--- /dev/null
+# see certbot-wildcard.txt to see how is this configured
+
+<VirtualHost *:443>
+ Include /srv/via-proxy/ssl.conf
+
+ SSLCertificateFile /etc/letsencrypt/live/p2.vbz.ffzg.hr/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/p2.vbz.ffzg.hr/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/p2.vbz.ffzg.hr/chain.pem
+
+ ServerName www.bmj.com.p2.vbz.ffzg.hr
+ ServerAlias *.bmj.com.p2.vbz.ffzg.hr
+
+ RewriteEngine on
+ # fix broken chunging
+ #RewriteRule /common/javascript/extjs/ext-all.js https://www.bmj.com/common/javascript/extjs/ext-all.js [R,L]
+
+ SSLProxyEngine on
+ ProxyAddHeaders Off
+
+ <Proxy https://*.bmj.com/*>
+ Order Deny,Allow
+ Allow from all
+ </Proxy>
+
+ RewriteCond %{HTTP_HOST} ^(.+bmj.com)
+ RewriteRule ^/(.*)$ https://%1/$1 [P]
+
+# ProxyPass / https://www.bmj.com/
+# ProxyPassReverse / https://www.bmj.com/
+
+ Header edit* Set-Cookie "(.*)(?i:; *domain=)([^;]+)(.*)" "$1 ; domain=$2.p2.vbz.ffzg.hr $3"
+ #Header edit* Set-Cookie "(.*)(?i:; *secure)" "$1"
+ Header edit* Location "https://([a-z]+).bmj.com" "https://$1.bmj.com.p2.vbz.ffzg.hr"
+
+ RequestHeader unset Accept-Encoding
+ # we don't use https:// here because some urls are in javascript with escaped http:\/\/
+ Substitute "s|(\w+)\.bmj\.com|$1.bmj.com.p2.vbz.ffzg.hr|i"
+
+ FilterDeclare NEWPATHS
+ FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^text/html|"
+ FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^text/css|"
+ FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^text/javascript|"
+ FilterProvider NEWPATHS SUBSTITUTE "%{Content_Type} =~ m|^application/javascript|"
+ FilterChain NEWPATHS
+
+ CustomLog /var/log/apache2/access-p2.vbz.ffzg.hr.log vhost_combined
+</VirtualHost>
+