<%
  @path = "/etc/apache2/sites-available/#{rubber_env.app_name}-tools"
  @post = <<-EOS
    a2enmod rewrite
    a2enmod ssl
    a2enmod proxy_http
    a2enmod proxy_html
    a2enmod ext_filter
    a2ensite #{rubber_env.app_name}-tools
   EOS
%>

Listen <%= rubber_env.web_tools_port %>
<VirtualHost *:<%= rubber_env.web_tools_port %>>
  ServerName      <%= rubber_env.full_host %>

  RewriteEngine   on
  RewriteCond     %{HTTPS} !=on
  RewriteRule     ^/(.*)$ https://%{SERVER_NAME}:<%= rubber_env.web_tools_ssl_port %>/$1 [L,R]
  RewriteLog      "/var/log/apache2/rewrite.log"
</VirtualHost>

Listen <%= rubber_env.web_tools_ssl_port %>
NameVirtualHost *:<%= rubber_env.web_tools_ssl_port %>

<VirtualHost *:<%= rubber_env.web_tools_ssl_port %>>
  ServerName      <%= rubber_env.full_host %>
  DocumentRoot    /var/www

  SSLEngine on
  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
  # SSLCertificateFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt
  # SSLCertificateKeyFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.key
  # SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt

  <Location />
    AuthType Basic
    AuthName "Rubber Admin Tools"
    AuthUserFile <%= Rubber.root %>/config/<%= rubber_env.app_name %>.auth
    Require valid-user

    Allow from all
  </Location>

  SetOutputFilter  proxy-html

  <% rubber_instances.for_role('haproxy').each do |ic| %>
    ProxyPass /haproxy_<%= ic.name %>/  http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/haproxy/
    <Location /haproxy_<%= ic.name %>/>
      ProxyPassReverse /
      ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/ /haproxy_<%= ic.name %>/
      ProxyHTMLURLMap /haproxy/ /haproxy_<%= ic.name %>/
      ProxyHTMLURLMap /haproxy /haproxy_<%= ic.name %>/
    </Location>
  <% end %>

  <% rubber_instances.each do |ic| %>
    ProxyPass /monit_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/
    <Location /monit_<%= ic.name %>/>
      ProxyPassReverse /
      ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/ /monit_<%= ic.name %>/
      ProxyHTMLURLMap / /monit_<%= ic.name %>/
    </Location>
  <% end %>
</VirtualHost>


<%
  Array(rubber_env.web_tools_proxies).each do |name, settings|
    proxy_host = rubber_instances.for_role(settings.role).first.full_name rescue nil
    next unless proxy_host
    
    host = "#{name}.#{rubber_env.full_host}"
    host_and_port = "#{host}:#{rubber_env.web_tools_ssl_port}"
    proxy_url = "http://#{proxy_host}:#{settings.port}#{settings.path}"
%>
  <VirtualHost *:<%= rubber_env.web_tools_ssl_port %>>
    ServerName      <%= host %>
    DocumentRoot    /var/www

    SSLEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

    SSLEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    # SSLCertificateFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt
    # SSLCertificateKeyFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.key
    # SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt

    <Location />
      AuthType Basic
      AuthName "Rubber Admin Tools"
      AuthUserFile <%= Rubber.root %>/config/<%= rubber_env.app_name %>.auth
      Require valid-user

      Allow from all
    </Location>

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass /  <%= proxy_url %>
    <Location />
      ProxyPassReverse /
    </Location>

    # Fix any redirects occurring on the backend server, since we're communicating with it via HTTP.
    Header edit Location ^http://<%= host_and_port %>/ https://<%= host_and_port %>/
  </VirtualHost>
<% end %>