1 files changed, 73 insertions, 0 deletions

diff --git a/etc/apache2/conf-available/local-tls.conf b/etc/apache2/conf-available/local-tls.conf
new file mode 100644
index 0000000..1876e0a
--- /dev/null
+++ b/etc/apache2/conf-available/local-tls.conf
@@ -0,0 +1,73 @@
+<IfDefine !_TLS_HOST>
+	<IfDefine _HOST>
+		Define __TLS_HOST
+		Define _TLS_HOST ${_HOST}
+	</IfDefine>
+</IfDefine>
+<IfDefine !_TLS_KEY>
+	<IfDefine _TLS_HOST>
+		Define __TLS_CERT_CHAIN
+		Define __TLS_KEY
+		<IfDefine _TLS_USE_DEHYDRATED>
+			Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLS_HOST}/fullchain.pem
+			Define _TLS_KEY /var/lib/dehydrated/certs/${_TLS_HOST}/privkey.pem
+		</IfDefine>
+		<IfDefine !_TLS_USE_DEHYDRATED>
+			Define _TLS_CERT_CHAIN /etc/ssl/shared/${_TLS_HOST}.chain.pem
+			Define _TLS_KEY /etc/ssl/private/${_TLS_HOST}.key
+		</IfDefine>
+	</IfDefine>
+</IfDefine>
+
+<IfDefine _TLS_HOST>
+
+<If "%{HTTPS} != 'on'">
+	RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}$1
+</If>
+
+<IfModule mod_gnutls.c>
+	GnuTLSEnable on
+	<IfDefine _TLS_KEY>
+		GnuTLSCertificateFile ${_TLS_CERT_CHAIN}
+		GnuTLSKeyFile ${_TLS_KEY}
+	</IfDefine>
+	<IfDefine _OCSP_RESPONSE>
+		GnuTLSOCSPStapling on
+		GnuTLSOCSPResponseFile ${_OCSP_RESPONSE}
+	</IfDefine>
+	<IfDefine !_OCSP_RESPONSE>
+		GnuTLSOCSPStapling off
+	</IfDefine>
+</IfModule>
+
+<IfModule mod_ssl.c>
+<IfModule !mod_gnutls.c>
+	SSLEngine on
+	<IfDefine _TLS_KEY>
+		SSLCertificateFile ${_TLS_CERT_CHAIN}
+		SSLCertificateKeyFile ${_TLS_KEY}
+	</IfDefine>
+
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+	<Directory /usr/lib/cgi-bin>
+		SSLOptions +StdEnvVars
+	</Directory>
+</IfModule>
+</IfModule>
+
+</IfDefine>
+
+<IfDefine __TLS_HOST>
+	Undefine _TLS_HOST
+	Undefine __TLS_HOST
+</IfDefine>
+<IfDefine __TLS_CERT_CHAIN>
+	Undefine _TLS_CERT_CHAIN
+	Undefine __TLS_CERT_CHAIN
+</IfDefine>
+<IfDefine __TLS_KEY>
+	Undefine _TLS_KEY
+	Undefine __TLS_KEY
+</IfDefine>