# all faivre.ml subdomains

<Macro faivre $name $domain>
    <VirtualHost *:80>
	ServerName $domain
	ServerAlias www.$domain
	UseCanonicalName Off

	#DocumentRoot /home/www/ml.faivre/$name

	CustomLog ${APACHE_LOG_DIR}/ml.faivre.$name-access.log combined
	ErrorLog ${APACHE_LOG_DIR}/ml.faivre.$name-error.log

	# br, feb 13, 2016. The following hack is necessary to have
	# letsencrypt work in "--webroot" mode, as it does not handle
	# https redirection
	RewriteEngine On
	RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
	RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
    </VirtualHost>

    <VirtualHost *:443>
	ServerName $domain
	ServerAlias www.$domain
	UseCanonicalName Off

	DocumentRoot /home/www/ml.faivre/$name

	CustomLog ${APACHE_LOG_DIR}/ml.faivre.$name-access.log combined
	ErrorLog ${APACHE_LOG_DIR}/ml.faivre.$name-error.log

	SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/faivre.ml/fullchain.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/faivre.ml/privkey.pem

	<Location />
	    SSLRequireSSL On
	    SSLVerifyClient none
	    SSLVerifyDepth 1
	    SSLOptions +StdEnvVars +StrictRequire
	</Location>

	RewriteEngine on

	<Directory  /home/www/ml.faivre/$name>
    	    Options Indexes FollowSymLinks MultiViews
    	    AllowOverride All
    	    Require all granted
            # Kesako ?
            SSLRenegBufferSize 10486000
	</Directory>

        # Kesako ?
        <IfModule mod_headers.c>
	    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        </IfModule>

        # Kesako ? Puisque mod_security2 n'est pas utilisé, je commente.
	#<IfModule mod_security2.c>
	#    SecRequestBodyNoFilesLimit 5242880
	#</IfModule>

    </VirtualHost>

</Macro>

# macros: Each line is
# Use <dir> <fqdn>
# with dir: /home/www/ml.faivre/<dir>
Use faivre  root    faivre.ml
Use faivre  bremond bremond.faivre.ml

UndefMacro faivre