# The port 80 host is required for renewing Let's Encrypt certificates. By default document root is shared by all sites
# requiring SSL support, but this may be changed to {{ deploy.shared_path }}/maint/www in the deployment template if
# a custom maintenance site is required.
<VirtualHost *:80>
    ServerName {{ domain_name }}
    ServerAlias *.{{ domain_name }}
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/.well-known [NC]
    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
    DocumentRoot /var/www/maint/www
</VirtualHost>

# The 443 host is where the application is actually served.
<VirtualHost *:443>
    ServerName {{ domain_name }}
    DocumentRoot {{ install_path }}/{{ domain_tld }}

    <Directory {{ install_path }}/{{ domain_tld }}>
        Options FollowSymLinks
        Allowoverride All
        Require all granted
    </Directory>

    <Files "console">
        Options None
        Require all denied
    </Files>

    <Directory {{ install_path }}/{{ domain_tld }}/misc/user>
        Options None
        Required all granted
    </Directory>

    <Directory {{ install_path }}/{{ domain_tld }}/misc>
        Options None
        Required all granted
    </Directory>

    <Directory {{ install_path }}/{{ domain_tld }}/vendor>
        Options None
        Required all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/matomo_error.log
    CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined

    SSLEngine on
    SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem
    SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem

</VirtualHost>