# Auto Generated OpenLiteSpeed Configuration
# Django  App
# Copyright(c) eenos
# Build time : ${time}
# Version 25.10
# Non-ssl vhost
virtualHost ${servername}  {
  user                    ${user}
  group                   ${group}
  vhRoot                  ${homedir}
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  listeners               DefaultIPv4,DefaultIPv6 
  #VirtualHost config settings
  docRoot                   ${docroot}/${appconfig['public']}
  vhDomain                  ${servername}
  vhAliases                 ${serveralias}
  adminEmails               ${serveradmin}
  enableGzip                1
  enableIpGeo               1
  % if openlitespeed['dirlist'] == "on":
  # Enable directory listing
  autoIndex                1
  %else:
  # Disabled directory listing
  autoIndex                0
  %endif
  accesslog /var/log/domlogs/${servername} {
    useServer               0
	  logFormat               %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
    logHeaders              5
    rollingSize             0
  }
  accesslog /var/log/domlogs/${servername}-bytes_log {
    useServer               0
    logFormat               %O %I
    rollingSize             0
  }
  errorlog {
    useServer 1
  }
  % if openlitespeed['hotlink'] == "on":
  # Hote Link Protection
  hotlinkCtrl {
    allowedHosts ${servername} ${serveralias} 
    enableHotlinkCtrl 1    
    suffixes   jpeg, jpg, png, gif, svg, tiff, bmp, webp, bpg, css, ico, js, woff, woff2, ttf, ttc, otf, eot
    allowDirectAccess 1
    redirectUri 
    onlySelf 0
  }
 %endif
 %if have_cgi_bin == "on":
  # CGI Scripts
  context /cgi-bin/{
    type cgi
    location ${docroot}/cgi-bin/
    allowBrowse 1
  }
  %else:
  # No CGI-BIN folders
  %endif
  # lets encrypt auto ssl acme validation 
  context /.well-known/acme-challenge/ {
    location                /var/www/html/.well-known/acme-challenge/		
  }
  # PHP Selector Configuration
  scripthandler  {   
    add                     lsapi:${php} php
    add                     lsapi:${php} php7
    add                     lsapi:${php} phtml
    add                     lsapi:${php} php8
  }
  phpIniOverride  {
    php_admin_flag engine ON
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f ${user}@${servername}"    
    php_admin_value open_basedir "${homedir}:${docroot}:/tmp"
    php_admin_value session.save_path "${homedir}/tmp"
  }
  rewrite  {
    enable                  1
    autoLoadHtaccess        1
  %if siteredirect['status'] == "on" :
    RewriteEngine On
    RewriteRule / ${siteredirect['url']} [R=301, L] 
  %elif redirect['http-to-https'] == "on" :
    %if isvarnish=="off":
    # HTTP to HTTPS Redirection enabled
    RewriteEngine On
    RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,NC,L]
    %else:
    # SSL redirection disabled with varnish to avoid never ending loop
    % endif
  %else:
  # No ssl or site redirection 
  % endif
  % if redirect['www-to-nonwww'] == "tononwww":
  # Redirect www to non-www
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
  RewriteRule (.*) http://%1/$1 [R=301,L]    
  %endif
  % if redirect['www-to-nonwww'] == "towww":
  # Redirect non-www to www
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\. [NC] 
  RewriteRule (.*) http://www.%{HTTP_HOST}/$1 [R=301,NC,L]
  %endif
  }
%if ismodsec =="on":
  %if modsecurity == "off":
  # Modsecurity 3 disabled on this domain
  module mod_security {
    modsecurity off
    modsecurity_rules `
    SecRuleEngine Off
    `
  }
  %endif
%endif
#LSCache  Start
%if islscache == "on":
  %if openlitespeed['lscache'] == "on":
#Lscache enabled on domain
module cache {
  ls_enabled          1  
  enableCache         1
  enablePrivateCache  0
}
  %else:
#Lscache disabled on domain
module cache {
  ls_enabled          0  
  enableCache         0
}
  %endif
%else:
#Lscache is disabled in server
module cache {
  ls_enabled          0  
  enableCache         0
}
%endif
#LSCache  End
%if ismodpagespeed == "on":
  %if openlitespeed['pagespeed'] == "on":
  # Google Page Speed enabled
  module modpagespeed {        
    pagespeed on
    pagespeed RespectVary on
    pagespeed RewriteLevel CoreFilters
    pagespeed PreserveUrlRelativity on
    #pagespeed DisableFilters rewrite_css,rewrite_javascript,combine_css,inline_css,rewrite_images    
    pagespeed EnableFilters fallback_rewrite_css_urls
    pagespeed RespectXForwardedProto on       
    pagespeed MapOriginDomain origin_to_fetch_from origin_specified_in_html [host_header]
    pagespped MapRewriteDomain cdn.${servername} ${servername}    
  }
  %else:
  # Google Page Speed disabled
  module modpagespeed {        
    pagespeed Off    
  }
  %endif
%else:
  # Google Page Speed disabled
  module modpagespeed {        
    pagespeed Off    
  }
%endif
  %if userdir  == "on":
  # Mod user dir enabled
  context /~${user}/{
    autoIndex             1
    location              ${docroot}
  }
  %else:
  # Mod-user dir is disabled
  %endif 
  %if openlitespeed['hsts'] == "on":
  #HSTS Protection
  context / {    
    extraHeaders Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  }
  %endif
  %if openlitespeed['csp'] == "on":
  # Content Security Policy may break website 
  context / { 
    extraHeaders Content-Security-Policy default-src 'self'  
  }
  %endif
  %if openlitespeed['xxp'] == "on":
  #XSS protection
  context / { 
    extraHeaders X-XSS-Protection "1; mode=block"
  }
  %endif
  %if openlitespeed['xfo'] == "on":
  # X-FRAME attack protection
  context / { 
    extraHeaders X-Frame-Options "SAMEORIGIN"
  }
  %endif
  %if openlitespeed['xcto'] == "on":
  context / { 
    extraHeaders X-Content-Type-Options nosniff
  }
  %endif
  %if openlitespeed['rps'] == "on":
  context / { 
    extraHeaders Referrer-Policy strict-origin
  }
  %endif
  %if openlitespeed['ect'] == "on":
  context / { 
    extraHeaders  Expect-CT enforce, max-age=21600
  }
  %endif
  %if openlitespeed['fpg'] == "on":
  context / { 
    #extraHeaders  Feature-Policy geolocation 'self'; vibrate 'none'
    extraHeaders  Permissions-Policy: geolocation=(self), microphone=()
  }
  %endif
  # include aliases
  include /etc/ols/alias.d/*.conf
  %if iscustominclude == 'on':
  # Custom include
  include /var/eenos/userdata/${user}/vhosts/ols/${servername}.include
  %else:
  # Place your custom includes and rebuild vhost
  # include /var/eenos/userdata/${user}/vhosts/ols/${servername}.include
  %endif 
  context / { 
    type                    appserver
    location                ${docroot}
    binPath                 ${lspython}
    appType                 WSGI
    startupFile             ${appconfig['pythonstartup']}    
    %if appconfig['sandboxpython'] == 'on':    
    env                     PYTHONPATH=${homedir}/.sandbox/python/${servername}:${docroot}
    env                     LS_PYTHONBIN=${python}
    %endif   
    rewrite  {
      enable                  1
      autoLoadHtaccess        1
    }
    addDefaultCharset       off
  }
}

#----------------------------------------------------
#       SSL VHOST SETTINGS OF ${servername}
#----------------------------------------------------
%if havessl == "on" :
%if isvarnish == "on":
# Varnish SSL Termination
virtualHost ${servername}-SSL  {
  user                    ${user}
  group                   ${group}
  vhRoot                  ${homedir}
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  listeners               DefaultIPv4SSL,DefaultIPv6SSL  
  #VirtualHost config settings
  docRoot                   ${docroot}
  vhDomain                  ${servername}
  vhAliases                 ${serveralias}
  adminEmails               ${serveradmin}
  enableGzip                1
  enableIpGeo               1
  accesslog /var/log/domlogs/${servername} {
    useServer               0
	  logFormat               %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
    logHeaders              5
    rollingSize             0
  }
  accesslog /var/log/domlogs/${servername}-bytes_log {
    useServer               0
    logFormat               %O %I
    rollingSize             0
  }
  errorlog {
    useServer 1
  }

  # lets encrypt auto ssl acme validation 
  context /.well-known/acme-challenge/ {
    location                /var/www/html/.well-known/acme-challenge/		
	}  
  vhssl  {
    keyFile                 ${sslkey}
    certFile                ${sslcrt}
    certChain               1
    sslProtocol             24
    ciphers                 ${openlitespeed['ciphers']}
  }
%if ismodsec =="on":
  %if modsecurity == "off":
  # Modsecurity 3 disabled on this domain
  module mod_security {
    modsecurity off
    modsecurity_rules `
    SecRuleEngine Off
    `
  }
  %endif
%endif
  %if openlitespeed['hsts'] == "on":
  #HSTS Protection
  context / {    
    extraHeaders Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  }
  %endif
  %if openlitespeed['csp'] == "on":
  # Content Security Policy may break website 
  context / { 
    extraHeaders  Content-Security-Policy default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:;    
  }
  %endif
  %if openlitespeed['xxp'] == "on":
  #XSS protection
  context / { 
    extraHeaders X-XSS-Protection "1; mode=block"
  }
  %endif
  %if openlitespeed['xfo'] == "on":
  # X-FRAME attach protection
  context / { 
    extraHeaders X-Frame-Options "SAMEORIGIN"
  }
  %endif
  %if openlitespeed['xcto'] == "on":
  context / { 
    extraHeaders X-Content-Type-Options nosniff
  }
  %endif
  %if openlitespeed['rps'] == "on":
  context / { 
    extraHeaders Referrer-Policy strict-origin
  }
  %endif
  %if openlitespeed['ect'] == "on":
  context / { 
    extraHeaders  Expect-CT enforce, max-age=21600
  }
  %endif
  %if openlitespeed['fpg'] == "on":
  context / { 
    #extraHeaders  Feature-Policy geolocation 'self'; vibrate 'none'
    extraHeaders  Permissions-Policy: geolocation=(self), microphone=()
  }
  %endif  
  # include aliases
  include /etc/ols/alias.d/*.conf
  # Varnish Proxy
  extprocessor ${servername}-varnish {
  type                    proxy
  address                 http://${ips['ipv4']}:${webports['varnish']['http']}
  maxConns                100
  initTimeout             60
  retryTimeout            0
  respBuffer              0
  }
  rewrite  {
    enable                  1
    autoLoadHtaccess        1
    logLevel                0
    RewriteEngine On
    RequestHeader set X-Forwarded-Port ${webports['httpd']['https']}
    RequestHeader set X-Forwarded-Proto https
    REWRITERULE ^(.*)$ HTTP://${servername}-varnish/$1 [P,L,E=PROXY-HOST:%{HTTP_HOST}]    
  }
}
%else:
# Direct SSL Vhost
virtualHost ${servername}-SSL  {
  user                    ${user}
  group                   ${group}
  vhRoot                  ${homedir}
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  listeners               DefaultIPv4SSL,DefaultIPv6SSL  
  #VirtualHost config settings
  docRoot                   ${docroot}/${appconfig['public']}
  vhDomain                  ${servername}
  vhAliases                 ${serveralias}
  adminEmails               ${serveradmin}
  enableGzip                1
  enableIpGeo               1
  % if openlitespeed['dirlist'] == "on":
  # Enable directory listing
  autoIndex                1
  %else:
  # Disabled directory listing
  autoIndex                0
  %endif 
  accesslog /var/log/domlogs/${servername} {
    useServer               0
	  logFormat               %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
    logHeaders              5
    rollingSize             0
  }
  accesslog /var/log/domlogs/${servername}-bytes_log {
    useServer               0
    logFormat               %O %I
    rollingSize             0
  }
  errorlog {
    useServer 1
  }
  % if openlitespeed['hotlink'] == "on":
  # Hote Link Protection
  hotlinkCtrl {
    allowedHosts ${servername} ${serveralias}
    enableHotlinkCtrl 1    
    suffixes   jpeg, jpg, png, gif, svg, tiff, bmp, webp, bpg, css, ico, js, woff, woff2, ttf, ttc, otf, eot
    allowDirectAccess 1
    redirectUri 
    onlySelf 0
  }
 %endif
  %if have_cgi_bin == "on":
  # CGI Scripts
  context /cgi-bin/{
    type cgi
    location ${docroot}/cgi-bin/
    allowBrowse 1
  }
  %else:
  #No CGI-BIN folders
  %endif
  # lets encrypt auto ssl acme validation 
  context /.well-known/acme-challenge/ {
    location                /var/www/html/.well-known/acme-challenge/		
	}  
  # PHP Selector Configuration
  scripthandler  {   
    add                     lsapi:${php} php
    add                     lsapi:${php} php7
    add                     lsapi:${php} phtml
    add                     lsapi:${php} php8
  }
 
  phpIniOverride  {
    php_admin_flag engine ON
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f ${user}@${servername}"    
    php_admin_value open_basedir "${homedir}:${docroot}:/tmp"
    php_admin_value session.save_path "${homedir}/tmp"
  }
  rewrite  {
    enable                  1
    autoLoadHtaccess        1
  %if siteredirect['status']=="on":
    RewriteEngine On
    RewriteRule / ${siteredirect['url']} [R=301, L]  
  %endif
  % if redirect['www-to-nonwww'] == "tononwww":
  # Redirect www to non-www
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
  RewriteRule (.*) https://%1/$1 [R=301,L]    
  %endif
  % if redirect['www-to-nonwww'] == "towww":
  # Redirect non-www to www
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\. [NC] 
  RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [R=301,NC,L]
  %endif
  }
  vhssl  {
    keyFile                 ${sslkey}
    certFile                ${sslcrt}
    certChain               1
    sslProtocol             24
    ciphers                 ${openlitespeed['ciphers']}
  }
%if ismodsec =="on":
  %if modsecurity == "off":
  # Modsecurity 3 disabled on this domain
  module mod_security {
    modsecurity off
    modsecurity_rules `
    SecRuleEngine Off
    `
  }
  %endif
%endif
#LSCache  Start
%if islscache == "on":
  %if openlitespeed['lscache'] == "on":
#Lscache enabled on domain
module cache {
  ls_enabled          1  
  enableCache         1
  enablePrivateCache  0
}
  %else:
#Lscache disabled on domain
module cache {
  ls_enabled          0  
  enableCache         0
}
  %endif
%else:
#Lscache is disabled in server
module cache {
  ls_enabled          0  
  enableCache         0
}
%endif
#LSCache  End
%if ismodpagespeed == "on":
  %if openlitespeed['pagespeed'] == "on":
  # Google Page Speed enabled
  module modpagespeed {        
    pagespeed on
    pagespeed RespectVary on
    pagespeed RewriteLevel CoreFilters
    pagespeed PreserveUrlRelativity on
    #pagespeed DisableFilters rewrite_css,rewrite_javascript,combine_css,inline_css,rewrite_images    
    pagespeed EnableFilters fallback_rewrite_css_urls
    pagespeed RespectXForwardedProto on        
    pagespeed MapOriginDomain origin_to_fetch_from origin_specified_in_html [host_header]
    pagespped MapRewriteDomain cdn.${servername} ${servername}    
  }
  %else:
  # Google Page Speed disabled
  module modpagespeed {        
    pagespeed Off    
  }
  %endif
  %else:
  # Google Page Speed disabled
  module modpagespeed {        
    pagespeed Off    
  }
  %endif
  %if userdir == "on":
  # Mod user dir enabled
  context /~${user}/{
    autoIndex             1
    location              ${docroot}
  }
  %else:
  # Mod-user dir is disabled
  %endif    
  %if openlitespeed['hsts'] == "on":
  #HSTS Protection
  context / {    
    extraHeaders Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  }
  %endif
  %if openlitespeed['csp'] == "on":
  # Content Security Policy may break website 
  context / { 
    extraHeaders  Content-Security-Policy default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:;    
  }
  %endif
  %if openlitespeed['xxp'] == "on":
  #XSS protection
  context / { 
    extraHeaders X-XSS-Protection "1; mode=block"
  }
  %endif
  %if openlitespeed['xfo'] == "on":
  # X-FRAME attach protection
  context / { 
    extraHeaders X-Frame-Options "SAMEORIGIN"
  }
  %endif
  %if openlitespeed['xcto'] == "on":
  context / { 
    extraHeaders X-Content-Type-Options nosniff
  }
  %endif
  %if openlitespeed['rps'] == "on":
  context / { 
    extraHeaders Referrer-Policy strict-origin
  }
  %endif
  %if openlitespeed['ect'] == "on":
  context / { 
    extraHeaders  Expect-CT enforce, max-age=21600
  }
  %endif
  %if openlitespeed['fpg'] == "on":
  context / { 
    #extraHeaders  Feature-Policy geolocation 'self'; vibrate 'none'
    extraHeaders  Permissions-Policy: geolocation=(self), microphone=()
  }
  %endif  
  # include aliases
  include /etc/ols/alias.d/*.conf
  %if iscustominclude == 'on':
  # Custom include
  include /var/eenos/userdata/${user}/vhosts/ols/${servername}.include
  %else:
  # Place your custom includes and rebuild vhost
  # include /var/eenos/userdata/${user}/vhosts/ols/${servername}.include
  %endif
  context / { 
    type                    appserver
    location                ${docroot}
    binPath                 ${lspython}
    appType                 WSGI
    startupFile             ${appconfig['pythonstartup']}    
    %if appconfig['sandboxpython'] == 'on':
    env                     PYTHONPATH=${homedir}/.sandbox/python/${servername}:${docroot}
    env                     LS_PYTHONBIN=${python}
    %endif      
    rewrite  {
      enable                  1
      autoLoadHtaccess        1
    }
    addDefaultCharset       off
  }
}
%endif  
%endif

# ---------- Webmail 
# ----- mail.${servername}

virtualHost mail.${servername}  {
  user                    eenos
  group                   www-data
  vhRoot                  /usr/local/eenos/3rdparty/
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  listeners               DefaultIPv4,DefaultIPv6 
  #VirtualHost config settings
  docRoot                   /usr/local/eenos/3rdparty/webmail/
  vhDomain                  mail.${servername}
  vhAliases                 www.mail.${servername}
  adminEmails               ${serveradmin}
  enableGzip                1
  enableIpGeo               1
  # Disabled directory listing
  autoIndex                0  
  accesslog /var/log/domlogs/${servername} {
    useServer               0
	  logFormat               %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
    logHeaders              5
    rollingSize             0
  }
  accesslog /var/log/domlogs/${servername}-bytes_log {
    useServer               0
    logFormat               %O %I
    rollingSize             0
  }
  errorlog {
    useServer 1
  }
  # lets encrypt auto ssl acme validation 
  context /.well-known/acme-challenge/ {
    location                /var/www/html/.well-known/acme-challenge/		
  }
  # PHP Selector Configuration
  scripthandler  {   
    add                     lsapi:eenos-apps php
  }
  rewrite  {
    enable                  1
    autoLoadHtaccess        1  
  }
  # Modsecurity 3 disabled on this domain
  module mod_security {
    modsecurity off
    modsecurity_rules `
    SecRuleEngine Off
    `
  }
  # Google Page Speed disabled
  module modpagespeed {        
    pagespeed Off    
  } 
}

#----------------------------------------------------
#       SSL VHOST SETTINGS OF mail.${servername}
#----------------------------------------------------
%if havessl == "on" or mail_ssl=="on":
%if isvarnish == "on":
# Varnish SSL Termination
virtualHost mail.${servername}-SSL  {
  user                    eenos
  group                   www-data
  vhRoot                  /usr/local/eenos/3rdparty/
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  listeners               DefaultIPv4SSL,DefaultIPv6SSL  
  #VirtualHost config settings
  docRoot                   /usr/local/eenos/3rdparty/webmail/
  vhDomain                  mail.${servername}
  vhAliases                 www.mail.${servername}
  adminEmails               ${serveradmin}
  enableGzip                1
  enableIpGeo               1
  accesslog /var/log/domlogs/${servername} {
    useServer               0
	  logFormat               %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
    logHeaders              5
    rollingSize             0
  }
  accesslog /var/log/domlogs/${servername}-bytes_log {
    useServer               0
    logFormat               %O %I
    rollingSize             0
  }
  errorlog {
    useServer 1
  }

  # lets encrypt auto ssl acme validation 
  context /.well-known/acme-challenge/ {
    location                /var/www/html/.well-known/acme-challenge/		
	}  
  vhssl  {
    %if mail_ssl=='on':
    keyFile                 ${mail_ssl_key}
    certFile                ${mail_ssl_crt}
    %else:
    keyFile                 ${sslkey}
    certFile                ${sslcrt}
    %endif
    certChain               1
    sslProtocol             24
    ciphers                 ${openlitespeed['ciphers']}
  }
  # Modsecurity 3 disabled on this domain
  module mod_security {
    modsecurity off
    modsecurity_rules `
    SecRuleEngine Off
    `
  }
  # Varnish Proxy
  extprocessor mail.${servername}-varnish {
  type                    proxy
  address                 http://${ips['ipv4']}:${webports['varnish']['http']}
  maxConns                100
  initTimeout             60
  retryTimeout            0
  respBuffer              0
  }
  rewrite  {
    enable                  1
    autoLoadHtaccess        1
    logLevel                0
    RewriteEngine On
    RequestHeader set X-Forwarded-Port ${webports['httpd']['https']}
    RequestHeader set X-Forwarded-Proto https
    REWRITERULE ^(.*)$ HTTP://mail.${servername}-varnish/$1 [P,L,E=PROXY-HOST:%{HTTP_HOST}]    
  }
}
%else:
# Direct SSL Vhost
virtualHost mail.${servername}-SSL  {
  user                    eenos
  group                   www-data
  vhRoot                  /usr/local/eenos/3rdparty/
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  listeners               DefaultIPv4SSL,DefaultIPv6SSL  
  #VirtualHost config settings
  docRoot                   /usr/local/eenos/3rdparty/webmail/
  vhDomain                  mail.${servername}
  vhAliases                 www.mail.${servername}
  adminEmails               ${serveradmin}
  enableGzip                1
  enableIpGeo               1
  # Disabled directory listing
  autoIndex                0  
  accesslog /var/log/domlogs/${servername} {
    useServer               0
	  logFormat               %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
    logHeaders              5
    rollingSize             0
  }
  accesslog /var/log/domlogs/${servername}-bytes_log {
    useServer               0
    logFormat               %O %I
    rollingSize             0
  }
  errorlog {
    useServer 1
  }
  # lets encrypt auto ssl acme validation 
  context /.well-known/acme-challenge/ {
    location                /var/www/html/.well-known/acme-challenge/		
	}  
  # PHP Selector Configuration
  scripthandler  {   
    add                     lsapi:eenos-apps php
  }
 
  rewrite  {
    enable                  1
    autoLoadHtaccess        1
  }
  vhssl  {
    %if mail_ssl=='on':
    keyFile                 ${mail_ssl_key}
    certFile                ${mail_ssl_crt}
    %else:
    keyFile                 ${sslkey}
    certFile                ${sslcrt}
    %endif
    certChain               1
    sslProtocol             24
    ciphers                 ${openlitespeed['ciphers']}
  }
  # Modsecurity 3 disabled on this domain
  module mod_security {
    modsecurity off
    modsecurity_rules `
    SecRuleEngine Off
    `
  }
  # Google Page Speed disabled
  module modpagespeed {        
    pagespeed Off    
  }
}
%endif  
%endif
