# <%= servername %>
<VirtualHost *:80>
    Include conf.d/defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%> 
    DocumentRoot <%= documentroot %>/

    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log combined
    <%- if ssl_mode.to_s == 'force' then -%>
    Redirect permanent / https://<%= servername %>/
    <%- end -%>
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>
    <%- end -%>
    <%- if run_mode.to_s == 'itk' -%>
    <IfModule mpm_itk_module>
        AssignUserId <%= run_uid+" "+run_gid %>
    </IfModule>
    <%- end -%>
    <%- if not ssl_mode.to_s == 'force' then -%>
    <Directory "<%= documentroot %>/">
        Include conf.d/joomla.inc

        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
        php_admin_flag engine on
        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
        php_admin_value session.save_path <%= real_php_session_save_path %>
    </Directory>
    <%- end -%>
	
    <Directory "<%= documentroot %>/administrator/">
        RewriteEngine on

        # Rewrite URLs to https that go for the admin area
        RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} (.*/administrator/.*)
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
    </Directory>

    <IfModule mod_security2.c>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
        # Exceptions for Joomla Root Directory
        <LocationMatch '^/'>
            SecRuleRemoveById 950013
        </LocationMatch>

        # Exceptions for Joomla Administration Panel
        SecRule REQUEST_FILENAME "/administrator/index2.php" \
        "allow,phase:1,nolog,ctl:ruleEngine=Off"

        # Exceptions for Joomla Component Expose
        <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
            SecRuleRemoveById 960010
        </LocationMatch>
        <%- else -%>
        SecRuleEngine DetectionOnly
        <%- end -%>
        SecAuditLogType Concurrent
        SecAuditLogStorageDir <%= logdir %>/
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
    </IfModule>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>

<%- unless ssl_mode.to_s == 'false'  then -%>
<VirtualHost *:443>
    Include conf.d/defaults.inc
    Include conf.d/ssl_defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%> 
    DocumentRoot <%= documentroot %>/

    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log combined
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>
    <%- end -%>
    <%- if run_mode.to_s == 'itk' -%>
    <IfModule mpm_itk_module>
        AssignUserId <%= run_uid+" "+run_gid %>
    </IfModule>
    <%- end -%>
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>
    <%- end -%>
    <Directory "<%= documentroot %>/">
        Include conf.d/joomla.inc

        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
        php_admin_flag engine on
        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
        php_admin_value session.save_path <%= real_php_session_save_path %>
    </Directory>

    <IfModule mod_security2.c>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
        # Exceptions for Joomla Root Directory
        <LocationMatch '^/'>
            SecRuleRemoveById 950013
        </LocationMatch>

        # Exceptions for Joomla Administration Panel
        SecRule REQUEST_FILENAME "/administrator/index2.php" \
        "allow,phase:1,nolog,ctl:ruleEngine=Off"

        # Exceptions for Joomla Component Expose
        <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
            SecRuleRemoveById 960010
        </LocationMatch>
        <%- else -%>
        SecRuleEngine DetectionOnly
        <%- end -%>
        SecAuditLogType Concurrent
        SecAuditLogStorageDir <%= logdir %>/
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
    </IfModule>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>
<%- end -%>