<VirtualHost *:80>
    ServerName {{ tunuifranken_domain }}
    ServerAdmin {{ tunuifranken_server_admin }}
    DocumentRoot /var/www/empty

    RewriteEngine on
    RewriteCond %{SERVER_NAME} ={{ tunuifranken_domain }}
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    ErrorLog ${APACHE_LOG_DIR}/{{ tunuifranken_domain }}.error.log
    CustomLog ${APACHE_LOG_DIR}/{{ tunuifranken_domain }}.access.log combined
</VirtualHost>
<VirtualHost *:443>
    ServerName {{ tunuifranken_domain }}
    ServerAdmin {{ tunuifranken_server_admin }}
    DocumentRoot /var/www/{{ tunuifranken_domain }}

    Alias /favicon.png /var/www/{{ tunuifranken_domain }}/img/favicon.png

    <Directory "/var/www/{{ tunuifranken_domain }}">
        <Files ~ "(\.gitignore|README.md|.*sh|.*template.*html|header.html|footer.html|Makefile)">
            Require all denied
        </Files>
    </Directory>
    <Directory "/var/www/{{ tunuifranken_domain }}/.git">
        Require all denied
    </Directory>
    <Directory "/var/www/{{ tunuifranken_domain }}/bin">
        Require all denied
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/{{ tunuifranken_domain }}.error.log
    CustomLog ${APACHE_LOG_DIR}/{{ tunuifranken_domain }}.access.log combined

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/{{ tunuifranken_domain }}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/{{ tunuifranken_domain }}/privkey.pem
</VirtualHost>