Apache mod_macro

macros.conf

<Macro HSTS>
	Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</Macro>

<Macro LetsEncrypt $domain>
	SSLEngine on
	SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem
	SSLCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem
	Use HSTS
</Macro>

<Macro Log $vhost>
	CustomLog ${APACHE_LOG_DIR}/access.$vhost.log combined
</Macro>

<Macro CloudflareAuth>
	SSLVerifyClient require
	SSLVerifyDepth 1
	SSLCACertificatePath /etc/ssl/certs/
</Macro>

<Macro ForceHTTPS $domain>
	<VirtualHost *:80>
		ServerName $domain
		RedirectPermanent / https://$domain/
	</VirtualHost>
</Macro>

<Macro DocumentRootDefault $dir>
	DocumentRoot "$dir"
	<Directory  "$dir">
		Options +Indexes +Includes +FollowSymLinks +MultiViews
		AllowOverride All
		Require local
	</Directory>
</Macro>

<Macro SSLSettings >
	SSLEngine on

	#   Server Certificate:
	SSLCertificateFile "${SRVROOT}/conf/server.crt"

	#   Server Private Key:
	SSLCertificateKeyFile "${SRVROOT}/conf/server.key"

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory "${SRVROOT}/cgi-bin">
		SSLOptions +StdEnvVars
	</Directory>

	#   SSL Protocol Adjustments:
	#   The safe and default but still SSL/TLS standard compliant shutdown
	#   approach is that mod_ssl sends the close notify alert but doesn't wait for
	#   the close notify alert from client. When you need a different shutdown
	#   approach you can use one of the following variables:
	#   o ssl-unclean-shutdown:
	#     This forces an unclean shutdown when the connection is closed, i.e. no
	#     SSL close notify alert is sent or allowed to be received.  This violates
	#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
	#     this when you receive I/O errors because of the standard approach where
	#     mod_ssl sends the close notify alert.
	#   o ssl-accurate-shutdown:
	#     This forces an accurate shutdown when the connection is closed, i.e. a
	#     SSL close notify alert is send and mod_ssl waits for the close notify
	#     alert of the client. This is 100% SSL/TLS standard compliant, but in
	#     practice often causes hanging connections with brain-dead browsers. Use
	#     this only for browsers where you know that their SSL implementation
	#     works correctly. 
	#   Notice: Most problems of broken clients are also related to the HTTP
	#   keep-alive facility, so you usually additionally want to disable
	#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
	#   "force-response-1.0" for this.
	BrowserMatch "MSIE [2-5]" \
			 nokeepalive ssl-unclean-shutdown \
			 downgrade-1.0 force-response-1.0
</Macro>

<Macro VHost $host $port $dir>
	<VirtualHost *:$port>
		ServerName $host
		
		use DocumentRootDefault $dir
	</VirtualHost>
</Macro>

<Macro VHostAlias $host $alias $port $dir>
	<VirtualHost *:$port>
		ServerName $host
		ServerAlias $alias

		use DocumentRootDefault $dir
	</VirtualHost>
</Macro>

<Macro VHostWithSSL $host $dir>
	Use VHost $host 80 $dir
	
	<VirtualHost *:443>
		ServerName $host
		
		use DocumentRootDefault $dir
		
		use SSLSettings
	</VirtualHost>
</Macro>

<Macro VHostAliasWithSSL $host $alias $dir>
	Use VHostAlias $host $alias 80 $dir
	
	<VirtualHost *:443>
		ServerName $host
		ServerAlias $alias
		
		use DocumentRootDefault $dir
		
		use SSLSettings
	</VirtualHost>
</Macro>

<Macro VHostProject $host $path>
	Use VHostWithSSL $host "D:\webdev\proiecte\$path\public"
</Macro>

<Macro VHostAliasProject $host $alias $path>
	Use VHostAliasWithSSL $host $alias "D:\webdev\proiecte\$path\public"
</Macro>