default-virtualhost.conf.in

{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() -%}
{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES -%}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() -%}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{%- set slave_type = slave_parameter.get('type', '') -%}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')) %}
{%- set http_host_list = [] %}
{%- set https_host_list = [] %}
{%- for host in host_list %}
{%-   do http_host_list.append('http://%s:%s' % (host, http_port)) %}
{%-   do https_host_list.append('https://%s:%s' % (host, https_port)) %}
{%- endfor %}
{{ https_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
# TODO-Caddy  bind {{ local_ipv6 }}
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
{%- endif %}
  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
{%- if slave_parameter.get('path_to_ssl_ca_crt') %}
    clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
{%- endif %}
  }
# TODO-Caddy   # One Slave two logs
# TODO-Caddy   LogLevel notice
# TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
  log / {{ slave_parameter.get('access_log') }} {combined}
  errors {{ slave_parameter.get('error_log') }}

# TODO-Caddy   SSLProtocol all -SSLv2 -SSLv3
# TODO-Caddy   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
# TODO-Caddy   SSLHonorCipherOrder on

{% if enable_h2 %}
# TODO-Caddy   Protocols h2 http/1.1
{% endif -%}

{% if disable_via_header %}
# TODO-Caddy   Header unset Via
{% endif -%}

{% if disable_no_cache_header %}
# TODO-Caddy   RequestHeader unset Cache-Control
# TODO-Caddy   RequestHeader unset Pragma
{% endif -%}

{%- for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
{% endfor -%}

{%- if prefer_gzip %}
# TODO-Caddy   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}

{% if slave_type ==  'zope' and backend_url %}
  proxy / {{ backend_url }} {
    transparent
    timeout 600s
{%- if ssl_proxy_verify %}
{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%-   endif %}
{%- else %}
    insecure_skip_verify
{%- endif %}
  }
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
  {% endif -%}
  rewrite {
    regexp (.*)
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
  }
{% elif slave_type ==  'redirect' and backend_url %}
  redir 302 {
    /  {{ backend_url }}{uri}
  }
{% else -%}
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
  {% endif -%}
  {%- if backend_url %}

  proxy / {{ backend_url }} {
    transparent
    timeout 600s
{%- if ssl_proxy_verify %}
{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%-   endif %}
{%- else %}
    insecure_skip_verify
{%- endif %}
  }
  {%-   endif %}
{% endif -%}
}

{{ http_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
# TODO-Caddy  bind {{ local_ipv6 }}
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
{%- endif %}

  log / {{ slave_parameter.get('access_log') }} {combined}
  errors {{ slave_parameter.get('error_log') }}

{% if disable_via_header %}
# TODO-Caddy   Header unset Via
{% endif -%}
# TODO-Caddy   # One Slave two logs
# TODO-Caddy   LogLevel notice
# TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined

# TODO-Caddy   # Remove "Secure" from cookies, as backend may be https
# TODO-Caddy   Header edit Set-Cookie "(?i)^(.+);secure$" "$1"

{% if enable_h2 %}
# TODO-Caddy   Protocols h2 http/1.1
{% endif -%}

{% if disable_no_cache_header %}
# TODO-Caddy   RequestHeader unset Cache-Control
# TODO-Caddy   RequestHeader unset Pragma
{% endif -%}

{%- for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
{% endfor -%}

{%- if prefer_gzip %}
# TODO-Caddy   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}

{%- if https_only %}
  redir / https://{host}{uri}
{% elif slave_type ==  'redirect' and slave_parameter.get('url', '') %}
  redir 302 {
    /  {{ slave_parameter.get('url', '') }}{uri}
  }
{% elif slave_type ==  'zope' and backend_url %}
  proxy / {{ backend_url }} {
    transparent
    timeout 600s
{%- if ssl_proxy_verify %}
{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%-   endif %}
{%- else %}
    insecure_skip_verify
{%- endif %}
  }
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
  {% endif -%}
  rewrite {
    regexp (.*)
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
  }
{% else -%}
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
  {% endif -%}
  {%- if slave_parameter.get('url', '') %}
  proxy / {{ slave_parameter.get('url', '') }} {
    transparent
    timeout 600s
{%- if ssl_proxy_verify %}
{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%-   endif %}
{%- else %}
    insecure_skip_verify
{%- endif %}
  }
{% endif -%}
{% endif -%}
  # If nothing exist : put a nice error
#  ErrorDocument 404 /notfound.html
# Dadiboom
}