From 8cf6d74daa4b4e6a3673df40ed1372a72eb05474 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Fri, 16 Sep 2022 19:28:17 +0200
Subject: add apache2 snippets local-compression local-tls from local-COMMON

---
 etc/apache2/conf-available/local-compression.conf | 22 +++++++
 etc/apache2/conf-available/local-tls.conf         | 73 +++++++++++++++++++++++
 2 files changed, 95 insertions(+)
 create mode 100644 etc/apache2/conf-available/local-compression.conf
 create mode 100644 etc/apache2/conf-available/local-tls.conf

diff --git a/etc/apache2/conf-available/local-compression.conf b/etc/apache2/conf-available/local-compression.conf
new file mode 100644
index 0000000..03d4299
--- /dev/null
+++ b/etc/apache2/conf-available/local-compression.conf
@@ -0,0 +1,22 @@
+# TODO: support serving pre-compressed files using Multi-Views
+# <https://kevinlocke.name/bits/2016/01/20/serving-pre-compressed-files-with-apache-multiviews/>
+
+<IfDefine !TRANSFER_COMPRESSION>
+	<IfModule mod_brotli.c>
+		Define TRANSFER_COMPRESSION BROTLI_COMPRESS
+	</IfModule>
+</IfDefine>
+<IfDefine !TRANSFER_COMPRESSION>
+	<IfModule mod_deflate.c>
+		Define TRANSFER_COMPRESSION DEFLATE
+	</IfModule>
+</IfDefine>
+
+<IfDefine TRANSFER_COMPRESSION>
+	<IfModule mod_filter.c>
+		AddOutputFilterByType ${TRANSFER_COMPRESSION} text/html text/plain text/xml text/css text/javascript
+		AddOutputFilterByType ${TRANSFER_COMPRESSION} application/x-javascript application/javascript application/ecmascript
+		AddOutputFilterByType ${TRANSFER_COMPRESSION} application/rss+xml
+		AddOutputFilterByType ${TRANSFER_COMPRESSION} application/xml
+	</IfModule>
+</IfDefine>
diff --git a/etc/apache2/conf-available/local-tls.conf b/etc/apache2/conf-available/local-tls.conf
new file mode 100644
index 0000000..1876e0a
--- /dev/null
+++ b/etc/apache2/conf-available/local-tls.conf
@@ -0,0 +1,73 @@
+<IfDefine !_TLS_HOST>
+	<IfDefine _HOST>
+		Define __TLS_HOST
+		Define _TLS_HOST ${_HOST}
+	</IfDefine>
+</IfDefine>
+<IfDefine !_TLS_KEY>
+	<IfDefine _TLS_HOST>
+		Define __TLS_CERT_CHAIN
+		Define __TLS_KEY
+		<IfDefine _TLS_USE_DEHYDRATED>
+			Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLS_HOST}/fullchain.pem
+			Define _TLS_KEY /var/lib/dehydrated/certs/${_TLS_HOST}/privkey.pem
+		</IfDefine>
+		<IfDefine !_TLS_USE_DEHYDRATED>
+			Define _TLS_CERT_CHAIN /etc/ssl/shared/${_TLS_HOST}.chain.pem
+			Define _TLS_KEY /etc/ssl/private/${_TLS_HOST}.key
+		</IfDefine>
+	</IfDefine>
+</IfDefine>
+
+<IfDefine _TLS_HOST>
+
+<If "%{HTTPS} != 'on'">
+	RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}$1
+</If>
+
+<IfModule mod_gnutls.c>
+	GnuTLSEnable on
+	<IfDefine _TLS_KEY>
+		GnuTLSCertificateFile ${_TLS_CERT_CHAIN}
+		GnuTLSKeyFile ${_TLS_KEY}
+	</IfDefine>
+	<IfDefine _OCSP_RESPONSE>
+		GnuTLSOCSPStapling on
+		GnuTLSOCSPResponseFile ${_OCSP_RESPONSE}
+	</IfDefine>
+	<IfDefine !_OCSP_RESPONSE>
+		GnuTLSOCSPStapling off
+	</IfDefine>
+</IfModule>
+
+<IfModule mod_ssl.c>
+<IfModule !mod_gnutls.c>
+	SSLEngine on
+	<IfDefine _TLS_KEY>
+		SSLCertificateFile ${_TLS_CERT_CHAIN}
+		SSLCertificateKeyFile ${_TLS_KEY}
+	</IfDefine>
+
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+	<Directory /usr/lib/cgi-bin>
+		SSLOptions +StdEnvVars
+	</Directory>
+</IfModule>
+</IfModule>
+
+</IfDefine>
+
+<IfDefine __TLS_HOST>
+	Undefine _TLS_HOST
+	Undefine __TLS_HOST
+</IfDefine>
+<IfDefine __TLS_CERT_CHAIN>
+	Undefine _TLS_CERT_CHAIN
+	Undefine __TLS_CERT_CHAIN
+</IfDefine>
+<IfDefine __TLS_KEY>
+	Undefine _TLS_KEY
+	Undefine __TLS_KEY
+</IfDefine>
-- 
cgit v1.2.3