# <%= servername %>
<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfDefine HttpdLocal>
<%- end -%>
<%- unless ssl_mode.to_s == 'only'  then -%>
<VirtualHost *:80>
    Include include.d/defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%> 
    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
    ServerAdmin <%= server_admin %>
    <%- end -%>
    DocumentRoot <%= documentroot %>/

    <%- case logmode.to_s
        when 'nologs' -%>
    ErrorLog /dev/null
    CustomLog /dev/null
    <%- when 'semianonym' -%>
    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log noip
    <%- when 'anonym' -%>
    ErrorLog /dev/null
    CustomLog <%= logdir %>/access_log noip
    <%- else -%>
    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log combined
    <%- end -%>

    <%- if ssl_mode.to_s == 'force' then -%>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L]

    <%- end -%>
    <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
    <IfModule mpm_itk_module>
        AssignUserId <%= run_uid+" "+run_gid %>
    </IfModule>

    <%- end -%>
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>

    <%- end -%>
    <%- if not ssl_mode.to_s == 'force' then -%>
    <Directory "<%= documentroot %>/">
        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
        php_admin_flag engine on
        <%- if php_safe_mode.to_s == 'false' -%>
        php_admin_flag safe_mode Off
        <%- end -%>
        <%- unless php_default_charset.to_s == 'absent' then -%>
        php_admin_value default_charset <%= php_default_charset %>
        <%- end -%>
        php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
        php_admin_value session.save_path <%= real_php_session_save_path %>
        <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%>
        php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
        <%- end -%>
    </Directory>
    <%- end -%>

    <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
    <IfModule mod_security2.c>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        <%- if mod_security_relevantonly.to_s == 'true' then -%>
        SecAuditEngine RelevantOnly
        <%- else -%>
        SecAuditEngine On
        <%- end -%>
        <%- else -%>
        SecRuleEngine Off
        SecAuditEngine Off
        <%- end -%>
        SecAuditLogType Concurrent
        SecAuditLogStorageDir <%= logdir %>/
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
    </IfModule>
    <%- end -%>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>
<%- end -%>

<%- unless ssl_mode.to_s == 'false'  then -%>
<VirtualHost *:443>
    Include include.d/defaults.inc
    Include include.d/ssl_defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%> 
    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
    ServerAdmin <%= server_admin %>
    <%- end -%>
    DocumentRoot <%= documentroot %>/

    <%- case logmode.to_s
        when 'nologs' -%>
    ErrorLog /dev/null
    CustomLog /dev/null
    <%- when 'semianonym' -%>
    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log noip
    <%- when 'anonym' -%>
    ErrorLog /dev/null
    CustomLog <%= logdir %>/access_log noip
    <%- else -%>
    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log combined

    <%- end -%>
    <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
    <IfModule mpm_itk_module>
        AssignUserId <%= run_uid+" "+run_gid %>
    </IfModule>

    <%- end -%>
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>

    <%- end -%>
    Header add Strict-Transport-Security "max-age=15768000"

    <Directory "<%= documentroot %>/">
        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
        php_admin_flag engine on
        <%- if php_safe_mode.to_s == 'false' -%>
        php_admin_flag safe_mode Off
        <%- end -%>
        <%- unless php_default_charset.to_s == 'absent' then -%>
        php_admin_value default_charset <%= php_default_charset %>
        <%- end -%>
        php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
        php_admin_value session.save_path <%= real_php_session_save_path %>
        <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%>
        php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
        <%- end -%>
    </Directory>

    <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
    <IfModule mod_security2.c>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        <%- if mod_security_relevantonly.to_s == 'true' then -%>
        SecAuditEngine RelevantOnly
        <%- else -%>
        SecAuditEngine On
        <%- end -%>
        <%- else -%>
        SecRuleEngine Off
        SecAuditEngine Off
        <%- end -%>
        SecAuditLogType Concurrent
        SecAuditLogStorageDir <%= logdir %>/
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
    </IfModule>
    <%- end -%>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>
<%- end -%>
<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
</IfDefine>
<IfDefine !HttpdLocal>
<%- unless ssl_mode.to_s == 'only'  then -%>
<VirtualHost *:80>
    Include include.d/defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%>
    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
    ServerAdmin <%= server_admin %>
    <%- end -%>
    <%- if run_mode.to_s == 'static-itk' -%>
    DocumentRoot <%= documentroot %>/
    DirectoryIndex index.htm index.html index.php
    <%- end -%>

    <%- case logmode.to_s
        when 'nologs' -%>
    ErrorLog /dev/null
    CustomLog /dev/null
    <%- when 'semianonym' -%>
    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
    <%- when 'anonym' -%>
    ErrorLog /dev/null
    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
    <%- else -%>
    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
    <%- end -%>

    ProxyPreserveHost On
    ProxyRequests off
    <%- if run_mode.to_s == 'static-itk' -%>
    ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
    <%- else -%>
    ProxyPass / http://127.0.0.1/
    <%- end -%>
    ProxyPassReverse / http://127.0.0.1/

    <%- if ssl_mode.to_s == 'force' then -%>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L]

    <%- end -%>
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>

    <%- end -%>
    <%- if run_mode.to_s == 'static-itk' then -%>
    <%- if not ssl_mode.to_s == 'force' then -%>
    <Directory "<%= documentroot %>/">
        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
    </Directory>
    <%- end -%>
    <%- end -%>

    <IfModule mod_security2.c>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        <%- if mod_security_relevantonly.to_s == 'true' then -%>
        SecAuditEngine RelevantOnly
        <%- else -%>
        SecAuditEngine On
        <%- end -%>
        <%- else -%>
        SecRuleEngine Off
        SecAuditEngine Off
        <%- end -%>
        SecAuditLogType Concurrent
        SecAuditLogStorageDir <%= logdir %>/
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
    </IfModule>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>
<%- end -%>

<%- unless ssl_mode.to_s == 'false'  then -%>
<VirtualHost *:443>
    Include include.d/defaults.inc
    Include include.d/ssl_defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%>
    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
    ServerAdmin <%= server_admin %>
    <%- end -%>
    <%- if run_mode.to_s == 'static-itk' -%>
    DocumentRoot <%= documentroot %>/
    DirectoryIndex index.htm index.html index.php
    <%- end -%>

    <%- case logmode.to_s
        when 'nologs' -%>
    ErrorLog /dev/null
    CustomLog /dev/null
    <%- when 'semianonym' -%>
    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
    <%- when 'anonym' -%>
    ErrorLog /dev/null
    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
    <%- else -%>
    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
    <%- end -%>

    ProxyPreserveHost On
    ProxyRequests off
    SSLProxyEngine On
    <%- if run_mode.to_s == 'static-itk' -%>
    ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
    <%- else -%>
    ProxyPass / https://127.0.0.1/
    <%- end -%>
    ProxyPassReverse / https://127.0.0.1/

    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>

    <%- end -%>
    Header add Strict-Transport-Security "max-age=15768000"

    <%- if run_mode.to_s == 'static-itk' -%>
    <Directory "<%= documentroot %>/">
        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
    </Directory>
    <%- end -%>

    <IfModule mod_security2.c>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        <%- if mod_security_relevantonly.to_s == 'true' then -%>
        SecAuditEngine RelevantOnly
        <%- else -%>
        SecAuditEngine On
        <%- end -%>
        <%- else -%>
        SecRuleEngine Off
        SecAuditEngine Off
        <%- end -%>
        SecAuditLogType Concurrent
        SecAuditLogStorageDir <%= logdir %>/
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
    </IfModule>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>
<%- end -%>
</IfDefine>
<%- end -%>