<VirtualHost *:80>
<% if ! [nil, :undef].include?(scope.lookupvar("storyboard::application::server_admin")) %>
    ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
<% end %>
    ServerName <%= scope.lookupvar("storyboard::application::hostname") %>

    DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>

    Redirect / https://<%= scope.lookupvar("storyboard::application::hostname") %>/

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
    CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined

</VirtualHost>
<IfModule mod_ssl.c>
  <VirtualHost *:443>
  <% if ! [nil, :undef].include?(scope.lookupvar("storyboard::application::server_admin")) %>
    ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
  <% end %>
    ServerName <%= scope.lookupvar("storyboard::application::hostname") %>

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined

    SSLEngine on

    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM

    SSLCertificateFile      <%= scope.lookupvar("storyboard::cert::ssl_cert") %>
    SSLCertificateKeyFile   <%= scope.lookupvar("storyboard::cert::ssl_key") %>
  <% if ! [nil, :undef].include?(scope.lookupvar("storyboard::cert::resolved_ssl_ca")) %>
    SSLCertificateChainFile <%= scope.lookupvar("storyboard::cert::resolved_ssl_ca") %>
  <% end %>

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
      SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    AllowEncodedSlashes on

    DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>

    WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
    WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
    WSGIPassAuthorization On

    <Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
      <% if scope.lookupvar("storyboard::application::new_vhost_perms") %>
        Require all granted
      <% else %>
        Order allow,deny
        Allow from all
      <% end %>
    </Directory>
  </VirtualHost>
</IfModule>