<Macro LDAPAuthConfig>
    AuthBasicProvider ldap
    AuthLDAPBindDN "%AuthLDAPBindDN%"
    AuthLDAPBindPassword "%AuthLDAPBindPassword%"
    AuthLDAPURL "%AuthLDAPURL%"
    LDAPReferrals Off
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN on
    AuthType Basic
</Macro>

SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

ServerAdmin admin@example.com
MDCertificateAgreement accepted
MDNotifyCmd /usr/bin/notify.sh
MDStoreDir /usr/local/apache2/conf/ssl


# Example on usage on above LDAPAuthConfig macro
#  <Location /pw>
#    Use LDAPAuthConfig
#    AuthName "pw-webservice"
#    Require ldap-group CN=...
#  </Location>

#Listen 0.0.0.0:80
Listen 0.0.0.0:443

MDomain test.example.com

<VirtualHost 0.0.0.0:80>
  ServerName test.example.com
  Redirect / https://test.example.com
</VirtualHost>

<VirtualHost 0.0.0.0:443>
  ServerName test.example.com

  CustomLog /usr/local/apache2/logs/test_access.log combined
  ErrorLog /usr/local/apache2/logs/test_error.log


  AllowEncodedSlashes On
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass "/" "http://servicehost:3400/" nocanon
  ProxyPassReverse "/" "http://servicehost:3400/"
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"


  SSLEngine on
</VirtualHost>