# begin vhost for <%= title %>
:80>
ServerName <%= title %>.<%= hosting_domain %>
<% if server_alias != false %> ServerAlias <%= server_alias %><% end %>
DocumentRoot <%= docroot %>
<% if https_redirect != false or canonical != false %>
RewriteEngine On
<% end -%>
<% if https_redirect != false %>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
# Redirect all HTTP to HTTPS
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %>
<% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
<% if redirect != false %> Redirect <%= redirect %><% end %>
<% if aliases != false %><% aliases.each do |map| -%>
Alias <%= map %>
<% end -%><% end -%>
<% if use != false %><% use.each do |instance| -%>
Use <%= instance %>
<% end -%><% end -%>
<% if mpm == true %>
AssignUserId <%= user %> <%= gid %>
<% end %>
<% if canonical != false %>
<%- for canonical_exception in canonical_exceptions -%>
RewriteCond %{HTTP_HOST} !=<%= canonical_exception %> [NC]
<%- end -%>
RewriteCond %{HTTP_HOST} !=<%= canonical %> [NC]
RewriteCond %{HTTP_HOST} !=""
RewriteRule ^/(.*) <%= protocol %>://<%= canonical %>/$1 [L,R=301]
<% end %>
# end vhost for <%= title %>
<% if ssl == true %>
# begin ssl vhost for <%= title %>
:443>
ServerName <%= title %>.<%= hosting_domain %>
<% if server_alias != false %> ServerAlias <%= server_alias %><% end %>
DocumentRoot <%= docroot %>
<% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
<% if redirect != false %> Redirect <%= redirect %><% end %>
<% if aliases != false %><% aliases.each do |map| -%>
Alias <%= map %>
<% end -%><% end -%>
<% if use != false %><% use.each do |instance| -%>
Use <%= instance %>
<% end -%><% end -%>
<% if mpm == true %>
AssignUserId <%= user %> <%= gid %>
<% end %>
# SSL Configuration
SSLEngine on
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/certs/<%= title %>.crt
SSLCertificateKeyFile /etc/ssl/private/<%= title %>.pem
# end ssl vhost for <%= title %>
<% end %>