diff --git a/manifests/apache.pp b/manifests/apache.pp
new file mode 100644
index 0000000..f4817db
--- /dev/null
+++ b/manifests/apache.pp
@@ -0,0 +1,58 @@
+class etherpad_lite::apache (
+ $vhost_name = $fqdn,
+ $etherpad_crt,
+ $etherpad_key
+) {
+
+ include remove_nginx
+
+ apache::vhost { $vhost_name:
+ post => 443,
+ docroot => 'MEANINGLESS ARGUMENT',
+ priority => '50',
+ template => 'etherpadlite/etherpadlite.vhost.erb',
+ require => File["/etc/ssl/certs/${vhost_name}.pem",
+ "/etc/ssl/private/${vhost_name}.key"],
+ ssl => true,
+ }
+ a2mod { 'rewrite':
+ ensure => present
+ }
+ a2mod { 'proxy':
+ ensure => present
+ }
+ a2mod { 'proxy_http':
+ ensure => present
+ }
+
+ file { '/etc/ssl/certs':
+ ensure => directory,
+ owner => 'root',
+ mode => 0700,
+ }
+
+ file { '/etc/ssl/private':
+ ensure => directory,
+ owner => 'root',
+ mode => 0700,
+ }
+
+ file { "/etc/ssl/cert/${vhost_name}.pem":
+ ensure => present,
+ replace => true,
+ owner => 'root',
+ mode => 0600,
+ content => template('etherpad_lite/eplite.crt.erb'),
+ require => Apache::Vhost[$vhost_name],
+ }
+
+ file { '/etc/ssl/private/${vhost_name}.key':
+ ensure => present,
+ replace => true,
+ owner => 'root',
+ mode => 0600,
+ content => template('etherpad_lite/eplite.key.erb'),
+ require => Apache::Vhost[$vhost_name],
+ }
+
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index b5c7eba..1a6da2c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -38,7 +38,7 @@ define buildsource(
# include etherpad_lite
# include etherpad_lite::mysql # necessary to use mysql as the backend
# include etherpad_lite::site # configures etherpad lite instance
-# include etherpad_lite::nginx # will add reverse proxy on localhost
+# include etherpad_lite::apache # will add reverse proxy on localhost
# The defaults for all the classes should just work (tm)
#
#
diff --git a/manifests/nginx.pp b/manifests/nginx.pp
deleted file mode 100644
index bb7574b..0000000
--- a/manifests/nginx.pp
+++ /dev/null
@@ -1,62 +0,0 @@
-class etherpad_lite::nginx (
- $default_server = 'default_server',
- $server_name = $fqdn,
- $etherpad_crt,
- $etherpad_key
-) {
-
- package { 'nginx':
- ensure => present
- }
-
- file { '/etc/nginx/sites-enabled/default':
- ensure => absent,
- require => Package['nginx'],
- notify => Service['nginx']
- }
-
- file { '/etc/nginx/sites-available/etherpad-lite':
- ensure => present,
- content => template('etherpad_lite/nginx.erb'),
- replace => 'true',
- owner => 'root',
- require => File['/etc/nginx/ssl/eplite.crt', '/etc/nginx/ssl/eplite.key'],
- notify => Service['nginx']
- }
-
- file { '/etc/nginx/sites-enabled/etherpad-lite':
- ensure => link,
- target => '/etc/nginx/sites-available/etherpad-lite'
- }
-
- file { '/etc/nginx/ssl':
- ensure => directory,
- owner => 'root',
- mode => 0700,
- }
-
- file { '/etc/nginx/ssl/eplite.crt':
- ensure => present,
- replace => true,
- owner => 'root',
- mode => 0600,
- content => template('etherpad_lite/eplite.crt.erb'),
- require => Package['nginx'],
- }
-
- file { '/etc/nginx/ssl/eplite.key':
- ensure => present,
- replace => true,
- owner => 'root',
- mode => 0600,
- content => template('etherpad_lite/eplite.key.erb'),
- require => Package['nginx'],
- }
-
- service { 'nginx':
- enable => true,
- ensure => running,
- hasrestart => true
- }
-
-}
diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb
new file mode 100644
index 0000000..64cb289
--- /dev/null
+++ b/templates/etherpadlite.vhost.erb
@@ -0,0 +1,44 @@
+:80>
+ ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
+
+ ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-error.log
+
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-access.log combined
+
+ Redirect / https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>/
+
+
+
+
+:443>
+ ServerName <%= scope.lookupvar("etherpad_lite::vhost_name") %>
+ ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
+
+ ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-error.log
+
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-access.log combined
+
+ SSLEngine on
+
+ SSLCertificateFile /etc/ssl/certs/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.key
+
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ RewriteEngine on
+ RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::vhost_name") %>
+ RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>
+ RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
+
+ ProxyPassReverse / http://localhost:9001/
+
+
+
diff --git a/templates/nginx.erb b/templates/nginx.erb
deleted file mode 100644
index a816749..0000000
--- a/templates/nginx.erb
+++ /dev/null
@@ -1,29 +0,0 @@
-server {
- listen 443 <%= default_server %>;
- server_name <%= server_name %>;
-
- access_log /var/log/nginx/eplite.access.log;
- error_log /var/log/nginx/eplite.error.log;
-
- ssl on;
- ssl_certificate /etc/nginx/ssl/eplite.crt;
- ssl_certificate_key /etc/nginx/ssl/eplite.key;
-
- ssl_session_timeout 5m;
-
- ssl_protocols SSLv2 SSLv3 TLSv1;
- ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
- ssl_prefer_server_ciphers on;
-
- location / {
- proxy_pass http://localhost:9001/;
- proxy_set_header Host $host;
- proxy_buffering off;
- }
-}
-
-server {
- listen 80 <%= default_server %>;
- server_name <%= server_name %>;
- rewrite ^(.*) https://$server_name$1 permanent;
-}