# This example sets up virtual domains for mailtrain protected by HTTPS (including redirect from http to https)
# Note that you will need mod_proxy and mod_ssl modules installed and enabled

# This setup assumes three DNS names:
# - lists.example.org - public endpoint used for subscriptions, campaign images, etc.
# - mailtrain.example.org - UI for administration and send out emails
# - sbox.mailtrain.example.org - sandbox for templates (to prevent potential XSS attacks in templates)

# It is OK to point all the three DNS entries to the same IP address

# You will need to customize this for your setup. In the least, this means:
# - replace "example.org" with your domain
# - point to your certificate (look for /etc/letsencrypt/live/lists.example.org in the config below)

<VirtualHost *:80>
    ServerName lists.example.org

    ServerSignature Off

    RewriteEngine On
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

    ErrorLog logs/lists.example.org_redirect_error.log
    LogLevel warn
</VirtualHost>

<VirtualHost *:80>
    ServerName mailtrain.example.org

    ServerSignature Off

    RewriteEngine On
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

    ErrorLog logs/mailtrain.example.org_redirect_error.log
    LogLevel warn
</VirtualHost>

<VirtualHost *:80>
    ServerName sbox.mailtrain.example.org

    ServerSignature Off

    RewriteEngine On
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

    ErrorLog logs/sbox.mailtrain.example.org_redirect_error.log
    LogLevel warn
</VirtualHost>

<VirtualHost *:443>
    ServerName lists.example.org:443

    ErrorLog logs/lists.example.org_ssl_error.log
    TransferLog logs/lists.example.org_ssl_access.log
    LogLevel warn

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/lists.example.org/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/lists.example.org/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/lists.example.org/chain.pem

    ProxyPreserveHost On
    ProxyPass "/" "http://127.0.0.1:3004/"
    ProxyPassReverse "/" "http://127.0.0.1:3004/"
</VirtualHost>

<VirtualHost *:443>
    ServerName mailtrain.example.org:443

    ErrorLog logs/mailtrain.example.org_ssl_error.log
    TransferLog logs/mailtrain.example.org_ssl_access.log
    LogLevel warn

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/lists.example.org/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/lists.example.org/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/lists.example.org/chain.pem

    ProxyPreserveHost On
    ProxyPass "/" "http://127.0.0.1:3000/"
    ProxyPassReverse "/" "http://127.0.0.1:3000/"
</VirtualHost>

<VirtualHost *:443>
    ServerName sbox.mailtrain.example.org:443

    ErrorLog logs/sbox.mailtrain.example.org_ssl_error.log
    TransferLog logs/sbox.mailtrain.example.org_ssl_access.log
    LogLevel warn

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/lists.example.org/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/lists.example.org/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/lists.example.org/chain.pem

    ProxyPreserveHost On
    ProxyPass "/" "http://127.0.0.1:3003/"
    ProxyPassReverse "/" "http://127.0.0.1:3003/"
</VirtualHost>