{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
 
<VirtualHost *:{{ https_port }}>
  ServerName {{ slave_parameter.get('domain') }}
  ServerAlias {{ slave_parameter.get('domain') }}

  SSLEngine on
  SSLProxyEngine on
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLHonorCipherOrder On
  SSLCipherSuite RC4-SHA:HIGH:!ADH

{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
       			      	 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}

{% for key, value in ssl_configuration_list -%}
{%   if value in slave_parameter -%}
{{ '  %s' % key }} {{ slave_parameter.get(value) }}
{% endif -%}
{% endfor -%}


  # One Slave two logs
  ErrorLog "{{ error_log }}"
  LogLevel warn
  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
  CustomLog "{{ access_log }}" combined

  # Rewrite part
  ProxyVia On
  ProxyPreserveHost On
  ProxyTimeout 600
  RewriteEngine On

{% if slave_parameter.get('type', '') ==  'zope' -%}
  # First, we check if we have a zope backend server
  # If so, let's use Virtual Host Daemon rewrite
  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https/{{ slave_parameter.get('domain', '') }}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%}
  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%}
</VirtualHost>

<VirtualHost *:{{ http_port }}>
  ServerName {{ slave_parameter.get('domain') }}
  ServerAlias {{ slave_parameter.get('domain') }}
  SSLEngine on
  SSLProxyEngine on
  # Rewrite part
  ProxyVia On
  ProxyPreserveHost On
  ProxyTimeout 600
  RewriteEngine On

  # One Slave two logs
  ErrorLog "{{ error_log }}"
  LogLevel warn
  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
  CustomLog "{{ access_log }}" combined

  # Remove "Secure" from cookies, as backend may be https
  Header edit Set-Cookie "(?i)^(.+);secure$" "$1"

# Next line is forbidden and people who copy it will be hanged short
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{% if https_only in slave_parameter -%}
  # Not using HTTPS? Ask that guy over there.
  # Dummy redirection to https. Note: will work only if https listens
  # on standard port (443).
  RewriteRule ^/(.*)$ https://%{DOMAIN}%{REQUEST_URI}
{% elif slave_parameter.get('type', '') ==  'zope' -%}
  # First, we check if we have a zope backend server
  # If so, let's use Virtual Host Daemon rewrite
  # We suppose that Apache listens to 80 (even indirectly thanks to things like iptables)
  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/{{ slave_parameter.get('domain', '') }}:80/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%}
  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%}
  # If nothing exist : put a nice error
#  ErrorDocument 404 /notfound.html
# Dadiboom

</VirtualHost>