#............................................................................
#   Eenos default  Vhost Configurations    
#............................................................................
# Build Time - ${time}
# Domain name - ${servername}
#.......... HTTP VHOST ..................................
# Version 25.10
%if isipv6 == "on":
<VirtualHost ${ips['ipv4']}:${webports['httpd']['http']} [${ips['ipv6']}]:${webports['httpd']['http']}>
%else:
<VirtualHost ${ips['ipv4']}:${webports['httpd']['http']}>    
%endif
    %if iswildcard == "on":
    ServerAlias ${servername}
    %else:
    ServerName ${servername}
    ServerAlias ${serveralias} 
    %endif
    %if siteredirect['status']=="on":
    # Redirect all site to remote url 
    Redirect permanent / ${siteredirect['url']}
    %elif redirect['http-to-https'] == "on" and isvarnish=="off":
    # Redirecting  HTTP to HTTPS
    Redirect permanent / https://${servername}/
    %else:
    DocumentRoot ${docroot}
    %endif
    ServerAdmin webmaster@${servername}
    UseCanonicalName Off   
    %if 'dirlist' in httpd and httpd['dirlist'] == "off":
    # Directory listing Disabled
    <Directory "${docroot}">
        Options -Indexes 
    </Directory>
    % endif
    #Let's encrypt acme folder
    <IfModule alias_module>
        Alias /.well-known /var/www/html/.well-known
    </IfModule> 
    %if redirect['www-to-nonwww'] == "tononwww":
    # Redirect www to non-www
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
        RewriteRule ^ %{REQUEST_SCHEME}://%1%{REQUEST_URI} [R=301,L]
    </IfModule>
    %endif
    %if redirect['www-to-nonwww'] == "towww":
    # Redirect non-www to www    
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{HTTP_HOST} !^www\. [NC]
        RewriteRule ^ %{REQUEST_SCHEME}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </IfModule>
    %endif
    %if userdir == "on":
    # Mod user dir enabled
    <IfModule userdir_module>
        <IfModule !mpm_itk.c>
            <IfModule !ruid2_module>
                <IfModule !mod_passenger.c>
                    UserDir disabled
                    UserDir enabled ${user}
                </IfModule>
            </IfModule>
        </IfModule>
    </IfModule>
    %else:
     # Mod user dir disabled
    <IfModule userdir_module>
        <IfModule !mpm_itk.c>
            <IfModule !ruid2_module>
                <IfModule !mod_passenger.c>
                    UserDir disabled                   
                </IfModule>
            </IfModule>
        </IfModule>
    </IfModule>
    %endif   
    #susphp
    <IfModule suphp_module>
        suPHP_UserGroup ${user} ${user}
    </IfModule>
    #suexec
    <IfModule suexec_module>        
        <IfModule !mod_ruid2.c>
            SuexecUserGroup ${user} ${user}
        </IfModule>
    </IfModule>
    #ruid2
    <IfModule ruid2_module>
        RMode config
        RUidGid ${user} ${user}
    </IfModule>
    #for mpm ITK
    <IfModule mpm_itk.c>    
        AssignUserID ${user} ${user}
    </IfModule>
    # for passenger module
    <IfModule mod_passenger.c>
        PassengerUser ${user}
        PassengerGroup ${user}
    </IfModule>
    # Cgi-bin alias 
    <IfModule alias_module>
        ScriptAlias /cgi-bin/ ${docroot}/cgi-bin/
    </IfModule>
    # Global DCV Rewrite Exclude
    <IfModule rewrite_module>
        RewriteOptions Inherit
    </IfModule>
    %if httpd['fpm'] == "on":
    #for fpm via php selector
    <IfModule proxy_fcgi_module>
        <FilesMatch \.(phtml|php[0-9]*)$>
            SetHandler proxy:unix:${fpmsocket}|fcgi://${servername}
        </FilesMatch>
    </IfModule>
    %else:
    #php selector   
    <IfModule mime_module>
        AddHandler application/x-httpd-${php} .php .phtml 
    </IfModule>
    %endif
    % if iscustominclude == 'on':
    # Custom include
    Include "/var/eenos/userdata/${user}/vhosts/httpd/${servername}.include"
    %else:
    # To customize this VirtualHost use an include file at the following location
    # Include "/var/eenos/userdata/${user}/vhosts/httpd/${servername}.include"
    %endif
    #Access logs
    <IfModule mod_log_config.c>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        <IfModule logio_module>
            LogFormat "%{%s}t %I .\n%v %{%s}t %O ." bytesvhost
            CustomLog  /var/log/domlogs/${servername}-bytes_log bytesvhost
        </IfModule>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent    
        CustomLog   /var/log/domlogs/${servername} combinedvhost 
    </IfModule>
    %if ismodsec =="on":
        %if modsecurity == "off":
    # Modsecurity disabled on domain
    <IfModule security3_module>
        modsecurity_rules 'SecRuleEngine Off'
    </IfModule>
        %else:
    # Modsecurity 3 protected
        %endif
    %else:
    # Modsecurity not enabled on server
    %endif    
</VirtualHost>

%if havessl=="on":
#.......... HTTPS VHOST ..................................
%if isvarnish=="on":
# Varnish ssl termination 
%if isipv6 == "on":
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']} [${ips['ipv6']}]:${webports['httpd']['https']}>
%else:
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']}>    
%endif
    %if iswildcard == "on":
    ServerAlias ${servername}
    %else:
    ServerName ${servername}
    ServerAlias ${serveralias} 
    %endif    
    ServerAdmin webmaster@${servername}
    %if siteredirect['status']=="on":
    # Redirect all site to remote url 
    Redirect permanent / ${siteredirect['url']}
    %endif 
    <IfModule ssl_module>
        SSLEngine on
        SSLCertificateFile ${sslcrt}
        SSLCertificateKeyFile ${sslkey}
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        <Directory "${docroot}/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    </IfModule>
    <IfModule headers_module>
    RequestHeader set X-Forwarded-Port ${webports['httpd']['https']}
    RequestHeader set X-Forwarded-Proto https
    </IfModule>
    %if ismodsec =="on":
        %if modsecurity == "off":
    # Modsecurity disabled on domain
    <IfModule security3_module>
        modsecurity_rules 'SecRuleEngine Off'
    </IfModule>
        %else:
    # Modsecurity 3 protected
        %endif
    %else:
    # Modsecurity not enabled on server
    %endif
    ProxyPreserveHost On
    ProxyPass / http://${ips['ipv4']}:${webports['varnish']['http']}/
    ProxyPassReverse / http://${ips['ipv4']}:${webports['varnish']['http']}/
</VirtualHost>    
%else:
#httpd ssl vhost
%if isipv6 == "on":
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']} [${ips['ipv6']}]:${webports['httpd']['https']}>
%else:
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']}>    
%endif
    %if iswildcard == "on":
    ServerAlias ${servername}
    %else:
    ServerName ${servername}
    ServerAlias ${serveralias} 
    %endif     
    %if siteredirect['status']=="on":
    # Redirect all site to remote url 
    Redirect permanent / ${siteredirect['url']}
    %endif 
    DocumentRoot ${docroot}
    ServerAdmin webmaster@${servername}
    UseCanonicalName Off
    <IfModule ssl_module>
        SSLEngine on
        SSLCertificateFile ${sslcrt}
        SSLCertificateKeyFile ${sslkey}
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        <Directory "${docroot}/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    </IfModule>
    %if 'dirlist' in httpd and httpd['dirlist'] == "off":
    # Directory listing Disabled
    <Directory "${docroot}">
        Options -Indexes 
    </Directory>
    % endif
    #Let's encrypt acme folder
    <IfModule alias_module>
        Alias /.well-known /var/www/html/.well-known
    </IfModule>
    %if redirect['www-to-nonwww'] == "tononwww":
    # Redirect www to non-www
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
        RewriteRule ^ %{REQUEST_SCHEME}://%1%{REQUEST_URI} [R=301,L]
    </IfModule>
    %endif
    %if redirect['www-to-nonwww'] == "towww":
    # Redirect non-www to www    
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{HTTP_HOST} !^www\. [NC]
        RewriteRule ^ %{REQUEST_SCHEME}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </IfModule>
    %endif
    # user dir 
    <IfModule userdir_module>
        <IfModule !mpm_itk.c>
            <IfModule !ruid2_module>
                <IfModule !mod_passenger.c>
                    UserDir disabled
                    UserDir enabled ${user}
                </IfModule>
            </IfModule>
        </IfModule>
    </IfModule>
    #susphp
    <IfModule suphp_module>
        suPHP_UserGroup ${user} ${user}
    </IfModule>
    #suexec
    <IfModule suexec_module>
        <IfModule !mod_ruid2.c>
            SuexecUserGroup ${user} ${user}
        </IfModule>
    </IfModule>
    #ruid2
    <IfModule ruid2_module>
        RMode config
        RUidGid ${user} ${user}
    </IfModule>
    #for mpm ITK
    <IfModule mpm_itk.c>    
        AssignUserID ${user} ${user}
    </IfModule>
    # for passenger module
    <IfModule mod_passenger.c>
        PassengerUser ${user}
        PassengerGroup ${user}
    </IfModule>
    # Cgi-bin alias 
    <IfModule alias_module>
        ScriptAlias /cgi-bin/ ${docroot}/cgi-bin/
    </IfModule>
    # Global DCV Rewrite Exclude
    <IfModule rewrite_module>
        RewriteOptions Inherit
    </IfModule>
    %if httpd['fpm'] == "on":
    #for fpm via php selector
    <IfModule proxy_fcgi_module>
        <FilesMatch \.(phtml|php[0-9]*)$>
            SetHandler proxy:unix:${fpmsocket}|fcgi://${servername}
        </FilesMatch>
    </IfModule>
    %else:
    #php selector   
    <IfModule mime_module>
        AddHandler application/x-httpd-${php} .php .phtml 
    </IfModule>
    %endif
    % if iscustominclude == 'on':
    # Custom include
    Include "/var/eenos/userdata/${user}/vhosts/httpd/${servername}.include"
    %else:
    # To customize this VirtualHost use an include file at the following location
    # Include "/var/eenos/userdata/${user}/vhosts/httpd/${servername}.include"
    %endif
    #Access logs
    <IfModule mod_log_config.c>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        <IfModule logio_module>
            LogFormat "%{%s}t %I .\n%v %{%s}t %O ." bytesvhost
            CustomLog  /var/log/domlogs/${servername}-bytes_log bytesvhost
        </IfModule>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent    
        CustomLog   /var/log/domlogs/${servername} combinedvhost 
    </IfModule>
    %if ismodsec =="on":
        %if modsecurity == "off":
    # Modsecurity disabled on domain
    <IfModule security3_module>
        modsecurity_rules 'SecRuleEngine Off'
    </IfModule>
        %else:
    # Modsecurity 3 protected
        %endif
    %else:
    # Modsecurity not enabled on server
    %endif

</VirtualHost>
%endif
%endif

# Webmail vhost for mail.${servername}
# HTTP
%if isipv6 == "on":
<VirtualHost ${ips['ipv4']}:${webports['httpd']['http']} [${ips['ipv6']}]:${webports['httpd']['http']}>
%else:
<VirtualHost ${ips['ipv4']}:${webports['httpd']['http']}>    
%endif
    %if iswildcard == "on":
    ServerAlias mail.${servername}
    %else:
    ServerName mail.${servername}    
    %endif    
    DocumentRoot /usr/local/eenos/3rdparty/webmail
    ServerAdmin webmaster@${servername}
    UseCanonicalName Off
    #Let's encrypt acme folder
    <IfModule alias_module>
        Alias /.well-known /var/www/html/.well-known
    </IfModule>   
    <Directory  ~ "/webmail/(bin|config|installer|logs|SQL|examples|setup\.git)">
        Order allow,deny
        Deny from all
    </Directory> 
    <Files ~ "(.ini|.log|.conf|.lock|.dist|.json|.md|.inc.php)">
            Order allow,deny
            Deny from all
    </Files> 
    #Access logs
    <IfModule mod_log_config.c>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        <IfModule logio_module>
            LogFormat "%{%s}t %I .\n%v %{%s}t %O ." bytesvhost
            CustomLog  /var/log/domlogs/${servername}-bytes_log bytesvhost
        </IfModule>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent    
        CustomLog   /var/log/domlogs/${servername} combinedvhost 
    </IfModule>
    <IfModule proxy_fcgi_module>
        <FilesMatch \.(phtml|php[0-9]*)$>
            SetHandler proxy:unix:/run/eenos-data-fpm.sock|fcgi://mail.${servername}
        </FilesMatch>
    </IfModule>
    <IfModule security3_module>
        modsecurity_rules 'SecRuleEngine Off'
    </IfModule>
</VirtualHost>
%if havessl=="on" or mail_ssl=="on":
%if isvarnish=="on":
# Varnish ssl termination 
%if isipv6 == "on":
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']} [${ips['ipv6']}]:${webports['httpd']['https']}>
%else:
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']}>    
%endif
    %if iswildcard == "on":
    ServerAlias mail.${servername}
    %else:
    ServerName mail.${servername}    
    %endif        
    ServerAdmin webmaster@${servername}
    <IfModule ssl_module>
        SSLEngine on
        %if mail_ssl=='on':
        SSLCertificateFile ${mail_ssl_crt}
        SSLCertificateKeyFile ${mail_ssl_key}
        %else:
        SSLCertificateFile ${sslcrt}
        SSLCertificateKeyFile ${sslkey}
        %endif
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        <Directory "${docroot}/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    </IfModule>
    <IfModule headers_module>
    RequestHeader set X-Forwarded-Port ${webports['httpd']['https']}
    RequestHeader set X-Forwarded-Proto https
    </IfModule>
    <IfModule security3_module>
        modsecurity_rules 'SecRuleEngine Off'
    </IfModule>
    ProxyPreserveHost On
    ProxyPass / http://${ips['ipv4']}:${webports['varnish']['http']}/
    ProxyPassReverse / http://${ips['ipv4']}:${webports['varnish']['http']}/
</VirtualHost> 
%else:
#APACHE SSl vHOST
%if isipv6 == "on":
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']} [${ips['ipv6']}]:${webports['httpd']['https']}>
%else:
<VirtualHost ${ips['ipv4']}:${webports['httpd']['https']}>    
%endif
    %if iswildcard == "on":
    ServerAlias mail.${servername}
    %else:
    ServerName mail.${servername}    
    %endif    
    DocumentRoot /usr/local/eenos/3rdparty/webmail   
    ServerAdmin webmaster@${servername}
    UseCanonicalName Off
    <IfModule ssl_module>
        SSLEngine on
        %if mail_ssl=='on':
        SSLCertificateFile ${mail_ssl_crt}
        SSLCertificateKeyFile ${mail_ssl_key}
        %else:
        SSLCertificateFile ${sslcrt}
        SSLCertificateKeyFile ${sslkey}
        %endif
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        <Directory "${docroot}/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    </IfModule>
    %if 'dirlist' in httpd and httpd['dirlist'] == "off":
    # Directory listing Disabled
    <Directory "${docroot}">
        Options -Indexes 
    </Directory>
    % endif
    #Let's encrypt acme folder
    <IfModule alias_module>
        Alias /.well-known /var/www/html/.well-known
    </IfModule>
     <Directory  ~ "/webmail/(bin|config|installer|logs|SQL|examples|setup\.git)">
        Order allow,deny
        Deny from all
    </Directory> 
    <Files ~ "(.ini|.log|.conf|.lock|.dist|.json|.md|.inc.php)">
            Order allow,deny
            Deny from all
    </Files> 
    #Access logs
    <IfModule mod_log_config.c>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        <IfModule logio_module>
            LogFormat "%{%s}t %I .\n%v %{%s}t %O ." bytesvhost
            CustomLog  /var/log/domlogs/${servername}-bytes_log bytesvhost
        </IfModule>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent    
        CustomLog   /var/log/domlogs/${servername} combinedvhost 
    </IfModule>
    <IfModule proxy_fcgi_module>
        <FilesMatch \.(phtml|php[0-9]*)$>
            SetHandler proxy:unix:/run/eenos-data-fpm.sock|fcgi://mail.${servername}
        </FilesMatch>
    </IfModule>
    <IfModule security3_module>
        modsecurity_rules 'SecRuleEngine Off'
    </IfModule>
</VirtualHost>
%endif
%endif
# End of Webmail vhost
