# The port 80 host is required for renewing Let's Encrypt certificates.
<VirtualHost *:80>
    ServerName {{ domain_name }}
    ServerAlias *.{{ domain_name }}
    ServerAdmin {{ webmaster_email }}
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/.well-known [NC]
    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
    DocumentRoot /var/www/maint/www
</VirtualHost>

{% if ssl_enabled %}
# The 443 host is where the project is actually served.
<VirtualHost *:443>
    ServerName {{ domain_name }}
    ServerAdmin {{ webmaster_email }}
    DocumentRoot /var/www/{{ domain_tld }}/www

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem
    SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem

    <Directory /var/www/{{ domain_tld }}/www{{ install_path }}>
        Options +FollowSymlinks
        AllowOverride All

        <IfModule mod_dav.c>
            Dav off
        </IfModule>

        <IfModule mod_rewrite.c>
            RewriteEngine on
            RewriteRule ^\.well-known/carddav {{ install_path }}remote.php/dav [R=301,L]
            RewriteRule ^\.well-known/caldav {{ install_path }}remote.php/dav [R=301,L]
            RewriteRule ^\.well-known/webfinger {{ install_path }}index.php/.well-known/webfinger [R=301,L]
            RewriteRule ^\.well-known/nodeinfo {{ install_path }}index.php/.well-known/nodeinfo [R=301,L]
        </IfModule>

        SetEnv HOME /var/www/{{ domain_tld }}/www{{ install_path }}
        SetEnv HTTP_HOME /var/www/{{ domain_tld}}/www{{ install_path}}
    </Directory>

</VirtualHost>
{% endif %}