<VirtualHost {{ ansible_default_ipv4.address }}:80>
    ServerAdmin {{ server_admin }}
    ServerName {{ site_name }}
    ServerAlias {{ site_name }}
    ErrorLog /var/log/apache2/{{ site_name }}-error.log
    CustomLog /var/log/apache2/{{ site_name }}-access.log common

    <ifmodule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </ifmodule>
</VirtualHost>

<VirtualHost {{ ansible_default_ipv4.address }}:443>
    ServerAdmin {{ server_admin }}
    ServerName {{ site_name }}
    ServerAlias {{ site_name }}

    ErrorLog /var/log/apache2/{{ site_name }}-error.log
    CustomLog /var/log/apache2/{{ site_name }}-access.log common

    SSLEngine on
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    SSLCertificateFile    /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
    SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem

    ProxyPass / http://localhost:{{proxy_port}}/
</VirtualHost>