<VirtualHost *:80>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteCond %{REQUEST_URI} !^\/\.well-known\/.*$
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
        ProxyPass /.well-known/acme-challenge http://acme-c.sunet.se/.well-known/acme-challenge/
        ProxyPassReverse /.well-known/acme-challenge http://acme-c.sunet.se/.well-known/acme-challenge/
        <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
            Header always set X-Frame-Options "SAMEORIGIN"
            Header always set X-XSS-Protection "1; mode=block"
            Header always set X-Content-Type-Options "nosniff"
			Header always set Content-Security-Policy "default-src https://<%= @certname %>"
        </IfModule>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet