtualHost *:80> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] <IfDefine ForceHTTPS> <Location "/"> <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" </If> </Location> </IfDefine> <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> <VirtualHost *:443> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem Alias /stats /srv/www/$vhost/stats AddExternalAuth pwauth /usr/sbin/pwauth SetExternalAuthMethod pwauth pipe <Location /stats> AuthType Basic AuthName "Usage Statistics for $vhost" AuthBasicProvider external AuthExternal pwauth <RequireAny> Require ip 127.0.0.1 Require user $username </RequireAny> </Location> </VirtualHost> </Macro> # VHostSubdomainHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain <Macro VHostSubdomainHTTPS $vhost $username $subdomain> <VirtualHost *:80> ServerName $subdomain.$vhost <IfDefine AliasDomain> ServerAlias $subdomain.$vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html/$subdomain <IfDefine ForceHTTPS> <Location "/"> <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" </If> </Location> </IfDefine> <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> <VirtualHost *:443> ServerName $subdomain.$vhost <IfDefine AliasDomain> ServerAlias $subdomain.$vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html/$subdomain <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem </VirtualHost> </Macro> # VHostHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80 <Macro VHostHTTPSVarnish $vhost $username> <VirtualHost *:80> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> <VirtualHost *:443> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> RequestHeader set X-Forwarded-Proto https ProxyPreserveHost On ProxyPass / http://127.0.0.1:6081/ ProxyPassReverse / http://127.0.0.1:6081/ SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem </VirtualHost> </Macro> # VHostSubdomainHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80 <Macro VHostSubdomainHTTPSVarnish $vhost $username $subdomain> <VirtualHost *:80> ServerName $subdomain.$vhost <IfDefine AliasDomain> ServerAlias $subdomain.$vhost.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html/$subdomain <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> <VirtualHost *:443> ServerName $subdomain.$vhost <IfDefine AliasDomain> ServerAlias $subdomain.$vhost.${AliasDomain} </IfDefine> RequestHeader set X-Forwarded-Proto https ProxyPreserveHost On ProxyPass / http://127.0.0.1:6081/ ProxyPassReverse / http://127.0.0.1:6081/ SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem </VirtualHost> </Macro> # Webmail - HTTP Port 80 Redirects to HTTPS Port 443 <Macro VMailHTTPS $vhost> <VirtualHost *:80> ServerName $vhost <Location "/"> <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> Redirect / https://$vhost </If> </Location> </VirtualHost> <VirtualHost *:443> ServerName $vhost DocumentRoot /srv/www/html/roundcube/public_html SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem </VirtualHost> </Macro> <Macro RedirectHTTP $vhost $redirect> <VirtualHost *:80> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> <Location "/"> <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> Redirect 301 "$redirect%{REQUEST_URI}" </If> </Location> </VirtualHost> </Macro> <Macro RedirectHTTPS $vhost $redirect> <VirtualHost *:80> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> <Location "/"> <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> Redirect 301 "$redirect%{REQUEST_URI}" </If> </Location> </VirtualHost> <VirtualHost *:443> ServerName $vhost ServerAlias www.$vhost <IfDefine AliasDomain> ServerAlias $vhost.${AliasDomain} </IfDefine> <Location "/"> <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> Redirect 301 "$redirect%{REQUEST_URI}" </If> </Location> SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem </VirtualHost> </Macro> <Macro VHostAliasHTTP $vhost $username $alias> <VirtualHost *:80> ServerName $alias ServerAlias www.$alias <IfDefine AliasDomain> ServerAlias $alias.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> </Macro> <Macro VHostAliasHTTPS $vhost $username $alias> <VirtualHost *:80> ServerName $alias ServerAlias www.$alias <IfDefine AliasDomain> ServerAlias $alias.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] <IfDefine ForceHTTPS> <Location "/"> <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" </If> </Location> </IfDefine> <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> </VirtualHost> <VirtualHost *:443> ServerName $alias ServerAlias www.$alias <IfDefine AliasDomain> ServerAlias $alias.${AliasDomain} </IfDefine> DocumentRoot /srv/www/$vhost/html ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/" RewriteEngine on RewriteCond %{REQUEST_URI} ^/cgi-bin/.* RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT] <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php8.1-fpm-$username.sock|fcgi://localhost" </FilesMatch> SSLEngine on SSLCertificateFile /etc/ssl/letsencrypt/$alias.pem </VirtualHost> </Macro>