# The port 80 host is required for renewing Let's Encrypt certificates.
<VirtualHost *:80>
    ServerName {{ domain_name }}
    ServerAlias *.{{ domain_name }}
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/.well-known [NC]
    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
    DocumentRoot /var/www/maint/www
</VirtualHost>

{% if ssl_enabled %}
# The 443 host is where the project is actually served.
<VirtualHost *:443>
    ServerName {{ domain_name }}
    DocumentRoot /var/www/maint/www

    SSLEngine on
    SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem
    SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem

    <Location "{{ radicale_uri }}">
        ProxyPass http://localhost:5232/ retry=0
        ProxyPassReverse http://localhost:5232/
        RequestHeader set X-Script-Name /radicale
    </Location>
</VirtualHost>
{% endif %}