From f28adce02bd9b118808b95314fb5db7e2e9bc948 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 11 Oct 2020 16:36:05 +0200
Subject: use optional variables _HOST _TLSHOST _TLS_CERT_CHAIN _TLS_KEY, and
 if either are set then enable options SSLCertificateFile
 SSLCertificateKeyFile

---
 apache2/conf-available/local-ssl.conf | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

(limited to 'apache2')

diff --git a/apache2/conf-available/local-ssl.conf b/apache2/conf-available/local-ssl.conf
index ae0d6fa..4b4a8ec 100644
--- a/apache2/conf-available/local-ssl.conf
+++ b/apache2/conf-available/local-ssl.conf
@@ -1,6 +1,24 @@
+<IfDefine !_TLSHOST>
+	<IfDefine _HOST>
+		Define _TLSHOST ${_HOST}
+	</IfDefine>
+</IfDefine>
+<IfDefine !_TLS_KEY>
+	<IfDefine _TLSHOST>
+		Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLSHOST}/fullchain.pem
+		Define _TLS_KEY /var/lib/dehydrated/certs/${_TLSHOST}/privkey.pem
+	</IfDefine>
+</IfDefine>
+
+<If "%{HTTPS} == 'off'">
+	RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1
+</If>
+
 SSLEngine on
-#SSLCertificateFile /etc/ssl/certs/apache2.pem
-#SSLCertificateKeyFile /etc/ssl/private/apache2.pem
+<IfDefine _TLS_KEY>
+	SSLCertificateFile ${_TLS_CERT_CHAIN}
+	SSLCertificateKeyFile ${_TLS_KEY}
+</IfDefine>
 SSLCACertificatePath /etc/ssl/certs/
 #SSLCARevocationPath /etc/apache2/ssl.crl/
 #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
-- 
cgit v1.2.3