AllowOverride None Require all granted {% for item in http_vhost %} Options Indexes FollowSymLinks AllowOverride None Require all granted {% endfor %} {% for item in http_vhost %} {% if item.aliases is defined %} {% for item_alias in item.aliases %} ServerName {{ item_alias }} ServerAdmin webmaster@firedragonenterprises.com DocumentRoot /srv/http/{{ item.fqdn }} RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0 {% endfor %} {% endif %} ServerName {{ item.fqdn }} ServerAdmin webmaster@firedragonenterprises.com DocumentRoot /srv/http/{{ item.fqdn }} RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0 {% if item.aliases is defined %} {% for item_alias in item.aliases %} SSLEngine on SSLProtocol all -TLSv1.1 SSLProxyProtocol all -TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite PROFILE=SYSTEM SSLProxyCipherSuite PROFILE=SYSTEM SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ServerName {{ item_alias }} ServerAdmin webmaster@firedragonenterprises.com DocumentRoot /srv/http/{{ item.fqdn }} RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0 Require all denied Require all denied Require all denied {% endfor %} {% endif %} SSLEngine on SSLProtocol all -TLSv1.1 SSLProxyProtocol all -TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite PROFILE=SYSTEM SSLProxyCipherSuite PROFILE=SYSTEM SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ServerName {{ item.fqdn }} ServerAdmin webmaster@firedragonenterprises.com DocumentRoot /srv/http/{{ item.fqdn }} Alias /error/ "/var/www/error/" {% if item.proxy is defined %} ProxyPass "/.well-known" "!" ProxyPass "/phpMyAdmin" "!" ProxyPass "/phpmyadmin" "!" ProxyPass "/" "{{ item.proxy }}" ProxyPassReverse "/" "{{ item.proxy }}" ProxyTimeout 300 {% endif %} Require all denied {% endfor %}