ServerRoot /usr/lib64/apache2
ServerName www.randomdan.homeip.net
ServerAdmin dan.goodliffe@randomdan.homeip.net
PidFile /var/run/apache2.pid

ErrorLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/error.log /var/log/apache2/error.log-%Y%m%d 86400"
LogFormat "%V %a %l %u %t \"%r\" %>s %b %Dus" common
LogFormat "%V %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" ncsa
CustomLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/access.log /var/log/apache2/access.log-%Y%m%d 86400" common
CustomLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/ncsa.log /var/log/apache2/ncsa.log-%Y%m%d 86400" ncsa

LogLevel warn
User apache
Group web
Listen 11080
Listen 11443
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
ServerSignature On
Protocols h2 h2c http/1.1

LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule dir_module modules/mod_dir.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule fcgid_module modules/mod_fcgid.so
LoadModule filter_module modules/mod_filter.so
LoadModule alias_module modules/mod_alias.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule status_module modules/mod_status.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule http2_module modules/mod_http2.so
LoadModule headers_module modules/mod_headers.so
LoadModule expires_module modules/mod_expires.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule markdown_module modules/mod_markdown.so
LoadModule macro_module modules/mod_macro.so
LoadModule systemd_module modules/mod_systemd.so
LoadModule brotli_module modules/mod_brotli.so

include /etc/apache2/modules.d/00_mod_autoindex.conf
Include /etc/apache2/modules.d/75_mod_perl.conf
PerlSwitches -w -T -I/var/www/localhost/htdocs/bugzilla

CacheRoot   "/var/cache/apache2/"
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1
CacheMinExpire 60
ExpiresActive on
ExpiresByType image/png A864000
ExpiresByType text/css A864000
ExpiresByType application/x-javascript A864000
ExpiresByType text/javascript A864000
RemoteIPProxyProtocol On

<Directory />
	Options FollowSymLinks Indexes ExecCGI
	IndexOptions NameWidth=*
	AllowOverride All
</Directory>

<Location /server-status>
	SetHandler server-status
</Location>
ExtendedStatus On

DirectoryIndex index.html
VirtualDocumentRoot /var/www/shared/vhosts/%0/
AccessFileName .htaccess
UseCanonicalName Off
HostnameLookups Off
FcgidMaxRequestsPerProcess 100
FcgidMinProcessesPerClass 1
SSLSessionCache shmcb:/run/apache2/
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

AddType text/xsl .xsl
AddType text/markdown .md

# Compress output
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css
AddOutputFilterByType BROTLI_COMPRESS application/x-javascript application/javascript application/ecmascript text/javascript application/javascript application/json application/x-ns-proxy-autoconfig
AddOutputFilterByType BROTLI_COMPRESS application/rss+xml
AddOutputFilterByType BROTLI_COMPRESS application/xml
AddOutputFilterByType BROTLI_COMPRESS image/svg+xml
AddOutputFilterByType BROTLI_COMPRESS application/x-font-ttf application/vnd.ms-fontobject image/x-icon
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript text/javascript application/javascript application/json application/x-ns-proxy-autoconfig
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/x-font-ttf application/vnd.ms-fontobject image/x-icon

# Minify CSS and JS
PerlModule Apache2::Filter::Minifier::CSS
PerlSetVar CssMinifier CSS::Minifier::XS
PerlModule Apache2::Filter::Minifier::JavaScript
PerlSetVar JavaScriptMinifier JavaScript::Minifier::XS
PerlAddVar JsMimeType application/x-ns-proxy-autoconfig
<LocationMatch "\.css$">
	PerlOutputFilterHandler   Apache2::Filter::Minifier::CSS
</LocationMatch>
<LocationMatch "\.(js|pac|dat)$">
	PerlOutputFilterHandler   Apache2::Filter::Minifier::JavaScript
</LocationMatch>
<LocationMatch "^/js/">
	PerlOutputFilterHandler   Apache2::Filter::Minifier::JavaScript
</LocationMatch>

<AuthnProviderAlias ldap ldapauth>
	AuthLDAPURL "ldap://localhost:389/ou=Users,dc=random,dc=lan?uid?sub?(objectClass=*)"
</AuthnProviderAlias>
Alias "/.well-known" "/var/www/shared/letsencrypt/.well-known/"
Alias "/google85e0dcd397756493.html" "/var/www/shared/google85e0dcd397756493.html"
AddHandler markdown .md

# Host specific stuff
<VirtualHost *:11080>
	# Needed to stop whatever is first from being the default
</VirtualHost>
<Macro SSLRedirect $domain>
	<VirtualHost *:11080>
		ServerName "$domain"
		Redirect permanent / "https://$domain/"
	</VirtualHost>
</Macro>
<Macro SSL $domain>
	ServerName "$domain"
	SSLEngine On
	SSLCertificateFile "/etc/letsencrypt/live/$domain/cert.pem"
	SSLCertificateKeyFile "/etc/letsencrypt/live/$domain/privkey.pem"
	SSLCertificateChainFile "/etc/letsencrypt/live/$domain/chain.pem"
	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</Macro>
<Macro Private>
	<RequireAny>
		Require ip 10
		AuthBasicProvider ldapauth
		AuthType basic
		AuthName "Private network"
		Require valid-user
	</RequireAny>
</Macro>
<VirtualHost *:11080>
	ServerName bugzilla.randomdan.homeip.net
	<FilesMatch \.cgi$>
		SetHandler perl-script
		PerlHandler ModPerl::Registry
		Options ExecCGI
	</FilesMatch>
	PerlModule ModPerl::Registry
	PerlModule CGI
	PerlSendHeader On
</VirtualHost>
Use SSLRedirect sys.randomdan.homeip.net
Use SSLRedirect git.randomdan.homeip.net
Use SSLRedirect gentoobrowse.randomdan.homeip.net
<VirtualHost *:11443>
	Use SSL sys.randomdan.homeip.net
# HA Proxy
	ProxyPass "/haproxy/" "http://virtualipin.random.lan:9000/haproxy/"
	ProxyPassReverse "/haproxy/" "http://virtualipin.random.lan:9000/haproxy/"
# Nagios
	ScriptAlias /nagios/cgi-bin /usr/lib64/nagios/cgi-bin/
	<Directory /usr/lib64/nagios/cgi-bin>
		Use Private
	</Directory>
	Alias /nagios /usr/share/nagios/htdocs
# Nagios graph
	ScriptAlias /nagiosgraph/cgi-bin /usr/lib64/nagiosgraph/cgi-bin
	Alias /nagiosgraph "/usr/lib64/nagiosgraph/share"
	<Directory /usr/lib64/nagiosgraph//cgi-bin>
		ExpiresByType image/png A60
	</Directory>
# AWStats
	Alias /awstats/classes "/usr/share/awstats/wwwroot/classes/"
	Alias /awstats/css "/usr/share/awstats/wwwroot/css/"
	Alias /awstats/icon "/usr/share/awstats/wwwroot/icon/"
	ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"
	<Directory "/usr/share/awstats/wwwroot">
		Options None
		AllowOverride None
	</Directory>
</VirtualHost>
<VirtualHost *:11443>
	Use SSL gentoobrowse.randomdan.homeip.net
</VirtualHost>
<VirtualHost *:11443>
	Use SSL git.randomdan.homeip.net
	<Location /repo/gentoo-official>
		Use Private
	</Location>
	<Location /repo/ice>
		Use Private
	</Location>
	<Location /repo/config>
		Use Private
	</Location>
</VirtualHost>