<VirtualHost *:80>
  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf

  ServerAdmin {{ apache_server_admin }}
  ServerName  {{ youtrack.domain }}

  Include /etc/apache2/{{ apache_conf_dir }}/redirect-ssl.conf
  Include /etc/apache2/{{ apache_conf_dir }}/letsencrypt-redirect.conf

  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
  LogLevel warn
{% if apache_version|default('2.4') == '2.4' %}
  ErrorLogFormat "[%{u}t] [%l] [pid %P] [client\ %{X-Forwarded-For}i] %M% ,\ referer:\ %{Referer}i"
{% endif %}
  LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
  ErrorLog {{ apacheLogDir }}/{{ youtrack.domain }}-error.log
  CustomLog {{ apacheLogDir }}/{{ youtrack.domain }}-access.log combined env=!forwarded
  CustomLog {{ apacheLogDir }}/{{ youtrack.domain }}-access.log proxy env=forwarded
</VirtualHost>

<VirtualHost *:443>
  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf

  ServerAdmin {{ apache_server_admin }}
  ServerName  {{ youtrack.domain }}
  ServerSignature Off

  ProxyPreserveHost On
  AllowEncodedSlashes NoDecode
  RequestHeader set X-Forwarded-Proto "https" env=HTTPS

  ProxyRequests Off
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>
  ProxyPass / http://127.0.0.1:8085/

  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
  LogLevel warn
{% if apache_version|default('2.4') == '2.4' %}
  ErrorLogFormat "[%{u}t] [%l] [pid %P] [client\ %{X-Forwarded-For}i] %M% ,\ referer:\ %{Referer}i"
{% endif %}
  LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
  ErrorLog {{ apacheLogDir }}/{{ youtrack.domain }}-error.log
  CustomLog {{ apacheLogDir }}/{{ youtrack.domain }}-access.log combined env=!forwarded
  CustomLog {{ apacheLogDir }}/{{ youtrack.domain }}-access.log proxy env=forwarded

  Include /etc/apache2/{{ apache_conf_dir }}/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/{{ youtrack.domain }}/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/{{ youtrack.domain }}/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/{{ youtrack.domain }}/chain.pem

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory /usr/lib/cgi-bin>
    SSLOptions +StdEnvVars
    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
  </Directory>
  BrowserMatch "MSIE [2-6]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
  # MSIE 7 and newer should be able to use keepalive
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>