ansible-roles/evolinux-base/templates/default_www/apache_default_site.j2

<VirtualHost *:80 *:443>
    ServerName {{ ansible_fqdn }}
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/

    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/{{ ansible_fqdn }}.crt
    SSLCertificateKeyFile /etc/ssl/private/{{ ansible_fqdn }}.key
    SSLProtocol all -SSLv2 -SSLv3

    # Redirect to HTTPS, execpt for server-status, because Munin plugin
    # can't handle HTTPS! :(
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
    RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
    RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]

    <Directory />
        Options FollowSymLinks
        AllowOverride None
        Deny from all
        Include /etc/apache2/private_ipaddr_whitelist.conf
    </Directory>

    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
    </Directory>

    <Location /munin_opcache.php>
        Deny from all
        Allow from 127.0.0.1
        Include /etc/apache2/private_ipaddr_whitelist.conf
    </Location>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    </Directory>

    ErrorDocument 403 {{ evolinux_default_www_redirect_url }}
    CustomLog /var/log/apache2/access.log vhost_combined
    ErrorLog /var/log/apache2/error.log
    LogLevel warn

    Alias /munin /var/cache/munin/www
    Alias /phpmyadmin-SED_RANDOM /usr/share/phpmyadmin/
    IncludeOptional /etc/apache2/conf-available/phpmyadmin*

    <Files ~ "\.(inc|bak)$">
        deny from all
    </Files>

</VirtualHost>