# Apache vhost example for GSP Website storefront
# Copy to: /etc/apache2/sites-available/website.example.com.conf
#
# Enable modules once:
#   sudo a2enmod ssl rewrite headers
#
# Enable site:
#   sudo a2ensite website.example.com.conf
#   sudo apache2ctl configtest
#   sudo systemctl reload apache2
#
# Issue certificate (Apache plugin):
#   sudo certbot --apache -d gsp.example.com -d www.gsp.example.com
#
# Alternative webroot issuance:
#   sudo certbot certonly --webroot -w /var/www/gsp/Website \
#     -d gsp.example.com -d www.gsp.example.com
#
# Renewal test:
#   sudo certbot renew --dry-run

<VirtualHost *:80>
    ServerName gsp.example.com
    ServerAlias www.gsp.example.com
    DocumentRoot /var/www/html/Website

    <Directory /var/www/html/Website>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    ErrorLog ${APACHE_LOG_DIR}/website_example_error.log
    CustomLog ${APACHE_LOG_DIR}/website_example_access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerName gsp.example.com
    ServerAlias www.gsp.example.com
    DocumentRoot /var/www/html/Website

    <Directory /var/www/html/Website>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/gsp.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/gsp.example.com/privkey.pem

    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

    ErrorLog ${APACHE_LOG_DIR}/website_example_ssl_error.log
    CustomLog ${APACHE_LOG_DIR}/website_example_ssl_access.log combined
</VirtualHost>