use optional variables _HOST _TLSHOST _TLS_CERT_CHAIN _TLS_KEY, and if either are set then enable options SSLCertificateFile SSLCertificateKeyFile

author: Jonas Smedegaard <dr@jones.dk> 2020-10-11 16:36:05 +0200
committer: Jonas Smedegaard <dr@jones.dk> 2020-10-11 16:36:05 +0200
commit: f28adce02bd9b118808b95314fb5db7e2e9bc948 (patch)
tree: 3f1f4d617935b49432167fd7a9148d3cc310c22e
parent: 76e3fbd10e821b0bf76faf87ce52585c49383a98 (diff)
1 files changed, 20 insertions, 2 deletions
diff --git a/apache2/conf-available/local-ssl.conf b/apache2/conf-available/local-ssl.conf
index ae0d6fa..4b4a8ec 100644
--- a/apache2/conf-available/local-ssl.conf
+++ b/apache2/conf-available/local-ssl.conf
@@ -1,6 +1,24 @@
+<IfDefine !_TLSHOST>
+	<IfDefine _HOST>
+		Define _TLSHOST ${_HOST}
+	</IfDefine>
+</IfDefine>
+<IfDefine !_TLS_KEY>
+	<IfDefine _TLSHOST>
+		Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLSHOST}/fullchain.pem
+		Define _TLS_KEY /var/lib/dehydrated/certs/${_TLSHOST}/privkey.pem
+	</IfDefine>
+</IfDefine>
+
+<If "%{HTTPS} == 'off'">
+	RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1
+</If>
+
 SSLEngine on
-#SSLCertificateFile /etc/ssl/certs/apache2.pem
-#SSLCertificateKeyFile /etc/ssl/private/apache2.pem
+<IfDefine _TLS_KEY>
+	SSLCertificateFile ${_TLS_CERT_CHAIN}
+	SSLCertificateKeyFile ${_TLS_KEY}
+</IfDefine>
 SSLCACertificatePath /etc/ssl/certs/
 #SSLCARevocationPath /etc/apache2/ssl.crl/
 #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
author	Jonas Smedegaard <dr@jones.dk>	2020-10-11 16:36:05 +0200
committer	Jonas Smedegaard <dr@jones.dk>	2020-10-11 16:36:05 +0200
commit	f28adce02bd9b118808b95314fb5db7e2e9bc948 (patch)
tree	3f1f4d617935b49432167fd7a9148d3cc310c22e
parent	76e3fbd10e821b0bf76faf87ce52585c49383a98 (diff)