# begin vhost for <%= title %>
<VirtualHost <%= listen %>:<%= scope.lookupvar('apache::http_port') %>>
   ServerName <%= title %>.<%= hosting_domain %>
<% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
   DocumentRoot <%= docroot %>
<% if https_redirect != false or canonical != false %>
   RewriteEngine On
<% end -%>
<% if https_redirect != false %>
   # Redirect all HTTP to HTTPS
   RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %>
<% if redirect_match != false %>   RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
<% if redirect != false %>   Redirect <%= redirect %><% end %>
<% if aliases != false %><% aliases.each do |map| -%>
   Alias <%= map %>
<% end -%><% end -%>  
<% if use != false %><% use.each do |instance| -%>
   Use <%= instance %>
<% end -%><% end -%>
<% if mpm == true %>
   <IfModule mpm_itk_module>
     AssignUserId <%= user %> <%= gid %>
   </IfModule>
<% end %>   
<% if canonical != false %>
   <%- for canonical_exception in canonical_exceptions -%>
   RewriteCond %{HTTP_HOST}   !=<%= canonical_exception %> [NC]
   <%- end -%>
   RewriteCond %{HTTP_HOST}   !=<%= canonical %> [NC]
   RewriteCond %{HTTP_HOST}   !=""
   RewriteRule ^/(.*)         <%= protocol %>://<%= canonical %>/$1 [L,R=301]
<% end %>
<% if custom_directives != false -%>
   <%= custom_directives %>
<% end -%>
</VirtualHost>
# end vhost for <%= title %>
<% if ssl == true %>
# begin ssl vhost for <%= title %>
<VirtualHost <%= listen %>:<%= scope.lookupvar('apache::https_port') %>>
   # Use HTTP Strict Transport Security to force client to use secure connections only
   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

   ServerName <%= title %>.<%= hosting_domain %>
<% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
   DocumentRoot <%= docroot %>
<% if redirect_match != false %>   RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
<% if redirect != false %>   Redirect <%= redirect %><% end %>
<% if aliases != false %><% aliases.each do |map| -%>
   Alias <%= map %>
<% end -%><% end -%>  
<% if use != false %><% use.each do |instance| -%>
   Use <%= instance %>
<% end -%><% end -%>
<% if custom_directives != false -%>
  <%= custom_directives %>
<% end -%>
<% if mpm == true %>
   <IfModule mpm_itk_module>
     AssignUserId <%= user %> <%= gid %>
   </IfModule>
<% end %>
   # SSL Configuration
   SSLEngine on
   SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
   SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
   SSLHonorCipherOrder on
   SSLCompression off
   SSLCertificateFile    /etc/ssl/certs/<%= title %>.crt
   SSLCertificateKeyFile /etc/ssl/private/<%= title %>.pem
</VirtualHost>
# end ssl vhost for <%= title %>
<% end %>