# see certbot-wildcard.txt to see how is this configured

<VirtualHost *:443>
	#Include /srv/via-proxy/ssl.conf
	Include /srv/via-proxy/sso-pubtkt.conf

	SSLCertificateFile	/etc/letsencrypt/live/p2.vbz.ffzg.hr/cert.pem
	SSLCertificateKeyFile	/etc/letsencrypt/live/p2.vbz.ffzg.hr/privkey.pem
	SSLCertificateChainFile	/etc/letsencrypt/live/p2.vbz.ffzg.hr/chain.pem

	ServerName www.bmj.com.p2.vbz.ffzg.hr
	ServerAlias *.bmj.com.p2.vbz.ffzg.hr

	RewriteEngine on
	# fix broken chunging
	#RewriteRule	/common/javascript/extjs/ext-all.js 	https://www.bmj.com/common/javascript/extjs/ext-all.js [R,L]

	SSLProxyEngine on
	ProxyAddHeaders Off

	<Proxy https://*.bmj.com/*>
		Order Deny,Allow
		Allow from all
	</Proxy>

	RewriteCond	%{HTTP_HOST}	^(.+bmj.com)
	RewriteRule	^/(.*)$		https://%1/$1 [P]

#	ProxyPass        / https://www.bmj.com/
#	ProxyPassReverse / https://www.bmj.com/

	Header edit* Set-Cookie "(.*)(?i:; *domain=)([^;]+)(.*)" "$1 ; domain=$2.p2.vbz.ffzg.hr $3"
	#Header edit* Set-Cookie "(.*)(?i:; *secure)" "$1"
	Header edit* Location "https://([a-z]+).bmj.com/" "https://$1.bmj.com.p2.vbz.ffzg.hr/"

	RequestHeader unset Accept-Encoding
	# we don't use only https:// here because some urls are in javascript with escaped http:\/\/
	Substitute "s|https://(\w+)\.bmj\.com|https://$1.bmj.com.p2.vbz.ffzg.hr|i"
	Substitute "s|http://(\w+)\.bmj\.com|https://$1.bmj.com.p2.vbz.ffzg.hr|i"

	FilterDeclare NEWPATHS
	FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^text/html|"
	FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^text/css|"
	FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^text/javascript|"
	FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^application/javascript|"
	FilterChain NEWPATHS

	CustomLog /var/log/apache2/access-p2.vbz.ffzg.hr.log vhost_combined
</VirtualHost>