ServerName	photos.theschleiers.com
ServerAdmin	webmaster@theschleiers.com
Define		PORT_SSL     36403
Define		PORT_HTTP    36365
Define		PORT_GALLERY 36366
Listen		127.0.0.1:${PORT_SSL}
Define		SERVERHOME /home/schleierdav/sites/theschleiers.com/photos
DocumentRoot	"${SERVERHOME}/html"
ErrorLog	"${SERVERHOME}/logs/errors"

LoadModule alias_module lib/httpd/mod_alias.so
	Alias "/.well-known/acme-challenge/" "${SERVERHOME}/letsencrypt/"

LoadModule mpm_prefork_module lib/httpd/mod_mpm_prefork.so
	PidFile "${SERVERHOME}/service/apache.pid"

LoadModule log_config_module lib/httpd/mod_log_config.so
	LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_for_proxied_site
	CustomLog "${SERVERHOME}/logs/access" combined_for_proxied_site env=!INTERNAL_DUMMY_CONNECTION

LoadModule remoteip_module lib/httpd/mod_remoteip.so
	RemoteIPHeader X-Forwarded-For
	RemoteIPInternalProxy 127.0.0.1
	RemoteIPProxyProtocol on

<VirtualHost	127.0.0.1:${PORT_SSL}>
	ServerName	photos.theschleiers.com
	ServerAlias	xn--9dbazj1ce.xn--8dbkaamj9ee.com
	ServerAlias	fotos.dieschleier.de

LoadModule auth_basic_module lib/httpd/mod_auth_basic.so
LoadModule authn_core_module lib/httpd/mod_authn_core.so
LoadModule authn_file_module lib/httpd/mod_authn_file.so
LoadModule authz_core_module lib/httpd/mod_authz_core.so
LoadModule authz_user_module lib/httpd/mod_authz_user.so
	<Location />
		Require user reberber
		AuthName "Schleier Raw Photos"
		AuthType Basic
		AuthBasicProvider file
		AuthUserFile "${SERVERHOME}/conf/users"

		<Limit HEAD GET POST>
			Require user veiled
		</Limit>
	</Location>
	<Location "/.well-known/acme-challenge">
		Require all granted
	</Location>

LoadModule dav_module lib/httpd/mod_dav.so
LoadModule dav_fs_module lib/httpd/mod_dav_fs.so
	DavLockDB "${SERVERHOME}/service/davlock"
	<Location />
		Dav on
	</Location>

LoadModule proxy_module lib/httpd/mod_proxy.so
LoadModule proxy_http_module lib/httpd/mod_proxy_http.so
LoadModule rewrite_module lib/httpd/mod_rewrite.so
	ProxyTimeout	293
	RewriteEngine	on
	RewriteCond	%{ENV:SPEAK_DAV_TO_ME}	!=YES
	RewriteCond	%{ENV:LETSENCRYPT_CHALLENGE}	!=YES
	RewriteRule	^/(.*)$			http://127.0.0.1:${PORT_GALLERY}/$1 [P,L]

LoadModule setenvif_module lib/httpd/mod_setenvif.so
	SetEnvIf	User-Agent	^WebDAV.*$ \
		SPEAK_DAV_TO_ME=YES
	SetEnvIf	User-Agent	^Apache/.* .*internal dummy connection.*$ \
		INTERNAL_DUMMY_CONNECTION
	SetEnvIf	Request_URI	"^/\.well-known/acme-challenge/.*$" \
		LETSENCRYPT_CHALLENGE=YES

LoadModule ssl_module lib/httpd/mod_ssl.so
	SSLEngine	on
	SSLCertificateFile "/home/schleierdav/sites/theschleiers.com/photos/letsencrypt/cert/letsencrypt_combined.pem"
	SSLCipherSuite	"EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4"

LoadModule unixd_module lib/httpd/mod_unixd.so
</VirtualHost>

Listen		127.0.0.1:${PORT_HTTP}
<VirtualHost	127.0.0.1:${PORT_HTTP}>
	ServerName	photos.theschleiers.com
	Redirect	permanent "/" "https://photos.theschleiers.com/"
# XXX allow acme-challenge in these ones
</VirtualHost>
<VirtualHost	127.0.0.1:${PORT_HTTP}>
	ServerName	xn--9dbazj1ce.xn--8dbkaamj9ee.com
	Redirect	permanent "/" "https://xn--9dbazj1ce.xn--8dbkaamj9ee.com/"
</VirtualHost>
<VirtualHost	127.0.0.1:${PORT_HTTP}>
	ServerName	fotos.dieschleier.de
	Redirect	permanent "/" "https://fotos.dieschleier.de/"
</VirtualHost>