| {%- if site.ssl is defined %} | |
| {%- if site.ssl.enabled %} | |
| SSLEngine on | |
| SSLCertificateFile /etc/ssl/certs/{{ site.host.name }}.crt | |
| SSLCertificateKeyFile /etc/ssl/private/{{ site.host.name }}.key | |
| SSLCertificateChainFile /etc/ssl/certs/{{ site.host.name }}-ca-chain.crt | |
| {%- if site.ssl.get('strict_transport_security', False) %} | |
| Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" | |
| {%- endif %} | |
| {%- set ssl_mode = site.ssl.get('mode', 'secure') %} | |
| {%- include "apache/files/_ssl_"+ssl_mode+".conf" %} | |
| {%- endif %} | |
| {%- endif %} |