Attention

You can now run different PHP versions per project: Release v3.0.0-beta-0.1

Virtual host templates

Table of Contents

Overview

What is it?

vhost-gen templates are yaml files which contain a general definition for a virtual host definition. Those templates contain placeholders in the form of __<NAME>__ which will be replaced by settings applied to the Devilbox.

See also

vhost-gen

Template files

By default, vhost-gen templates are located within the Devilbox root directory under cfg/vhost-gen/. The templates file names are suffixed with -example-<type> and are absolutely identical to what is shipped inside each Devilbox web server Docker container.

Note

Also note that nginx stable and nginx mainline share the same template as their configuration syntax is identical.

Normal virtual host

All template files ending by -example-vhost can be used to customize a normal file serving virtual host.

host> tree -L 1 cfg/vhost-gen/

cfg/vhost-gen/
├── apache22.yml-example-rproxy
├── apache22.yml-example-vhost
├── apache24.yml-example-rproxy
├── apache24.yml-example-vhost
├── nginx.yml-example-rproxy
├── nginx.yml-example-vhost
└── README.md

0 directories, 7 files

Reverse proxy

All template files ending by -example-rproxy can be used to create a reverse proxy for your project.

host> tree -L 1 cfg/vhost-gen/

cfg/vhost-gen/
├── apache22.yml-example-rproxy
├── apache22.yml-example-vhost
├── apache24.yml-example-rproxy
├── apache24.yml-example-vhost
├── nginx.yml-example-rproxy
├── nginx.yml-example-vhost
└── README.md

0 directories, 7 files

Template sections

All vhost-gen templates consist of three sections:

Section Description
vhost This is the part that is actually rendered into the vhost configuration. All other
sections will be inserted into this one.
vhost_type The vhost type determines the type of vhost: reverse proxy or document root based
vhost. The Devilbox currently does not support reverse proxy vhost.
features The feature section contains many sub-sections that are replaced into the vhost
section before final rendering.

Virtual host Templates

These templates can be used to alter the behaviour of the vhost on a per project base or globally.

Apache 2.2 template

apache22.yml-example-vhost
---

# Apache 2.2 vHost Template defintion for vhost-gen.py
#
# The 'feature' section contains optional features that can be enabled via
# conf.yml and will then be replaced into the main vhost ('structure' section)
# into their corresponding position:
#
#    __XDOMAIN_REQ__
#    __PHP_FPM__
#    __ALIASES__
#    __DENIES__
#    __STATUS__
#
# The features itself also contain variables to be adjusted in conf.yml
# and will then be replaced in their corresponding feature section
# before being replaced into the vhost section (if enabled):
#
# PHP-FPM:
#    __PHP_ADDR__
#    __PHP_PORT__
# XDomain:
#    __REGEX__
# Alias:
#    __REGEX__
#    __PATH__
# Deny:
#    __REGEX__
# Status:
#    __REGEX__
#
# Variables to be replaced directly in the vhost configuration can also be set
# in conf.yml and include:
#    __VHOST_NAME__
#    __DOCUMENT_ROOT__
#    __INDEX__
#    __ACCESS_LOG__
#    __ERROR_LOG__
#    __PHP_ADDR__
#    __PHP_PORT__
#

###
### Notes about Apache
###

#
# 1. Each same directive is checked in order of definition (last one wins)
# 2. Directives are ordered: Directory, DirectoryMatch, Files, and finally Location (last one wins)
#   * Last match always takes precedence
#
# Exception: Directories, where shortest path is matched first
# Exception: ProxyPass and Alias first match and then stops

###
### Basic vHost skeleton
###
### Note: Reverse Proxy section must be last for Apache 2.2
###
vhost: |
  <VirtualHost __DEFAULT_VHOST__:__PORT__>
      ServerName __VHOST_NAME__

      CustomLog  "__ACCESS_LOG__" combined
      ErrorLog   "__ERROR_LOG__"

  __REDIRECT__
  __SSL__
  __VHOST_DOCROOT__
  __PHP_FPM__
  __ALIASES__
  __DENIES__
  __SERVER_STATUS__
      # Custom directives
  __CUSTOM__
  __VHOST_RPROXY__
  </VirtualHost>

###
### vHost Type (normal or reverse proxy)
###
vhost_type:
  # Normal vHost (-p)
  docroot: |
    # Define the vhost to serve files
    DocumentRoot "__DOCUMENT_ROOT__"
    <Directory "__DOCUMENT_ROOT__">
        DirectoryIndex __INDEX__

        AllowOverride All
        Options All

        RewriteEngine on
        RewriteBase /

        Order allow,deny
        Allow from all
    </Directory>

  # Reverse Proxy (-r http(s)://ADDR:PORT)
  rproxy: |
    # ProxyRequests:     Disable "Forward Proxy"
    # ProxyPreserveHost: Pass "Host" header to remote
    # ProxyVia:          Add "Via" header
    ProxyRequests     Off
    ProxyPreserveHost On
    ProxyVia          On
    <Location __LOCATION__>
        # Reverse Proxy
        ProxyPass         __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/ retry=0
        ProxyPassReverse  __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/
    </Location>

  # Reverse Proxy with websocket support (-r ws(s)://ADDR:PORT)
  rproxy_ws: |
    # ProxyRequests:     Disable "Forward Proxy"
    # ProxyPreserveHost: Pass "Host" header to remote
    # ProxyVia:          Add "Via" header
    ProxyRequests     Off
    ProxyPreserveHost On
    ProxyVia          On
    <Location __LOCATION__>
        # Websocket Rewrite Settings
        RewriteEngine On
        RewriteCond %{HTTP:Connection} Upgrade   [NC]
        RewriteCond %{HTTP:Upgrade}    websocket [NC]
        RewriteRule ^/?(.*)$ __WS_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/$1 [P,L]
        # Reverse Proxy
        ProxyPass         __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/ retry=0
        ProxyPassReverse  __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/
    </Location>


###
### Optional features to be enabled in vHost
###
features:

  # SSL Configuration
  ssl: |
    SSLEngine on
    SSLCertificateFile    "__SSL_PATH_CRT__"
    SSLCertificateKeyFile "__SSL_PATH_KEY__"
    SSLProtocol           __SSL_PROTOCOLS__
    SSLHonorCipherOrder   __SSL_HONOR_CIPHER_ORDER__
    SSLCipherSuite        __SSL_CIPHERS__

  # Redirect to SSL directive
  redirect: |
    RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1

  # PHP-FPM will not be applied to a reverse proxy!
  php_fpm: |
    # PHP-FPM Definition
    ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://__PHP_ADDR__:__PHP_PORT____DOCUMENT_ROOT__/$1 timeout=__PHP_TIMEOUT__

  alias: |
    # Alias Definition
    Alias "__ALIAS__" "__PATH____ALIAS__"
    <Location "__ALIAS__">
        ProxyPass !
    __XDOMAIN_REQ__
    </Location>
    <Directory "__PATH____ALIAS__">
        Order allow,deny
        Allow from all
    </Directory>

  deny: |
    # Deny Definition
    <LocationMatch "__REGEX__">
        Order allow,deny
        Deny from all
    </LocationMatch>

  server_status: |
    # Status Page
    <Location __REGEX__>
        SetHandler server-status
        Order allow,deny
        Allow from all
    </Location>

  # https://stackoverflow.com/a/42558499
  # https://fetch.spec.whatwg.org/#forbidden-header-name
  xdomain_request: |
    # Allow cross domain request from these hosts
    SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
    Header always set Access-Control-Allow-Origin   %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header always set Access-Control-Allow-Methods  "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS"
    Header always set Access-Control-Allow-Headers  "Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "0"
    # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

Apache 2.4 template

apache24.yml-example-vhost
---

# Apache 2.4 vHost Template defintion for vhost-gen.py
#
# The 'feature' section contains optional features that can be enabled via
# conf.yml and will then be replaced into the main vhost ('structure' section)
# into their corresponding position:
#
#    __XDOMAIN_REQ__
#    __PHP_FPM__
#    __ALIASES__
#    __DENIES__
#    __STATUS__
#
# The features itself also contain variables to be adjusted in conf.yml
# and will then be replaced in their corresponding feature section
# before being replaced into the vhost section (if enabled):
#
# PHP-FPM:
#    __PHP_ADDR__
#    __PHP_PORT__
# XDomain:
#    __REGEX__
# Alias:
#    __REGEX__
#    __PATH__
# Deny:
#    __REGEX__
# Status:
#    __REGEX__
#
# Variables to be replaced directly in the vhost configuration can also be set
# in conf.yml and include:
#    __VHOST_NAME__
#    __DOCUMENT_ROOT__
#    __INDEX__
#    __ACCESS_LOG__
#    __ERROR_LOG__
#    __PHP_ADDR__
#    __PHP_PORT__
#

###
### Notes about Apache
###

#
# 1. Each same directive is checked in order of definition (last one wins)
# 2. Directives are ordered: Directory, DirectoryMatch, Files, and finally Location (last one wins)
#   * Last match always takes precedence
#
# Exception: Directories, where shortest path is matched first
# Exception: ProxyPass and Alias first match and then stops

###
### Basic vHost skeleton
###
vhost: |
  <VirtualHost __DEFAULT_VHOST__:__PORT__>
      ServerName __VHOST_NAME__
      Protocols  __HTTP_PROTO__

      CustomLog  "__ACCESS_LOG__" combined
      ErrorLog   "__ERROR_LOG__"

  __REDIRECT__
  __SSL__
  __VHOST_DOCROOT__
  __VHOST_RPROXY__
  __PHP_FPM__
  __ALIASES__
  __DENIES__
  __SERVER_STATUS__
      # Custom directives
  __CUSTOM__
  </VirtualHost>

###
### vHost Type (normal or reverse proxy)
###
vhost_type:
  # Normal vHost (-p)
  docroot: |
    # Define the vhost to serve files
    DocumentRoot "__DOCUMENT_ROOT__"
    <Directory "__DOCUMENT_ROOT__">
        DirectoryIndex __INDEX__

        AllowOverride All
        Options All

        RewriteEngine on
        RewriteBase /

        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

  # Reverse Proxy (-r http(s)://ADDR:PORT)
  rproxy: |
    # ProxyRequests:     Disable "Forward Proxy"
    # ProxyPreserveHost: Pass "Host" header to remote
    # ProxyAddHeaders:   Add "X-Forward-*" headers
    # ProxyVia:          Add "Via" header
    ProxyRequests     Off
    ProxyPreserveHost On
    ProxyAddHeaders   On
    ProxyVia          On
    <Location __LOCATION__>
        # Reverse Proxy
        ProxyPass         __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/ retry=0
        ProxyPassReverse  __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/
    </Location>

  # Reverse Proxy with websocket support (-r ws(s)://ADDR:PORT)
  rproxy_ws: |
    # ProxyRequests:     Disable "Forward Proxy"
    # ProxyPreserveHost: Pass "Host" header to remote
    # ProxyAddHeaders:   Add "X-Forward-*" headers
    # ProxyVia:          Add "Via" header
    ProxyRequests     Off
    ProxyPreserveHost On
    ProxyAddHeaders   On
    ProxyVia          On
    <Location __LOCATION__>
        # Websocket Rewrite Settings
        RewriteEngine On
        RewriteCond %{HTTP:Connection} Upgrade   [NC]
        RewriteCond %{HTTP:Upgrade}    websocket [NC]
        RewriteRule ^/?(.*)$ __WS_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/$1 [P,L]
        # Reverse Proxy
        ProxyPass         __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/ retry=0
        ProxyPassReverse  __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__/
    </Location>


###
### Optional features to be enabled in vHost
###
features:

  # SSL Configuration
  ssl: |
    SSLEngine on
    SSLCertificateFile    "__SSL_PATH_CRT__"
    SSLCertificateKeyFile "__SSL_PATH_KEY__"
    SSLProtocol           __SSL_PROTOCOLS__
    SSLHonorCipherOrder   __SSL_HONOR_CIPHER_ORDER__
    SSLCipherSuite        __SSL_CIPHERS__

  # Redirect to SSL directive
  redirect: |
    RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1

  # PHP-FPM will not be applied to a reverse proxy!
  php_fpm: |
    # In case for PHP-FPM 5.2 compatibility use 'GENERIC' instead of 'FPM'
    # https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#proxyfcgibackendtype
    ProxyFCGIBackendType FPM

    # PHP-FPM Definition
    <FilesMatch \.php$>
        Require all granted
        SetHandler proxy:fcgi://__PHP_ADDR__:__PHP_PORT__
    </FilesMatch>

    <Proxy "fcgi://__PHP_ADDR__:__PHP_PORT__/">
        ProxySet timeout=__PHP_TIMEOUT__
        ProxySet connectiontimeout=__PHP_TIMEOUT__
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler.
    # This will allow .htaccess rewrite rules to work and
    # the client will see the default 404 page of Apache
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]

  alias: |
    # Alias Definition
    Alias "__ALIAS__" "__PATH____ALIAS__"
    <Location "__ALIAS__">
        ProxyPass !
    __XDOMAIN_REQ__
    </Location>
    <Directory "__PATH____ALIAS__">
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

  deny: |
    # Deny Definition
    <LocationMatch "__REGEX__">
        Order allow,deny
        Deny from all
    </LocationMatch>

  server_status: |
    # Status Page
    <Location __REGEX__>
        SetHandler server-status
        Order allow,deny
        Allow from all
        Require all granted
    </Location>

  # https://stackoverflow.com/a/42558499
  # https://fetch.spec.whatwg.org/#forbidden-header-name
  xdomain_request: |
    # Allow cross domain request from these hosts
    SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
    Header always set Access-Control-Allow-Origin   %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header always set Access-Control-Allow-Methods  "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS"
    Header always set Access-Control-Allow-Headers  "Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "0"
    # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

Nginx template

nginx.yml-example-vhost
---

# Nginx vHost Template defintion for vhost-gen.py
#
# The 'feature' section contains optional features that can be enabled via
# conf.yml and will then be replaced into the main vhost ('structure' section)
# into their corresponding position:
#
#    __XDOMAIN_REQ__
#    __PHP_FPM__
#    __ALIASES__
#    __DENIES__
#    __STATUS__
#
# The features itself also contain variables to be adjusted in conf.yml
# and will then be replaced in their corresponding feature section
# before being replaced into the vhost section (if enabled):
#
# PHP-FPM:
#    __PHP_ADDR__
#    __PHP_PORT__
# XDomain:
#    __REGEX__
# Alias:
#    __REGEX__
#    __PATH__
# Deny:
#    __REGEX__
# Status:
#    __REGEX__
#
# Variables to be replaced directly in the vhost configuration can also be set
# in conf.yml and include:
#    __VHOST_NAME__
#    __DOCUMENT_ROOT__
#    __INDEX__
#    __ACCESS_LOG__
#    __ERROR_LOG__
#    __PHP_ADDR__
#    __PHP_PORT__
#


###
### Basic vHost skeleton
###
vhost: |
  server {
      listen       __PORT____HTTP_PROTO____DEFAULT_VHOST__;
      server_name  __VHOST_NAME__;

      access_log   "__ACCESS_LOG__" combined;
      error_log    "__ERROR_LOG__" warn;

  __REDIRECT__
  __SSL__
  __VHOST_DOCROOT__
  __VHOST_RPROXY__
  __PHP_FPM__
  __ALIASES__
  __DENIES__
  __SERVER_STATUS__
      # Custom directives
  __CUSTOM__
  }


###
### vHost Type (normal or reverse proxy)
###
vhost_type:
  # Normal vHost (-p)
  docroot: |
    # Define the vhost to serve files
    root         "__DOCUMENT_ROOT__";
    index        __INDEX__;

  # Reverse Proxy (-r http(s)://ADDR:PORT)
  rproxy: |
    # Define Reverse Proxy
    location __LOCATION__ {
        # https://stackoverflow.com/a/72586833
        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # Proxy connection
        proxy_pass __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__;
    }

  # Reverse Proxy with websocket support (-r ws(s)://ADDR:PORT)
  rproxy_ws: |
    # Define Reverse Proxy with Websock support
    location __LOCATION__ {
        # https://stackoverflow.com/a/72586833
        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # Websocket settings
        proxy_http_version          1.1;
        proxy_set_header Upgrade    $http_upgrade;
        proxy_set_header Connection "Upgrade";
        # Proxy connection
        proxy_pass __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__;
    }


###
### Optional features to be enabled in vHost
###
features:

  # SSL Configuration
  ssl: |
    ssl_certificate           __SSL_PATH_CRT__;
    ssl_certificate_key       __SSL_PATH_KEY__;
    ssl_protocols             __SSL_PROTOCOLS__;
    ssl_prefer_server_ciphers __SSL_HONOR_CIPHER_ORDER__;
    ssl_ciphers               __SSL_CIPHERS__;

  # Redirect to SSL directive
  redirect: |
    return 301 https://__VHOST_NAME__:__SSL_PORT__$request_uri;

  # PHP-FPM will not be applied to a reverse proxy!
  php_fpm: |
    # PHP-FPM Definition
    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }
    location ~ \.php?$ {
        try_files $uri = 404;
        include fastcgi_params;

        # https://stackoverflow.com/questions/1733306/nginx-errors-readv-and-recv-failed/51457613#51457613
        fastcgi_keep_conn off;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_split_path_info ^(.+\.php)(.*)$;

        fastcgi_pass __PHP_ADDR__:__PHP_PORT__;
        fastcgi_read_timeout __PHP_TIMEOUT__;

        fastcgi_index index.php;
        fastcgi_intercept_errors on;
    }

  alias: |
    # Alias Definition
    location ~ __ALIAS__ {
        root  __PATH__;
    __XDOMAIN_REQ__
    }

  deny: |
    # Deny Definition
    location ~ __REGEX__ {
        deny all;
    }

  server_status: |
    # Status Page
    location ~ __REGEX__ {
        stub_status on;
        access_log off;
    }

  xdomain_request: |
    # Allow cross domain request from these hosts
    # https://fetch.spec.whatwg.org/#forbidden-header-name
    if ( $http_origin ~* (__REGEX__) ) {
        add_header "Access-Control-Allow-Origin"   "$http_origin";
        add_header 'Access-Control-Allow-Methods'  'HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers'  'Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With';
        add_header 'Access-Control-Expose-Headers' 'Content-Security-Policy, Location';
        add_header 'Access-Control-Max-Age' 0;
        return 200;
    }

Reverse proxy Templates

These templates can be used to change a normal vhost into a reverse proxy project. This might be useful if you use NodeJs applications for example.

Important

Do not apply those templates globally. They are intended to be used on a per project base.

Note

In order to use the Reverse Proxy templates you will only need to adjust the listening port, everything else will work as already defined. So you simply need to copy those files into your project directory. Lines that need to be changed are marked below. The currently set default listening port is 8000.

Apache 2.2 template

apache22.yml-example-rproxy
---

# Apache 2.2 Reverse Proxy Template defintion for vhost-gen.py
#
# The 'feature' section contains optional features that can be enabled via
# conf.yml and will then be replaced into the main vhost ('structure' section)
# into their corresponding position:
#
#    __XDOMAIN_REQ__
#    __ALIASES__
#    __DENIES__
#    __STATUS__
#
# The features itself also contain variables to be adjusted in conf.yml
# and will then be replaced in their corresponding feature section
# before being replaced into the vhost section (if enabled):
#
# XDomain:
#    __REGEX__
# Alias:
#    __REGEX__
#    __PATH__
# Deny:
#    __REGEX__
# Status:
#    __REGEX__
#
# Variables to be replaced directly in the vhost configuration can also be set
# in conf.yml and include:
#    __VHOST_NAME__
#    __DOCUMENT_ROOT__
#    __INDEX__
#    __ACCESS_LOG__
#    __ERROR_LOG__
#

###
### Notes about Apache
###

#
# 1. Each same directive is checked in order of definition (last one wins)
# 2. Directives are ordered: Directory, DirectoryMatch, Files, and finally Location (last one wins)
#   * Last match always takes precedence
#
# Exception: Directories, where shortest path is matched first
# Exception: ProxyPass and Alias first match and then stops

###
### Basic vHost skeleton
###
### Note: Reverse Proxy section must be last for Apache 2.2
###
vhost: |
  <VirtualHost __DEFAULT_VHOST__:__PORT__>
      ServerName __VHOST_NAME__

      CustomLog  "__ACCESS_LOG__" combined
      ErrorLog   "__ERROR_LOG__"

      # ProxyRequests:     Disable "Forward Proxy"
      # ProxyPreserveHost: Pass "Host" header to remote
      # ProxyVia:          Add "Via" header
      ProxyRequests     Off
      ProxyPreserveHost On
      ProxyVia          On
      <Location />
          # Reverse Proxy definition (Ensure to adjust the port, currently '8000')
          ProxyPass         http://php:8000/ retry=0
          ProxyPassReverse  http://php:8000/
      </Location>

  __REDIRECT__
  __SSL__
  __ALIASES__
  __DENIES__
  __SERVER_STATUS__
      # Custom directives
  __CUSTOM__
  </VirtualHost>

###
### vHost Type (normal or reverse proxy)
###
vhost_type:
  docroot: ""
  rproxy: ""

###
### Optional features to be enabled in vHost
###
features:

  # SSL Configuration
  ssl: |
    SSLEngine on
    SSLCertificateFile    "__SSL_PATH_CRT__"
    SSLCertificateKeyFile "__SSL_PATH_KEY__"
    SSLProtocol           __SSL_PROTOCOLS__
    SSLHonorCipherOrder   __SSL_HONOR_CIPHER_ORDER__
    SSLCipherSuite        __SSL_CIPHERS__

  # Redirect to SSL directive
  redirect: |
    RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1

  # PHP-FPM left empty, as we are an reverse proxy configuration
  php_fpm: ""

  alias: |
    # Alias Definition
    Alias "__ALIAS__" "__PATH____ALIAS__"
    <Location "__ALIAS__">
        ProxyPass !
    __XDOMAIN_REQ__
    </Location>
    <Directory "__PATH____ALIAS__">
        Order allow,deny
        Allow from all
    </Directory>

  deny: |
    # Deny Definition
    <LocationMatch "__REGEX__">
        Order allow,deny
        Deny from all
    </LocationMatch>

  server_status: |
    # Status Page
    <Location __REGEX__>
        SetHandler server-status
        Order allow,deny
        Allow from all
    </Location>

  # https://stackoverflow.com/a/42558499
  # https://fetch.spec.whatwg.org/#forbidden-header-name
  xdomain_request: |
    # Allow cross domain request from these hosts
    SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
    Header always set Access-Control-Allow-Origin   %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header always set Access-Control-Allow-Methods  "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS"
    Header always set Access-Control-Allow-Headers  "Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "0"
    # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

Apache 2.4 template

apache24.yml-example-rproxy
---

# Apache 2.4 Reverse Proxy Template defintion for vhost-gen.py
#
# The 'feature' section contains optional features that can be enabled via
# conf.yml and will then be replaced into the main vhost ('structure' section)
# into their corresponding position:
#
#    __XDOMAIN_REQ__
#    __ALIASES__
#    __DENIES__
#    __STATUS__
#
# The features itself also contain variables to be adjusted in conf.yml
# and will then be replaced in their corresponding feature section
# before being replaced into the vhost section (if enabled):
#
# XDomain:
#    __REGEX__
# Alias:
#    __REGEX__
#    __PATH__
# Deny:
#    __REGEX__
# Status:
#    __REGEX__
#
# Variables to be replaced directly in the vhost configuration can also be set
# in conf.yml and include:
#    __VHOST_NAME__
#    __DOCUMENT_ROOT__
#    __INDEX__
#    __ACCESS_LOG__
#    __ERROR_LOG__
#

###
### Notes about Apache
###

#
# 1. Each same directive is checked in order of definition (last one wins)
# 2. Directives are ordered: Directory, DirectoryMatch, Files, and finally Location (last one wins)
#   * Last match always takes precedence
#
# Exception: Directories, where shortest path is matched first
# Exception: ProxyPass and Alias first match and then stops

###
### Basic vHost skeleton
###
vhost: |
  <VirtualHost __DEFAULT_VHOST__:__PORT__>
      ServerName __VHOST_NAME__
      Protocols  __HTTP_PROTO__

      CustomLog  "__ACCESS_LOG__" combined
      ErrorLog   "__ERROR_LOG__"

      # ProxyRequests:     Disable "Forward Proxy"
      # ProxyPreserveHost: Pass "Host" header to remote
      # ProxyAddHeaders:   Add "X-Forward-*" headers
      # ProxyVia:          Add "Via" header
      ProxyRequests     Off
      ProxyPreserveHost On
      ProxyAddHeaders   On
      ProxyVia          On
      <Location />
          # Reverse Proxy definition (Ensure to adjust the port, currently '8000')
          ProxyPass         http://php:8000/ retry=0
          ProxyPassReverse  http://php:8000/
      </Location>

  __REDIRECT__
  __SSL__
  __ALIASES__
  __DENIES__
  __SERVER_STATUS__
      # Custom directives
  __CUSTOM__
  </VirtualHost>

###
### vHost Type (normal or reverse proxy)
###
vhost_type:
  docroot: ""
  rproxy: ""

###
### Optional features to be enabled in vHost
###
features:

  # SSL Configuration
  ssl: |
    SSLEngine on
    SSLCertificateFile    "__SSL_PATH_CRT__"
    SSLCertificateKeyFile "__SSL_PATH_KEY__"
    SSLProtocol           __SSL_PROTOCOLS__
    SSLHonorCipherOrder   __SSL_HONOR_CIPHER_ORDER__
    SSLCipherSuite        __SSL_CIPHERS__

  # Redirect to SSL directive
  redirect: |
    RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1

  # PHP-FPM left empty, as we are an reverse proxy configuration
  php_fpm: ""

  alias: |
    # Alias Definition
    Alias "__ALIAS__" "__PATH____ALIAS__"
    <Location "__ALIAS__">
        ProxyPass !
    __XDOMAIN_REQ__
    </Location>
    <Directory "__PATH____ALIAS__">
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

  deny: |
    # Deny Definition
    <LocationMatch "__REGEX__">
        Order allow,deny
        Deny from all
    </LocationMatch>

  server_status: |
    # Status Page
    <Location __REGEX__>
        SetHandler server-status
        Order allow,deny
        Allow from all
        Require all granted
    </Location>

  # https://stackoverflow.com/a/42558499
  # https://fetch.spec.whatwg.org/#forbidden-header-name
  xdomain_request: |
    # Allow cross domain request from these hosts
    SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
    Header always set Access-Control-Allow-Origin   %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header always set Access-Control-Allow-Methods  "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS"
    Header always set Access-Control-Allow-Headers  "Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "0"
    # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

Nginx template

nginx.yml-example-rproxy
---

# Nginx Reverse Proxy Template defintion for vhost-gen.py
#
# The 'feature' section contains optional features that can be enabled via
# conf.yml and will then be replaced into the main vhost ('structure' section)
# into their corresponding position:
#
#    __XDOMAIN_REQ__
#    __ALIASES__
#    __DENIES__
#    __STATUS__
#
# The features itself also contain variables to be adjusted in conf.yml
# and will then be replaced in their corresponding feature section
# before being replaced into the vhost section (if enabled):
#
# XDomain:
#    __REGEX__
# Alias:
#    __REGEX__
#    __PATH__
# Deny:
#    __REGEX__
# Status:
#    __REGEX__
#
# Variables to be replaced directly in the vhost configuration can also be set
# in conf.yml and include:
#    __VHOST_NAME__
#    __DOCUMENT_ROOT__
#    __INDEX__
#    __ACCESS_LOG__
#    __ERROR_LOG__
#


###
### Basic vHost skeleton
###
vhost: |
  server {
      listen       __PORT____HTTP_PROTO____DEFAULT_VHOST__;
      server_name  __VHOST_NAME__;

      access_log   "__ACCESS_LOG__" combined;
      error_log    "__ERROR_LOG__" warn;

      # Reverse Proxy definition (Ensure to adjust the port, currently '8000')
      location / {
        # https://stackoverflow.com/a/72586833
        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # Proxy connection
        proxy_pass http://php:8000;
      }

  __REDIRECT__
  __SSL__
  __ALIASES__
  __DENIES__
  __SERVER_STATUS__
      # Custom directives
  __CUSTOM__
  }

###
### vHost Type (normal or reverse proxy)
###
vhost_type:
  docroot: ""
  rproxy: ""

###
### Optional features to be enabled in vHost
###
features:

  # SSL Configuration
  ssl: |
    ssl_certificate           __SSL_PATH_CRT__;
    ssl_certificate_key       __SSL_PATH_KEY__;
    ssl_protocols             __SSL_PROTOCOLS__;
    ssl_prefer_server_ciphers __SSL_HONOR_CIPHER_ORDER__;
    ssl_ciphers               __SSL_CIPHERS__;

  # Redirect to SSL directive
  redirect: |
    return 301 https://__VHOST_NAME__:__SSL_PORT__$request_uri;

  # PHP-FPM left empty, as we are an reverse proxy configuration
  php_fpm: ""

  alias: |
    # Alias Definition
    location ~ __ALIAS__ {
        root  __PATH__;
    __XDOMAIN_REQ__
    }

  deny: |
    # Deny Definition
    location ~ __REGEX__ {
        deny all;
    }

  server_status: |
    # Status Page
    location ~ __REGEX__ {
        stub_status on;
        access_log off;
    }

  xdomain_request: |
    # Allow cross domain request from these hosts
    # https://fetch.spec.whatwg.org/#forbidden-header-name
    if ( $http_origin ~* (__REGEX__) ) {
        add_header "Access-Control-Allow-Origin"   "$http_origin";
        add_header 'Access-Control-Allow-Methods'  'HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers'  'Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With';
        add_header 'Access-Control-Expose-Headers' 'Content-Security-Policy, Location';
        add_header 'Access-Control-Max-Age' 0;
        return 200;
    }