1 files changed, 40 insertions, 0 deletions

diff --git a/roles/apache_server/templates/virtualhost.conf.tmpl b/roles/apache_server/templates/virtualhost.conf.tmpl
index 1fa060a..fd6bb51 100644
--- a/roles/apache_server/templates/virtualhost.conf.tmpl
+++ b/roles/apache_server/templates/virtualhost.conf.tmpl
@@ -8,6 +8,41 @@
     ErrorLog /var/log/apache2/{{ item.domain }}/error.log
     CustomLog /var/log/apache2/{{ item.domain }}/access.log combined
     <Directory /srv/http/{{ item.domain }}>
+{% if item.letsencrypt|default(false) %}
+        Redirect permanent / "https://{{ item.domain }}/"
+{% else %}
+        Options +SymlinksIfOwnerMatch +Indexes +MultiViews
+{% if item.htpasswd is defined %}
+        AuthType Basic
+        AuthName "{{ item.htpasswd_name }}"
+        AuthUserFile "/srv/http/{{ item.domain }}.htpasswd"
+        Require valid-user
+{% else %}
+        AllowOverride AuthConfig
+        Require all granted
+{% endif %}
+{% endif %}
+    </Directory>
+
+    Alias /.well-known/ /srv/letsencrypt/{{ item.domain }}/
+    <Directory /srv/letsencrypt/{{ item.domain }}>
+        Require all granted
+    </Directory>
+
+</VirtualHost>
+
+
+{% if item.letsencrypt|default(false) %}
+<VirtualHost _default_:443>
+    ServerName {{ item.domain }}
+{% if item.alias is defined %}
+    ServerAlias {{ item.alias }}
+{% endif %}
+    ServerAdmin {{ item.ownermail }}
+    DocumentRoot /srv/http/{{ item.domain }}
+    ErrorLog /var/log/apache2/{{ item.domain }}/error.log
+    CustomLog /var/log/apache2/{{ item.domain }}/access.log combined
+    <Directory /srv/http/{{ item.domain }}>
         Options +SymlinksIfOwnerMatch +Indexes +MultiViews
 {% if item.htpasswd is defined %}
         AuthType Basic
@@ -19,4 +54,9 @@
         Require all granted
 {% endif %}
     </Directory>
+
+    SSLEngine on
+    SSLCertificateFile	"/etc/letsencrypt/live/static_sites/fullchain.pem"
+    SSLCertificateKeyFile "/etc/letsencrypt/live/static_sites/privkey.pem"
 </VirtualHost>
+{% endif %}