The system detected EasyApache 4 template change

[tmcstom]

Can you tell us what was changed in the ssl_vhost.default and vhost.default templates since it appears it has triggered the following notification?

The system detected EasyApache 4 template changes as a result of a change in the EasyApache 4 environment.

The system detected that one or more templates were updated as a result of a change in the EasyApache 4 environment.

The following “.default” templates have changed in a recent update in the EasyApache 4 environment.

* ssl_vhost.default
* vhost.default

 

[celiac101]

I am getting the following email, and am not sure how to update my template...would be nice if this email included that info, but any help is appreciated:

The system detected that one or more templates were updated as a result of a change in the EasyApache 4 environment.
The following "default" template has changed in a recent update in the EasyApache 4 environment.

• ssl_vhost.default

We identified corresponding "local" template for the above mentioned "default" template on your system. Update them as soon as possible to avoid problems.

 

[cPanelMichael]

Hello,

The vhost template changes stem from updates to ea-apache24-config:

ea-apache24-config
1.0-103 - EA-6414: Call PHP hook scripts for *-php* transactions
1.0-104 - PIG-3244: Set the proper PassengerUser and PassengerGroup per vhost to ensure that Passenger runs the applications as the right user.
1.0-105 - PIG-3252: Block userdir requests on mod_passenger

Here's a copy of the previous template files if you'd like to compare them to the new ones:

Show/Hide: ea4_main.default

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   DO NOT EDIT. AUTOMATICALLY GENERATED.  USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
#   Direct modifications to the Apache configuration file WILL be lost upon subsequent
#   regeneration of this configuration file, or an Apache update.
#
#   To have your modifications retained, you should create/edit administrator-specific
#   include files:
#
#       [% paths.dir_conf_includes %]/pre_main_global.conf
#       [% paths.dir_conf_includes %]/pre_virtualhost_global.conf
#       [% paths.dir_conf_includes %]/post_virtualhost_global.conf
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

##################################################
##################################################
#
# cPanel & WHM controlled Apache configuration
#
##################################################
##################################################

[%# NOTE: The IF variable.exists() method used throughout this template is to deal with
    migration from ea3 to ea4.  This should allow pre-existing distillation of variables
    when the user was on EA3 but didn't use the WHM interfaces to update their httpd.conf.
    The ELSE clause is there to ensure a default is placed into the configuration regardless
    of previous distillations and will attempt to use the WHM settings where possible.

    Ideally speaking, the user shouldn't be using previously distilled information since
    we're moving towards a solution where httpd.conf isn't a database.  However, we're not
    there yet, so the exists() method is used to ensure easier migration.
-%]
Include "[% paths.dir_base %]/conf.modules.d/*.conf"

# Administrator locations for safely altering httpd.conf
[% IF file_test('f', paths.dir_conf_includes _ '/pre_main_global.conf') -%]
Include "[% paths.dir_conf_includes %]/pre_main_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/pre_main_global.conf" if you want to customize httpd.conf.
[% END -%]

# These are hard-coded values that are required by cPanel & WHM
PidFile [% paths.dir_run %]/httpd.pid
User nobody
Group nobody
ExtendedStatus [% IF main.exists('extendedstatus') %][% main.extendedstatus.item.extendedstatus %][% ELSE %]Off[% END %]
LogLevel [% IF main.exists('loglevel') %][% main.loglevel.item.loglevel %][% ELSE %]warn[% END %]
[%- IF main.exists('symlink_protect') %]
SymlinkProtect [% main.symlink_protect.item.symlink_protect %]
SymlinkProtectRoot [% paths.dir_docroot %]
[% END -%]

# You can change this by using WHM, and navigating to the 'Basic cPanel & WHM Setup' -> 'Contact Information' interface.
ServerAdmin [% main.serveradmin.item.serveradmin %]

# You can change this by using WHM, and navigating to the 'Networking Setup' => 'Change Hostname' interface.
ServerName [% wildcard_safe(main.servername.item.servername) %]

# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Global Configuration' interface.
[% IF main.exists('traceenable') %]TraceEnable [% main.traceenable.item.traceenable %][% END %]
[% IF main.exists('serversignature') %]ServerSignature [% main.serversignature.item.serversignature %][% END %]
[% IF main.exists('servertokens') %]ServerTokens [% main.servertokens.item.servertokens %][% END %]
[% IF main.exists('fileetag') %]FileETag [% main.fileetag.item.fileetag %][% END %]

<Directory "/">
    [% IF main.exists('optimize_htaccess') && main.optimize_htaccess.item.optimize_htaccess && main.optimize_htaccess.item.optimize_htaccess != "search_full_path" %]
      AllowOverride None
    [% ELSE %]
      AllowOverride All
    [% END %]
    Options [% main.directory.options.item.options %]
</Directory>

[% IF main.exists('startservers') %]StartServers [% main.startservers.item.startservers %][% END %]
<IfModule prefork.c>
    [% IF main.exists('minspareservers') %]MinSpareServers [% main.minspareservers.item.minspareservers %][% END %]
    [% IF main.exists('maxspareservers') %]MaxSpareServers [% main.maxspareservers.item.maxspareservers %][% END %]
</IfModule>

[% IF main.exists('serverlimit') %]ServerLimit [% main.serverlimit.item.serverlimit %][% END %]
[% IF main.exists('maxclients') %]MaxRequestWorkers [% main.maxclients.item.maxclients %][% END %]
[% IF main.exists('maxrequestsperchild') %]MaxConnectionsPerChild [% main.maxrequestsperchild.item.maxrequestsperchild %][% END %]
[% IF main.exists('keepalive') %]KeepAlive [% main.keepalive.item.keepalive %][% END %]
[% IF main.exists('keepalivetimeout') %]KeepAliveTimeout [% main.keepalivetimeout.item.keepalivetimeout %][% END %]
[% IF main.exists('maxkeepaliverequests') %]MaxKeepAliveRequests [% main.maxkeepaliverequests.item.maxkeepaliverequests || 0 %][% END %]
[% IF main.exists('timeout') %]Timeout [% main.timeout.item.timeout %][% END %]


[% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%]
<IfModule rewrite_module>
# Global DCV Exclude
RewriteEngine on
[% FOR pattern = dcv_rewrite_patterns -%]
RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %]
[% END -%]
[% IF all_possible_proxy_subdomains_regex %]
# Exclude proxy subdomains as we need rewrites to capture the DCV requests
RewriteCond %{HTTP_HOST} !^(?:[% all_possible_proxy_subdomains_regex %])\.
[% END -%]
RewriteRule ^ - [END]
</IfModule>
[% END %]


# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'DirectoryIndex Priority' interface.
<IfModule dir_module>
    DirectoryIndex [% main.directoryindex.item.directoryindex %]
</IfModule>

# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Memory Usage Restrictions' interface.
[%# NOTE: The maxrlimit* settings are currently hard-coded to off in WHM -%]
[% IF main.rlimitcpu.item.softrlimitcpu -%]
RLimitCPU [% main.rlimitcpu.item.softrlimitcpu %] [% mainrlimitcpu.item.maxrlimitcpu %]
[% END -%]
[% IF main.rlimitmem.item.softrlimitmem -%]
RLimitMEM [% main.rlimitmem.item.softrlimitmem %] [% mainrlimitmem.item.maxrlimitmem %]
[% END -%]

# This setting is required by cPanel & WHM in order to provide access to a default webpage when none exists
<Directory "[% paths.dir_docroot %]">
    Options All
    AllowOverride None
    Require all granted
</Directory>

# Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files
<FilesMatch "^(\.ht(access|passwds?)|\.user\.ini|php\.ini)$">
    Require all denied
</FilesMatch>

<IfModule alias_module>
    ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
    ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
    ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
    ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi
[% IF autodiscover_proxy_subdomains -%]
    ScriptAliasMatch ^/Autodiscover/Autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi
    ScriptAliasMatch ^/autodiscover/autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi
[% END -%]

    Alias /bandwidth /usr/local/bandmin/htdocs/
    Alias /img-sys /usr/local/cpanel/img-sys/
    Alias /java-sys /usr/local/cpanel/java-sys/
    Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
    Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
    Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/

    ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/
    ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/
    [% IF file_test('f', '/usr/local/cpanel/cgi-sys/scgiwrap') %]ScriptAlias /scgi-bin /usr/local/cpanel/cgi-sys/scgiwrap[% END %]
</IfModule>

# This can be configured in the cPanel 'Leech Protection' interface.
[% IF file_test('f', '/usr/local/cpanel/bin/leechprotect') -%]
<IfModule rewrite_module>
    RewriteEngine on
    RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
    Mutex file:[% paths.dir_run %] rewrite-map
</IfModule>
[% END -%]

<IfModule mime_module>
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddType application/x-tar .tgz
    AddType text/vnd.wap.wml .wml
    AddType image/vnd.wap.wbmp .wbmp
    AddType text/vnd.wap.wmlscript .wmls
    AddType application/vnd.wap.wmlc .wmlc
    AddType application/vnd.wap.wmlscriptc .wmlsc

    # These extensions are used to redirect incoming requests to WHM
    AddHandler cgi-script .cgi .pl .plx .ppl .perl

    # This is used for custom error documents
    AddHandler server-parsed .shtml
</IfModule>

# You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option.
<IfModule status_module>
    # This is used by the WHM 'Apache Status' application
    <Location /whm-server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
[%  IF options_support.APR_HAVE_IPV6 -%]
        Allow from 127.0.0.1 ::1
[%  ELSE -%]
        Allow from 127.0.0.1
[%  END -%]
    </Location>

[%  IF serve_server_status -%]
    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from [% allow_server_info_status_from %]
    </Location>
[%  END -%]
</IfModule>

# Required cPanel security policy: disable userdir when mod_ruid2 or mpm_itk are loaded
<IfModule userdir_module>
    UserDir public_html

    <IfModule ruid2_module>
        UserDir disabled
    </IfModule>
    <IfModule mpm_itk.c>
        UserDir disabled
    </IfModule>
</IfModule>

[% IF enable_piped_logs -%]
<IfModule mod_log_config.c>
    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
    <IfModule logio_module>
        LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
    </IfModule>
    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent

    [%- SET splitlogsextra = '' -%]
    [%- TRY -%]
        [%- SET splitlogsconf = load_conf('/var/cpanel/conf/splitlogs.conf') -%]
        [%- IF splitlogsconf.maxopen.length %][% splitlogsextra = splitlogsextra _ " --maxopen=" _ splitlogsconf.maxopen %][% END -%]
        [%- IF splitlogsconf.buffer.length %][% splitlogsextra = splitlogsextra _ " --buffer=" _ splitlogsconf.buffer %][% END -%]
        [%- IF splitlogsconf.sslport.length %]
            [% splitlogsextra = splitlogsextra _ " --sslport=" _ splitlogsconf.sslport %]
        [%- ELSIF configured.main_port_ssl.length && configured.main_port_ssl != '443' %]
            [% splitlogsextra = splitlogsextra _ " --sslport=" _ configured.main_port_ssl %]
        [% END -%]
    [%- CATCH -%]
        [%# noop but catch is required or it dies %]
    [%- END -%]
    <IfModule logio_module>
        CustomLog "|/usr/local/cpanel/bin/splitlogs --main=[% wildcard_safe(servername) %] --suffix=-bytes_log[% splitlogsextra %]" bytesvhost
    </IfModule>
    CustomLog "|/usr/local/cpanel/bin/splitlogs --main=[% wildcard_safe(servername) %] --mainout=[% paths.file_access_log %][% splitlogsextra %]" combinedvhost
</IfModule>
[% ELSE %]
<IfModule log_config_module>
[%  IF main.ifmodulemodlogconfigc.logformat.items.length -%]
[%      FOREACH dir IN main.ifmodulemodlogconfigc.logformat.items -%]
    LogFormat [% dir.logformat %]
[%      END -%]
[%  ELSE -%]
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    # NOTE: "combined" and "common" are required by WHM
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[%  END -%]

    # access_log format can be set in WHM under 'Basic cPanel & WHM Setup'
[%  IF main.ifmodulemodlogconfigc.customlog.items.length -%]
[%      FOREACH dir IN main.ifmodulemodlogconfigc.customlog.items -%]
    CustomLog [% dir.target %] [% dir.format %]
[%      END -%]
[%  ELSE -%]
    CustomLog logs/access_log [% logstyle %]
[%  END -%]
</IfModule>
[% END %]

[%  IF configured.ip_listen -%]
# The Listen port can be updated using 'Tweak Settings' -> 'System',
# However, if you have any Apache Reserved IPs, then this Tweak setting will
# be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
# will be listed here.
[%      FOREACH ip IN configured.ip_listen -%]
Listen [% ip %]:[% configured.main_port %]
[%      END -%]
[%  ELSE -%]
# WARNING: This is the default value assigned during installation, and should
#          be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache non-SSL IP/port')
Listen [% default_apache_port %]
[%  END -%]

<IfModule ssl_module>
    # cipher and protocol directives can be set in WHM under 'Apache Configuration' -> 'Global Configuration'
[%  IF main.sslciphersuite.item.sslciphersuite.length %]    SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %]
[%  IF main.sslprotocol.item.sslprotocol.length %]    SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]
    SSLPassPhraseDialog  builtin

    <IfModule socache_shmcb_module>
[%      IF supported.stapling -%]
        SSLUseStapling on
        SSLStaplingCache shmcb:[% paths.dir_run %]/stapling_cache_shmcb(256000)

        # Prevent browsers from failing if an OCSP server is temporarily broken.
        SSLStaplingReturnResponderErrors off
        SSLStaplingErrorCacheTimeout 60
        SSLStaplingFakeTryLater off
        SSLStaplingResponderTimeout 3
[%      END -%]
        SSLSessionCache shmcb:[% paths.dir_run %]/ssl_gcache_data_shmcb(1024000)
    </IfModule>
    <IfModule !socache_shmcb_module>
        SSLSessionCache dbm:[% paths.dir_run %]/ssl_gcache_data_dbm
    </IfModule>

    SSLSessionCacheTimeout  300
    Mutex                   file:[% paths.dir_run %] ssl-cache
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin

[%  IF configured.ip_listen_ssl -%]
    # The Listen port can be updated using 'Tweak Settings' -> 'System',
    # However, if you have any Apache Reserved IPs, then this Tweak setting will
    # be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
    # will be listed here.
[%     FOREACH ip IN configured.ip_listen_ssl -%]
    Listen [% ip %]:[% configured.main_port_ssl %]
[%     END -%]
[%  ELSE -%]
    # WARNING: This is the default value assigned during installation, and should
    #          be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache SSL port')
    Listen [% default_apache_ssl_port %]
[%  END -%]

    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
</IfModule>

Include "[% paths.dir_conf %]/*.conf"

[% IF file_test('f', paths.dir_conf_includes _ '/account_suspensions.conf') -%]
Include "[% paths.dir_conf_includes %]/account_suspensions.conf"
[% END -%]
[% IF file_test('f', paths.dir_conf_includes _ '/errordocument.conf') -%]
Include "[% paths.dir_conf_includes %]/errordocument.conf"
[% END -%]

# Administrator locations for safely globally altering all virtualhost configurations
[% IF file_test('f', paths.dir_conf_includes _ '/pre_virtualhost_global.conf') -%]
Include "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf" if you want to customize httpd.conf.
[% END -%]

##################################################
##################################################
#
# Define default vhosts for shared IPs
#
##################################################
##################################################

[% FOREACH vh IN sharedips -%]
<VirtualHost [% vh %]>
    ServerName [% parsed_ip(vh) %]
    ServerAlias [% wildcard_safe(servername) %]
    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]

    <Directory "[% paths.dir_docroot %]">
      AllowOverride All
    </Directory>

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>

[%-     IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
    UserDir disabled
[%-         IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 %]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%-         END -%]
[%-     END %]
</VirtualHost>

[% END -%]

##################################################
##################################################
#
# Define default vhosts for unbound IPs
#
##################################################
##################################################

<VirtualHost *>
    ServerName [% wildcard_safe(servername) %]
    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]

    <Directory "[% paths.dir_docroot %]">
      AllowOverride All
    </Directory>

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>

[%-     IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
    UserDir disabled
[%-         IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 %]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%-         END -%]
[%-     END %]
</VirtualHost>

##################################################
##################################################
#
# Define the virtual host configurtion for user domains
#
##################################################
##################################################

# BEGIN: HTTP vhosts list
[%  FOREACH vhost IN vhosts -%]
[%      IF vhost.custom_vhost_template_ap2 != '' -%]
[%          INCLUDE $vhost.custom_vhost_template_ap2 -%]
[%      ELSE -%]
[%          INCLUDE $includes.vhost -%]
[%      END -%]
[%  END -%]
# END: HTTP vhosts list

# BEGIN: HTTPS vhosts list
[% FOREACH vhost IN ssl_vhosts -%]
[%     IF vhost.custom_vhost_template_ap2 != '' -%]
[%         INCLUDE $vhost.custom_vhost_template_ap2 -%]
[%     ELSE -%]
[%         INCLUDE $includes.ssl_vhost -%]
[%     END -%]
[% END -%]
# END: HTTPS vhosts list

##################################################
##################################################
#
# Define the main cPanel & WHM proxy subdomains
#
##################################################
##################################################

[% ips_in_use.push("127.0.0.1") -%]
[% SET copy_of_ips_in_use = ips_in_use.slice(0) -%]
[% WHILE (ip_block = copy_of_ips_in_use.splice(0, 50)) AND ip_block.size -%]
[%      IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%]

[%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%]
# [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %]
<VirtualHost[% FOREACH server_ip IN ip_block -%] [% "${server_ip}:${configured.main_port}" %][% END -%]>
    ServerName [% wildcard_safe(servername) %]
[%          IF autodiscover_proxy_subdomains -%]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.*
[%          ELSE -%]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
[%          END -%]

    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>
    <Proxy "*">
        <IfModule security2_module>
            SecRuleEngine Off
        </IfModule>
    </Proxy>

[%          IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
    UserDir disabled
[%              IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 -%]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%              END -%]
[%          END -%]

[%  IF dcv_rewrite_patterns -%]
    ScriptAlias /.cpanel/dcv /usr/local/cpanel/cgi-priv/get_local.cgi
[%  END -%]

    RewriteEngine On

[%  IF dcv_rewrite_patterns -%]
        [% FOR pattern = dcv_rewrite_patterns -%]
            RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %]
        [% END -%]
        RewriteRule ^ /.cpanel/dcv [passthrough]
[%  END -%]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpanel\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2082/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webmail\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
    ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2095/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^whm\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
    ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2086/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webdisk\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
    ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2077/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcalendars\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcontacts\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P]
[% END %]

[%          IF autodiscover_proxy_subdomains %]
    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autodiscover\.
    RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autodiscover.cgi [P]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autoconfig\.
    RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autoconfig.cgi [P]
[%          END %]
    UseCanonicalName Off

    <IfModule security2_module>
        SecRuleEngine On
    </IfModule>
</VirtualHost>
[%      END %]
[% END -%]

[% WHILE (ip_block = ips_in_use.splice(0, 50)) AND ip_block.size -%]
[%      IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%]

[%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%]
# [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %]
<VirtualHost[% FOREACH server_ip IN ip_block -%] [% "${server_ip}:${configured.main_port_ssl}" %][% END -%]>
    ServerName [% wildcard_safe(servername) %]
[%          IF autodiscover_proxy_subdomains %]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.*
[%          ELSE %]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
[%          END %]
    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>
    <Proxy "*">
        <IfModule security2_module>
            SecRuleEngine Off
        </IfModule>
    </Proxy>

[%          IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
    UserDir disabled
[%              IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 -%]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%              END -%]
[%          END -%]

    RewriteEngine On

    <IfModule ssl_module>
        SSLEngine on

[%         IF !ssl_proxy_to_non_ssl -%]
            SSLProxyEngine On
            SSLProxyVerify none
            # Setting to Off for backwards-compatibility
            # Read for more info: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeercn
            SSLProxyCheckPeerCN Off
            [% IF options_support.split_version.2 >= 5 -%]
                SSLProxyCheckPeerName Off
            [% END -%]
            SSLProxyCheckPeerExpire Off
[%         END -%]

[%          IF file_test('f', '/var/cpanel/ssl/cpanel/mycpanel.pem') -%]
        SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
[%              IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/mycpanel.pem') -%]
        SSLUseStapling Off
[%              END -%]
[%          ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.pem') -%]
        SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem
[%              IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.pem') -%]
        SSLUseStapling Off
[%              END -%]
[%          ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.crt') && file_test('f', '/var/cpanel/ssl/cpanel/cpanel.key') -%]
        SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.crt
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.key
[%              IF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.cab') -%]
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.cab
[%              END -%]
[%              IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.crt') -%]
        SSLUseStapling Off
[%              END -%]
[%          ELSE -%]
        # No service SSL installed for cPanel
[%          END -%]
    </IfModule>

    [% SET proxy_prot = ssl_proxy_to_non_ssl ? 'http' : 'https' %]

    <IfModule headers_module>
    RequestHeader set X-HTTPS 1
    </IfModule>

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpanel\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2082 : 2083 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webmail\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
    ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2095 : 2096 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^whm\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
    ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2086 : 2087 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webdisk\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
    ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2077 : 2078 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcontacts\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcalendars\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P]
[% END %]

[%          IF autodiscover_proxy_subdomains %]
    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autodiscover\.
    RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autodiscover.cgi [P]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autoconfig\.
    RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autoconfig.cgi [P]

[%          END %]
    UseCanonicalName Off

    <IfModule security2_module>
        SecRuleEngine On
    </IfModule>
</VirtualHost>
[%      END -%]
[% END -%]

# Administrator locations for safely altering virtualhost configuration
[% IF file_test('f', paths.dir_conf_includes _ '/post_virtualhost_global.conf') -%]
Include "[% paths.dir_conf_includes %]/post_virtualhost_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/post_virtualhost_global.conf" if you want to customize httpd.conf.
[% END -%]

##################################################
##################################################
#
# Define the Domain Forwarding virtual hosts
#
##################################################
##################################################

[% IF file_test('f', '/var/cpanel/domainfwdip') -%]
<VirtualHost [% domainfwdip %]>
    ServerName [% wildcard_safe(domainfwdip) %]
    ServerAdmin root\@localhost
    DocumentRoot /dev/null
    ScriptAliasMatch .* /usr/local/cpanel/cgi-sys/domainredirect.cgi
</VirtualHost>
[% ELSE -%]
# Domain forwarding is currently disabled.
# You can set this by logging into WHM, and navigating to the 'DNS Functions' => 'Setup/Edit Domain Forwarding' interface.
[% END %]

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   DO NOT EDIT. AUTOMATICALLY GENERATED.  USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Show/Hide: vhost.default

<VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]>
  ServerName [% wildcard_safe(vhost.servername) %]
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
  ServerAlias [% alias %]
[% END -%]
[% ELSE -%]
  ServerAlias [% vhost.serveralias %]
[% END -%]
  DocumentRoot [% vhost.documentroot %]
[% IF vhost.serveradmin -%]
  ServerAdmin [% vhost.serveradmin %]
[% ELSE %]
  ServerAdmin [email protected][% vhost.servername %]
[% END -%]
[% IF vhost.usecanonicalname -%]
  UseCanonicalName [% vhost.usecanonicalname %]
[% ELSE %]
  UseCanonicalName Off
[% END -%]
[% IF !vhost.hascgi -%]
  Options -ExecCGI -Includes
  RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
[% END -%]
[% IF logstyle == 'combined' -%]
    [%- IF !enable_piped_logs || !supported.mod_log_config -%]
  CustomLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %] combined
    [%- END %]
[% ELSE %]
  TransferLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %]
[% END -%]
[% IF !enable_piped_logs -%]
  <IfModule log_config_module>
    <IfModule logio_module>
      CustomLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %]-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    </IfModule>
  </IfModule>
[% END -%]
  ## User [% vhost.user %] # Needed for Cpanel::ApacheConf
  <IfModule userdir_module>
    <IfModule !mpm_itk.c>
      <IfModule !ruid2_module>
[%- IF userdirprotect_enabled %]
[%- IF vhost.userdirprotect == '-1' %]
        UserDir enabled
[%- ELSE %]
        UserDir disabled
        UserDir enabled [% vhost.user %] [% vhost.userdirprotect %]
[%- END %]
[%- ELSE %]
[%- IF vhost.user != 'nobody' %]
        UserDir enabled [% vhost.user %]
[%- END %]
[%- END %]
      </IfModule>
    </IfModule>
  </IfModule>

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  <IfModule include_module>
    <Directory "[% vhost.documentroot %]">
      SSILegacyExprParser On
    </Directory>
  </IfModule>

  [% IF vhost.optimize_htaccess && vhost.optimize_htaccess != "search_full_path" %]
    [% IF vhost.optimize_htaccess == "search_homedir_below" %]
      <Directory "[% vhost.homedir %]">
        AllowOverride All
      </Directory>
    [% ELSIF vhost.optimize_htaccess == "search_documentroot_below" %]
      <Directory "[% vhost.documentroot %]">
        AllowOverride All
      </Directory>
    [% ELSIF vhost.optimize_htaccess == "disable_htaccess" %]
      <Directory "/">
       AllowOverride None
      </Directory>
    [% ELSE %]
      <Directory "/">
        AllowOverride All
      </Directory>
    [% END %]
  [% END %]

  <IfModule suphp_module>
    suPHP_UserGroup [% vhost.user %] [% vhost.group %]
  </IfModule>
[% IF phpopenbasedirprotect_enabled && vhost.phpopenbasedirprotect && ( supported.libphp4 || supported.libphp5 ) -%]
  <IfModule concurrent_php.c>
    php4_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
    php5_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/local/lib/php:/tmp"
  </IfModule>
  <IfModule !concurrent_php.c>
    <IfModule mod_php4.c>
      php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
    </IfModule>
    <IfModule mod_php5.c>
      php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule sapi_apache2.c>
      php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
    </IfModule>
  </IfModule>
[% END -%]
[% IF vhost.user != 'nobody' -%]
  <IfModule suexec_module>
    <IfModule !mod_ruid2.c>
      SuexecUserGroup [% vhost.user %] [% vhost.group %]
    </IfModule>
  </IfModule>
  <IfModule ruid2_module>
    RMode config
    RUidGid [% vhost.user %] [% vhost.group %]
[% IF jailapache && vhost.jailed -%]
    RDocumentChRoot /home/virtfs/[% vhost.user %] [% vhost.documentroot %]
[% END -%]
  </IfModule>
  <IfModule mpm_itk.c>
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID [% vhost.user %] [% vhost.group %]
  </IfModule>
[% END -%]
[%- IF vhost.secruleengineoff %]
  <IfModule security2_module>
    SecRuleEngine Off
  </IfModule>
[%- END %]
[% IF vhost.hascgi && scriptalias == 1 -%]
  <IfModule alias_module>
    ScriptAlias /cgi-bin/ [% vhost.documentroot %]/cgi-bin/
  </IfModule>
[% END -%]

[%- IF file_test('d', paths.dir_conf_userdata) %]
    [%- IF cachedfglob(paths.dir_conf_userdata _ '/*.conf') %]
  Include "[% paths.dir_conf_userdata %]/*.conf"
    [%- END %]
    [%- IF vhost.owner && cachedfglob(paths.dir_conf_userdata _ '/*.owner-' _ vhost.owner) %]
        [%- added_include = 1 %]
  Include "[% paths.dir_conf_userdata %]/*.owner-[% vhost.owner %]"
    [%- END %]
    [%- IF file_test('d', paths.dir_conf_userdata _ '/std') %]
        [%- IF cachedfglob(paths.dir_conf_userdata _ '/std/*.conf') %]
            [%- added_include = 1 %]
  Include "[% paths.dir_conf_userdata %]/std/*.conf"
        [%- END %]
        [%- IF vhost.owner && cachedfglob(paths.dir_conf_userdata _ '/std/*.owner-' _ vhost.owner) %]
            [%- added_include = 1 %]
  Include "[% paths.dir_conf_userdata %]/std/*.owner-[% vhost.owner %]"
        [%- END %]
        [% SET vhost_include_base = '' %]
        [% FOREACH vhost_include_dir IN [ "$paths.dir_conf_userdata/std/$apache_target_version/", "$paths.dir_conf_userdata/std/2/" ] %]
            [% IF file_test('d',vhost_include_dir) %]
                [% SET vhost_include_base = vhost_include_dir %]
                [% LAST %]
            [% END %]
        [% END %]
        [%- IF vhost_include_base %]
            [%- IF cachedfglob(vhost_include_base _ '*.conf') %]
                [%- added_include = 1 %]
  Include "[% vhost_include_base %]*.conf"
            [%- END %]
            [%- IF vhost.owner && cachedfglob(vhost_include_base _ '*.owner-' _ vhost.owner) %]
                [%- added_include = 1 %]
  Include "[% vhost_include_base %]*.owner-[% vhost.owner %]"
            [%- END %]
            [%- IF file_test('d',vhost_include_base _ vhost.user) %]
                [%- IF fglob(vhost_include_base _ vhost.user _ '/*.conf') %]
                    [%- added_include = 1 %]
  Include "[% vhost_include_base %][% vhost.user %]/*.conf"
                [%- END %]
                [%- domains_list = vhost.serveralias.split(' ') %]
                [%- domains_list.push(vhost.servername) %]
                [%- FOREACH domain IN domains_list.unique() %]
                    [%- domain = legacy_wildcard_safe(domain) %]
                    [%- IF file_test('d',vhost_include_base _ vhost.user _ '/' _  domain) %]
                        [%- IF fglob(vhost_include_base _ vhost.user _ '/' _ domain _ '/*.conf') %]
                            [%- added_include = 1 %]
  Include "[% vhost_include_base %][% vhost.user %]/[% domain %]/*.conf"
                        [%- END %]
                    [%- END %]
                [%- END %]
            [%- END %]
        [%- END %]
    [%- END %]
[%- END %]
[%- IF vhost.php_fpm %]
    <IfModule proxy_fcgi_module>
        <FilesMatch \.(phtml|php[0-9]*)$>
            SetHandler proxy:unix:[% vhost.php_fpm_socket %]|fcgi://[% wildcard_safe(vhost.servername) %]/
        </FilesMatch>
    </IfModule>
[%- END %]
[%- IF global_dcv_rewrite_exclude && dcv_rewrite_patterns %]
    # Global DCV Rewrite Exclude
    <IfModule rewrite_module>
        RewriteOptions Inherit
    </IfModule>
[%- END %]

[%- IF !added_include %]
    [%- IF apache_target_version %]
        [%- SET vhost_include_base = paths.dir_conf_userdata _ "/std/$apache_target_version/" %]
    [%- ELSE %]
        [%- SET vhost_include_base = paths.dir_conf_userdata _ '/std/2_4/' %]
    [%- END %]
    [%- domain = legacy_wildcard_safe(vhost.servername) %]
  # To customize this VirtualHost use an include file at the following location
  # Include "[% vhost_include_base %][% vhost.user %]/[% domain %]/*.conf"
[%- END %]
</VirtualHost>

Show/Hide: ssl_vhost.default

<VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]>
  ServerName [% wildcard_safe(vhost.servername) %]
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
  ServerAlias [% alias %]
[% END -%]
[% ELSE -%]
  ServerAlias [% vhost.serveralias %]
[% END -%]
  DocumentRoot [% vhost.documentroot %]
[% IF vhost.serveradmin -%]
  ServerAdmin [% vhost.serveradmin %]
[% ELSE %]
  ServerAdmin [email protected][% vhost.servername %]
[% END -%]
[% IF vhost.usecanonicalname -%]
  UseCanonicalName [% vhost.usecanonicalname %]
[% ELSE %]
  UseCanonicalName Off
[% END -%]
[% IF !vhost.hascgi -%]
  Options -ExecCGI -Includes
  RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
[% END -%]
[% IF logstyle == 'combined' -%]
    [%- IF !enable_piped_logs || !supported.mod_log_config -%]
  CustomLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %]-ssl_log combined
    [%- END %]
[% ELSE %]
  TransferLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %]-ssl_log
[% END -%]
[% IF !enable_piped_logs -%]
  <IfModule log_config_module>
    <IfModule logio_module>
      CustomLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %]-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    </IfModule>
  </IfModule>
[% END -%]
  ## User [% vhost.user %] # Needed for Cpanel::ApacheConf
  <IfModule userdir_module>
    <IfModule !mpm_itk.c>
      <IfModule !ruid2_module>
[%- IF userdirprotect_enabled %]
[%- IF vhost.userdirprotect == '-1' %]
        UserDir enabled
[%- ELSE %]
        UserDir disabled
        UserDir enabled [% vhost.user %] [% vhost.userdirprotect %]
[%- END %]
[%- ELSE %]
[%- IF vhost.user != 'nobody' %]
        UserDir enabled [% vhost.user %]
[%- END %]
[%- END %]
      </IfModule>
    </IfModule>
  </IfModule>

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  <IfModule mod_include.c>
    <Directory "[% vhost.documentroot %]">
      SSILegacyExprParser On
    </Directory>
  </IfModule>

  [% IF vhost.optimize_htaccess && vhost.optimize_htaccess != "search_full_path" %]
    [% IF vhost.optimize_htaccess == "search_homedir_below" %]
      <Directory "[% vhost.homedir %]">
        AllowOverride All
      </Directory>
    [% ELSIF vhost.optimize_htaccess == "search_documentroot_below" %]
      <Directory "[% vhost.documentroot %]">
        AllowOverride All
      </Directory>
    [% ELSIF vhost.optimize_htaccess == "disable_htaccess" %]
      <Directory "/">
       AllowOverride None
      </Directory>
    [% ELSE %]
      <Directory "/">
        AllowOverride All
      </Directory>
    [% END %]
  [% END %]

  <IfModule mod_suphp.c>
    suPHP_UserGroup [% vhost.user %] [% vhost.group %]
  </IfModule>
[% IF phpopenbasedirprotect_enabled && vhost.phpopenbasedirprotect && ( supported.libphp4 || supported.libphp5 ) -%]
  <IfModule concurrent_php.c>
    php4_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
    php5_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/local/lib/php:/tmp"
  </IfModule>
  <IfModule !concurrent_php.c>
    <IfModule mod_php4.c>
      php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
    </IfModule>
    <IfModule mod_php5.c>
      php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule sapi_apache2.c>
      php_admin_value open_basedir "[% vhost.homedir %]:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
    </IfModule>
  </IfModule>
[% END -%]
[% IF vhost.user != 'nobody' -%]
  <IfModule suexec_module>
    <IfModule !mod_ruid2.c>
      SuexecUserGroup [% vhost.user %] [% vhost.group %]
    </IfModule>
  </IfModule>
  <IfModule ruid2_module>
    RMode config
    RUidGid [% vhost.user %] [% vhost.group %]
[% IF jailapache && vhost.jailed -%]
    RDocumentChRoot /home/virtfs/[% vhost.user %] [% vhost.documentroot %]
[% END -%]
  </IfModule>
  <IfModule mpm_itk.c>
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID [% vhost.user %] [% vhost.group %]
  </IfModule>
[% END -%]
[%- IF vhost.secruleengineoff %]
  <IfModule mod_security2.c>
    SecRuleEngine Off
  </IfModule>
[%- END %]
[% IF vhost.hascgi && scriptalias == 1 -%]
  <IfModule alias_module>
    ScriptAlias /cgi-bin/ [% vhost.documentroot %]/cgi-bin/
  </IfModule>
[% END -%]
  <IfModule ssl_module>
    SSLEngine on
    [% IF vhost.sslciphersuite.length %]SSLCipherSuite [% vhost.sslciphersuite %][% END %]
    SSLCertificateFile [% vhost.sslcertificatefile %]
    SSLCertificateKeyFile [% vhost.sslcertificatekeyfile %]
[% IF vhost.sslcacertificatefile -%]
    SSLCACertificateFile [% vhost.sslcacertificatefile %]
[% END -%]
[% IF supported.stapling && !has_ocsp(vhost.sslcertificatefile) -%]
    SSLUseStapling off
[% END -%]
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "[% vhost.documentroot %]/cgi-bin">
      SSLOptions +StdEnvVars
    </Directory>
  </IfModule>
[%- added_include = 0 %]
[%- IF file_test('d', paths.dir_conf_userdata) %]
    [%- IF cachedfglob(paths.dir_conf_userdata _ '/*.conf') %]
        [%- added_include = 1 %]
    Include "[% paths.dir_conf_userdata %]/*.conf"
    [%- END %]
    [%- IF vhost.owner && cachedfglob(paths.dir_conf_userdata _ '/*.owner-' _ vhost.owner) %]
        [%- added_include = 1 %]
    Include "[% paths.dir_conf_userdata %]/*.owner-[% vhost.owner %]"
    [%- END %]
    [%- IF file_test('d', paths.dir_conf_userdata _ '/ssl') %]
        [%- IF cachedfglob(paths.dir_conf_userdata _ '/ssl/*.conf') %]
            [%- added_include = 1 %]
    Include "[% paths.dir_conf_userdata %]/ssl/*.conf"
        [%- END %]
        [%- IF vhost.owner && cachedfglob(paths.dir_conf_userdata _ '/ssl/*.owner-' _ vhost.owner) %]
            [%- added_include = 1 %]
    Include "[% paths.dir_conf_userdata %]/ssl/*.owner-[% vhost.owner %]"
        [%- END %]
        [% SET vhost_include_base = '' %]
        [% FOREACH vhost_include_dir IN [ "$paths.dir_conf_userdata/ssl/$apache_target_version/", "$paths.dir_conf_userdata/ssl/2/" ] %]
            [% IF file_test('d',vhost_include_dir) %]
                [% SET vhost_include_base = vhost_include_dir %]
                [% LAST %]
            [% END %]
        [% END %]
        [%- IF vhost_include_base %]
            [%- IF cachedfglob(vhost_include_base _ '*.conf') %]
                [%- added_include = 1 %]
    Include "[% vhost_include_base %]*.conf"
            [%- END %]
            [%- IF vhost.owner && cachedfglob(vhost_include_base _ '*.owner-' _ vhost.owner) %]
                [%- added_include = 1 %]
    Include "[% vhost_include_base %]*.owner-[% vhost.owner %]"
            [%- END %]
            [%- IF file_test('d',vhost_include_base _ vhost.user) %]
                [%- IF fglob(vhost_include_base _ vhost.user _ '/*.conf') %]
                    [%- added_include = 1 %]
    Include "[% vhost_include_base %][% vhost.user %]/*.conf"
                [%- END %]
                [%- domains_list = vhost.serveralias.split(' ') %]
                [%- domains_list.push(vhost.servername) %]
                [%- FOREACH domain IN domains_list.unique() %]
                    [%- domain = legacy_wildcard_safe(domain) %]
                    [%- IF file_test('d',vhost_include_base _ vhost.user _ '/' _  domain) %]
                        [%- IF fglob(vhost_include_base _ vhost.user _ '/' _ domain _ '/*.conf') %]
                            [%- added_include = 1 %]
    Include "[% vhost_include_base %][% vhost.user %]/[% domain %]/*.conf"
                        [%- END %]
                    [%- END %]
                [%- END %]
            [%- END %]
        [%- END %]
    [%- END %]
[%- END %]
[%- IF vhost.php_fpm %]
    <IfModule proxy_fcgi_module>
        <FilesMatch \.(phtml|php[0-9]*)$>
            SetHandler proxy:unix:[% vhost.php_fpm_socket %]|fcgi://[% wildcard_safe(vhost.servername) %]/
        </FilesMatch>
    </IfModule>
[%- END %]
[%- IF !added_include %]
    [% IF apache_target_version %]
        [%- SET vhost_include_base = paths.dir_conf_userdata _ "/ssl/$apache_target_version/" %]
    [% ELSE %]
        [%- SET vhost_include_base = paths.dir_conf_userdata _ '/ssl/2_4/' %]
    [% END %]
    [%- domain = legacy_wildcard_safe(vhost.servername) %]

    # To customize this VirtualHost use an include file at the following location
    # Include "[% vhost_include_base %][% vhost.user %]/[% domain %]/*.conf"
[%- END %]

[%- IF proxysubdomains && vhost.proxy_subdomains && supported.mod_proxy && supported.mod_rewrite && vhost.proxy_subdomains.size %]
    <IfModule headers_module>
    RequestHeader set X-HTTPS 1
    </IfModule>

    RewriteEngine On
    [%- FOR label__zones = vhost.proxy_subdomains %]
        [%- IF vhost.proxy_subdomains_regexp_ok.${label__zones.key} %]
            RewriteCond %{HTTP_HOST} ^[% label__zones.key %]\.
        [%- ELSE %]
            [%- FOR domain = label__zones.value %]
                RewriteCond %{HTTP_HOST} =[% label__zones.key _ ".$domain" %][% !loop.last && ' [OR]' %]
            [%- END %]
        [%- END %]
        [% proxy_subdomain_redirect_rule(label__zones.key) %]
    [%- END %]
[%- END %]
</VirtualHost>

The "diff" system utility is helpful if you want to compare files to see changes. For example, if you populated a vhost.default.old file with the contents of the previous vhost.default file, you could run a command like this:

diff -u vhost.default.old vhost.default

Thank you.

 

[linux4me2]

I got the message this morning too, for both:

• ssl_vhost.local
• vhost.local

The .local template overrides dated back to 08/2016, and I never changed them. I did a comparison of the files, and the new versions included some sections for mod_passenger that of course weren't in the old .local files. I couldn't make any sense of the other differences, which all seem to deal with open_basedir, which I do have enabled, but I don't need any custom settings for it. After getting no response from my web host's "heroic" support after over an hour, I backed up the .local files, deleted them, then restarted Apache and tested both SSL and non-SSL sites, both versions of PHP I'm using (5.6 and 7), and my global include files. So far, everything works and I don't see any issues.

If anyone else wants to try this gonzo approach, the files are located in /var/cpanel/templates/apache2_4. It just took a few minutes, and if things break, you can always upload the .local files and restart Apache.

 

[celiac101]

The ganzo approach may be necessary, as I am looking for a solution, not en explanation for why I'm being sent the message.

 

[EneTar]

Going to Apache Configuration through WHM I notice this message at the top of the page:

This system has the following Apache override templates installed:

/var/cpanel/templates/apache2_2/ssl_vhost.local
/var/cpanel/templates/apache2_2/vhost.local
/var/cpanel/templates/apache2_4/ssl_vhost.local
/var/cpanel/templates/apache2_4/vhost.local
You must keep any installed override templates up-to-date with upstream changes to cPanel’s template files. Read the release notes before you update to each new major version of cPanel & WHM.

cPanel strongly recommends that you use the “Include Editor” instead of override templates whenever possible.

Should those be there? I haven't manually added those templates

 

[cPanelMichael]

The ganzo approach may be necessary, as I am looking for a solution, not en explanation for why I'm being sent the message.

Hello @celiac101,

It's not possible to tell you the exact changes you need to make, as that would depend on the specific changes you have made to your custom Apache template files. Have you tried using the "diff" command referenced in my last response to compare your local file to the default file?

Should those be there? I haven't manually added those templates

Hi @EneTar,

I moved your post into this thread. The ".local" template files are not automatically populated. Are you sure there are no third-party plugins that are using those files to modify the default Apache template files? If so, you can backup and remove the ".local" files to ensure Apache uses the default templates.

Thank you.

 

[KenCope]

Hi, I wonder if you can help me please?
I've received the following:

The system detected that one or more templates were updated as a result of a change in the EasyApache 4 environment.

The following “.default” template has changed in a recent update in the EasyApache 4 environment. ea4_main.default We identified corresponding “.local” template for the above mentioned “.default” template on your system. Update them as soon as possible to avoid problems.

I am running CloudLinux and LiteSpeed on my VPS so not running EasyApache4 and wondered if the .local template would have been created as part of moving from EasyApache4 to LiteSpeed? In any case how do I update the .local template to the .default template?

I really need a "step 1 do this, step 2 do that, step 3 do this" response if possible because I can SSH into the server but am new and need to understand what is happening rather than crash my system. Thanks

 

[cPanelMichael]

Hello @KenCope,

Can you share the output from the command below using CODE tags?

ls -al /var/cpanel/templates/apache2_4/

Thank you.

 

[KenCope]

Sorry for the late reply.


drwxr-xr-x 2 root root 4096 Aug 28 05:55 ./
drwxr-xr-x 8 root root 4096 Feb 25 2019 ../
-rw-r--r-- 1 root root 200 Aug 28 05:57 000-local_template_check.json
-rw-r----- 1 root root 39500 Aug 21 22:11 ea4_main.default
-rw-rw---- 1 root root 39318 Jan 10 2019 ea4_main.local
-rw-r----- 1 root root 39318 Jan 10 2019 ea4_main.local.i360bak
-rw-r--r-- 1 root root 24518 Aug 12 2017 main.default
-rw-r----- 1 root root 9975 Aug 21 22:11 ssl_vhost.default
-rw-r----- 1 root root 7938 Aug 21 22:11 vhost.default


 

[rarod]

Hi, I wonder if you can help me please?
I've received the following:

The system detected that one or more templates were updated as a result of a change in the EasyApache 4 environment.

The following “.default” template has changed in a recent update in the EasyApache 4 environment. ea4_main.default We identified corresponding “.local” template for the above mentioned “.default” template on your system. Update them as soon as possible to avoid problems.

I am running CloudLinux and LiteSpeed on my VPS so not running EasyApache4 and wondered if the .local template would have been created as part of moving from EasyApache4 to LiteSpeed? In any case how do I update the .local template to the .default template?

I really need a "step 1 do this, step 2 do that, step 3 do this" response if possible because I can SSH into the server but am new and need to understand what is happening rather than crash my system. Thanks

I got the same email after I run "yum update". @cPanelMichael:

drwxr-xr-x 2 root root  4096 sep  4 09:59 .
drwxr-xr-x 9 root root  4096 mar  4  2019 ..
-rw-r--r-- 1 root root   200 sep  4 10:00 000-local_template_check.json
-rw-r----- 1 root root 39500 ago 20 19:15 ea4_main.default
-rw-r----- 1 root root 27426 jun 26  2017 ea4_main.local
-rw-r--r-- 1 root root 24441 nov  2  2016 main.default
-rw-r----- 1 root root  9975 ago 20 19:15 ssl_vhost.default
-rw-r----- 1 root root  7938 ago 20 19:15 vhost.default

What does this mean?

 

[cPanelMichael]

I am running CloudLinux and LiteSpeed on my VPS so not running EasyApache4 and wondered if the .local template would have been created as part of moving from EasyApache4 to LiteSpeed? In any case how do I update the .local template to the .default template?

drwxr-xr-x 2 root root  4096 Aug 28 05:55 ./
drwxr-xr-x 8 root root  4096 Feb 25  2019 ../
-rw-r--r-- 1 root root   200 Aug 28 05:57 000-local_template_check.json
-rw-r----- 1 root root 39500 Aug 21 22:11 ea4_main.default
-rw-rw---- 1 root root 39318 Jan 10  2019 ea4_main.local
-rw-r----- 1 root root 39318 Jan 10  2019 ea4_main.local.i360bak
-rw-r--r-- 1 root root 24518 Aug 12  2017 main.default
-rw-r----- 1 root root  9975 Aug 21 22:11 ssl_vhost.default
-rw-r----- 1 root root  7938 Aug 21 22:11 vhost.default

Hello @KenCope,

Here's the output I see on a test system running cPanel & WHM on CloudLinux with LiteSpeed (enabled through WHM >> Plugins >> LiteSpeed Web Server):

#  ls /var/cpanel/templates/apache2_4/
000-local_template_check.json
ea4_main.default
ssl_vhost.default
vhost.default

This suggests the ea4_main.local file on your server is not required. However, before removing it, feel free to post the contents of the /var/cpanel/templates/apache2_4/ea4_main.local file in CODE tags on this thread so we can see what's included.

Thank you.

 

[KenCope]

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   DO NOT EDIT. AUTOMATICALLY GENERATED.  USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
#   Direct modifications to the Apache configuration file WILL be lost upon subsequent
#   regeneration of this configuration file, or an Apache update.
#
#   To have your modifications retained, you should create/edit administrator-specific
#   include files:
#
#       [% paths.dir_conf_includes %]/pre_main_global.conf
#       [% paths.dir_conf_includes %]/pre_virtualhost_global.conf
#       [% paths.dir_conf_includes %]/post_virtualhost_global.conf
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

##################################################
##################################################
#
# cPanel & WHM controlled Apache configuration
#
##################################################
##################################################

[%# NOTE: The IF variable.exists() method used throughout this template is to deal with
    migration from ea3 to ea4.  This should allow pre-existing distillation of variables
    when the user was on EA3 but didn't use the WHM interfaces to update their httpd.conf.
    The ELSE clause is there to ensure a default is placed into the configuration regardless
    of previous distillations and will attempt to use the WHM settings where possible.

    Ideally speaking, the user shouldn't be using previously distilled information since
    we're moving towards a solution where httpd.conf isn't a database.  However, we're not
    there yet, so the exists() method is used to ensure easier migration.
-%]
Include "[% paths.dir_base %]/conf.modules.d/*.conf"

# Administrator locations for safely altering httpd.conf
[% IF file_test('f', paths.dir_conf_includes _ '/pre_main_global.conf') -%]
Include "[% paths.dir_conf_includes %]/pre_main_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/pre_main_global.conf" if you want to customize httpd.conf.
[% END -%]

# These are hard-coded values that are required by cPanel & WHM
PidFile [% paths.dir_run %]/httpd.pid
User nobody
Group nobody
ExtendedStatus [% IF main.exists('extendedstatus') %][% main.extendedstatus.item.extendedstatus %][% ELSE %]Off[% END %]
LogLevel [% IF main.exists('loglevel') %][% main.loglevel.item.loglevel %][% ELSE %]warn[% END %]
[%- IF main.exists('symlink_protect') %]
SymlinkProtect [% main.symlink_protect.item.symlink_protect %]
SymlinkProtectRoot [% paths.dir_docroot %]
[% END -%]

# You can change this by using WHM, and navigating to the 'Basic WebHost Manager® Setup' -> 'Contact Information' interface.
ServerAdmin [% serveradmin %]

# You can change this by using WHM, and navigating to the 'Networking Setup' => 'Change Hostname' interface.
ServerName [% wildcard_safe(main.servername.item.servername) %]

# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Global Configuration' interface.
[% IF main.exists('traceenable') %]TraceEnable [% main.traceenable.item.traceenable %][% END %]
[% IF main.exists('serversignature') %]ServerSignature [% main.serversignature.item.serversignature %][% END %]
[% IF main.exists('servertokens') %]ServerTokens [% main.servertokens.item.servertokens %][% END %]
[% IF main.exists('fileetag') %]FileETag [% main.fileetag.item.fileetag %][% END %]

<Directory "/">
    [% IF main.exists('optimize_htaccess') && main.optimize_htaccess.item.optimize_htaccess && main.optimize_htaccess.item.optimize_htaccess != "search_full_path" %]
      AllowOverride None
    [% ELSE %]
      AllowOverride All
    [% END %]
    Options [% main.directory.options.item.options %]
</Directory>

[% IF main.exists('startservers') %]StartServers [% main.startservers.item.startservers %][% END %]
<IfModule prefork.c>
    [% IF main.exists('minspareservers') %]MinSpareServers [% main.minspareservers.item.minspareservers %][% END %]
    [% IF main.exists('maxspareservers') %]MaxSpareServers [% main.maxspareservers.item.maxspareservers %][% END %]
</IfModule>

[% IF main.exists('serverlimit') %]ServerLimit [% main.serverlimit.item.serverlimit %][% END %]
[% IF main.exists('maxclients') %]MaxRequestWorkers [% main.maxclients.item.maxclients %][% END %]
[% IF main.exists('maxrequestsperchild') %]MaxConnectionsPerChild [% main.maxrequestsperchild.item.maxrequestsperchild %][% END %]
[% IF main.exists('keepalive') %]KeepAlive [% main.keepalive.item.keepalive %][% END %]
[% IF main.exists('keepalivetimeout') %]KeepAliveTimeout [% main.keepalivetimeout.item.keepalivetimeout %][% END %]
[% IF main.exists('maxkeepaliverequests') %]MaxKeepAliveRequests [% main.maxkeepaliverequests.item.maxkeepaliverequests || 0 %][% END %]
[% IF main.exists('timeout') %]Timeout [% main.timeout.item.timeout %][% END %]


[% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%]
<IfModule rewrite_module>
# Global DCV Exclude - Rewrites
RewriteEngine on
[% FOR pattern = dcv_rewrite_patterns -%]
RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %]
[% END -%]
[% IF all_possible_proxy_subdomains_regex %]
# Exclude proxy subdomains as we need rewrites to capture the DCV requests
RewriteCond %{HTTP_HOST} !^(?:[% all_possible_proxy_subdomains_regex %])\.
[% END -%]
RewriteRule ^ - [END]
</IfModule>
[% SET dcv_location_regex = '(' _ dcv_rewrite_patterns.join('|') _ ')';  %]
<LocationMatch "[%- dcv_location_regex -%]">
# Global DCV Exclude - Location
Satisfy Any
Order Allow,Deny
Allow from all
</LocationMatch>
[% END %]


# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'DirectoryIndex Priority' interface.
<IfModule dir_module>
    DirectoryIndex [% main.directoryindex.item.directoryindex %]
</IfModule>

# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Memory Usage Restrictions' interface.
[%# NOTE: The maxrlimit* settings are currently hard-coded to off in WHM -%]
[% IF main.rlimitcpu.item.softrlimitcpu -%]
RLimitCPU [% main.rlimitcpu.item.softrlimitcpu %] [% mainrlimitcpu.item.maxrlimitcpu %]
[% END -%]
[% IF main.rlimitmem.item.softrlimitmem -%]
RLimitMEM [% main.rlimitmem.item.softrlimitmem %] [% mainrlimitmem.item.maxrlimitmem %]
[% END -%]

# This setting is required by cPanel & WHM in order to provide access to a default webpage when none exists
<Directory "[% paths.dir_docroot %]">
    Options All
    AllowOverride None
    Require all granted
</Directory>

# Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files
<FilesMatch "^(\.ht(access|passwds?)|\.user\.ini|php\.ini)$">
    Require all denied
</FilesMatch>

<IfModule alias_module>
    ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
    ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
    ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
    ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi
[% IF autodiscover_proxy_subdomains -%]
    ScriptAliasMatch ^/Autodiscover/Autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi
    ScriptAliasMatch ^/autodiscover/autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi
[% END -%]

    Alias /bandwidth /usr/local/bandmin/htdocs/
    Alias /img-sys /usr/local/cpanel/img-sys/
    Alias /java-sys /usr/local/cpanel/java-sys/
    Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
    Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
    Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/

    ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/
    ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/
    [% IF file_test('f', '/usr/local/cpanel/cgi-sys/scgiwrap') %]ScriptAlias /scgi-bin /usr/local/cpanel/cgi-sys/scgiwrap[% END %]
</IfModule>

# This can be configured in the cPanel 'Leech Protection' interface.
[% IF file_test('f', '/usr/local/cpanel/bin/leechprotect') -%]
<IfModule rewrite_module>
    RewriteEngine on
    RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
    Mutex file:[% paths.dir_run %] rewrite-map
</IfModule>
[% END -%]

<IfModule mime_module>
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddType application/x-tar .tgz
    AddType text/vnd.wap.wml .wml
    AddType image/vnd.wap.wbmp .wbmp
    AddType text/vnd.wap.wmlscript .wmls
    AddType application/vnd.wap.wmlc .wmlc
    AddType application/vnd.wap.wmlscriptc .wmlsc

    # These extensions are used to redirect incoming requests to WHM
    AddHandler cgi-script .cgi .pl .plx .ppl .perl

    # This is used for custom error documents
    AddHandler server-parsed .shtml
</IfModule>

# You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option.
<IfModule status_module>
    # This is used by the WHM 'Apache Status' application
    <Location /whm-server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
[%  IF options_support.APR_HAVE_IPV6 -%]
        Allow from 127.0.0.1 ::1
[%  ELSE -%]
        Allow from 127.0.0.1
[%  END -%]
        <IfModule security2_module>
            SecRuleEngine Off
        </IfModule>
    </Location>

[%  IF serve_server_status -%]
    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from [% allow_server_info_status_from %]
    </Location>
[%  END -%]
</IfModule>

# Required cPanel security policy: disable userdir when mod_ruid2 or mpm_itk or mod_passenger are loaded
<IfModule userdir_module>
    UserDir public_html

    <IfModule ruid2_module>
        UserDir disabled
    </IfModule>
    <IfModule mpm_itk.c>
        UserDir disabled
    </IfModule>
    <IfModule mod_passenger.c>
        UserDir disabled
    </IfModule>
</IfModule>

[% IF enable_piped_logs -%]
<IfModule mod_log_config.c>
    LogFormat "%v:%p [% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combinedvhost
    <IfModule logio_module>
        LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
    </IfModule>
    LogFormat "%v:%p [% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combined
    LogFormat "%v:%p [% IF main.exists('logformat_common') %][% main.logformat_common.item.logformat_common %][% ELSE %]%a %l %u %t \"%r\" %>s %b[% END %]" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent

    [%- SET splitlogsextra = '' -%]
    [%- TRY -%]
        [%- SET splitlogsconf = load_conf('/var/cpanel/conf/splitlogs.conf') -%]
        [%- IF splitlogsconf.maxopen.length %][% splitlogsextra = splitlogsextra _ " --maxopen=" _ splitlogsconf.maxopen %][% END -%]
        [%- IF splitlogsconf.buffer.length %][% splitlogsextra = splitlogsextra _ " --buffer=" _ splitlogsconf.buffer %][% END -%]
        [%- IF splitlogsconf.sslport.length %]
            [% splitlogsextra = splitlogsextra _ " --sslport=" _ splitlogsconf.sslport %]
        [%- ELSIF configured.main_port_ssl.length && configured.main_port_ssl != '443' %]
            [% splitlogsextra = splitlogsextra _ " --sslport=" _ configured.main_port_ssl %]
        [% END -%]
    [%- CATCH -%]
        [%# noop but catch is required or it dies %]
    [%- END -%]
    <IfModule logio_module>
        CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=[% paths.dir_domlogs %] --main=[% wildcard_safe(servername) %] --suffix=-bytes_log[% splitlogsextra %]" bytesvhost
    </IfModule>
    CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=[% paths.dir_domlogs %] --main=[% wildcard_safe(servername) %] --mainout=[% paths.file_access_log %][% splitlogsextra %]" combinedvhost
</IfModule>
[% ELSE %]
<IfModule log_config_module>
[% IF main.exists('logformat_combined') || main.exists('logformat_common') %]
    LogFormat "[% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combined
    LogFormat "[% IF main.exists('logformat_common') %][% main.logformat_common.item.logformat_common %][% ELSE %]%a %l %u %t \"%r\" %>s %b[% END %]" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
[%  ELSIF main.ifmodulemodlogconfigc.logformat.items.length -%]
[%      FOREACH dir IN main.ifmodulemodlogconfigc.logformat.items -%]
    LogFormat [% dir.logformat %]
[%      END -%]
[%  ELSE -%]
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    # NOTE: "combined" and "common" are required by WHM
    LogFormat "%a %l %u %t \"%r\" %>s %b" common
    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[%  END -%]

    # access_log format can be set in WHM under 'Basic WebHost Manager® Setup'
[%  IF main.ifmodulemodlogconfigc.customlog.items.length -%]
[%      FOREACH dir IN main.ifmodulemodlogconfigc.customlog.items -%]
    CustomLog [% dir.target %] [% dir.format %]
[%      END -%]
[%  ELSE -%]
    CustomLog logs/access_log [% logstyle %]
[%  END -%]
</IfModule>
[% END %]

[%  IF configured.ip_listen -%]
# The Listen port can be updated using 'Tweak Settings' -> 'System',
# However, if you have any Apache Reserved IPs, then this Tweak setting will
# be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
# will be listed here.
[%      FOREACH ip IN configured.ip_listen -%]
Listen [% ip %]:[% configured.main_port %]
[%      END -%]
[%  ELSE -%]
# WARNING: This is the default value assigned during installation, and should
#          be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache non-SSL IP/port')
Listen [% default_apache_port %]
[%  END -%]

<IfModule ssl_module>
    # cipher and protocol directives can be set in WHM under 'Apache Configuration' -> 'Global Configuration'
[%  IF main.sslciphersuite.item.sslciphersuite.length %]    SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %]
[%  IF main.sslprotocol.item.sslprotocol.length %]    SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]
    SSLPassPhraseDialog  builtin

    <IfModule socache_shmcb_module>
[%      IF supported.stapling -%]
        SSLUseStapling on
        SSLStaplingCache shmcb:[% paths.dir_run %]/stapling_cache_shmcb(256000)

        # Prevent browsers from failing if an OCSP server is temporarily broken.
        SSLStaplingReturnResponderErrors off
        SSLStaplingErrorCacheTimeout 60
        SSLStaplingFakeTryLater off
        SSLStaplingResponderTimeout 3
[%      END -%]
        SSLSessionCache shmcb:[% paths.dir_run %]/ssl_gcache_data_shmcb(1024000)
    </IfModule>
    <IfModule !socache_shmcb_module>
        SSLSessionCache dbm:[% paths.dir_run %]/ssl_gcache_data_dbm
    </IfModule>

    SSLSessionCacheTimeout  300
    Mutex                   file:[% paths.dir_run %] ssl-cache
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin

[%  IF configured.ip_listen_ssl -%]
    # The Listen port can be updated using 'Tweak Settings' -> 'System',
    # However, if you have any Apache Reserved IPs, then this Tweak setting will
    # be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
    # will be listed here.
[%     FOREACH ip IN configured.ip_listen_ssl -%]
    Listen [% ip %]:[% configured.main_port_ssl %]
[%     END -%]
[%  ELSE -%]
    # WARNING: This is the default value assigned during installation, and should
    #          be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache SSL port')
    Listen [% default_apache_ssl_port %]
[%  END -%]

    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
</IfModule>

Include "[% paths.dir_conf %]/*.conf"

[% IF file_test('f', paths.dir_conf_includes _ '/account_suspensions.conf') -%]
Include "[% paths.dir_conf_includes %]/account_suspensions.conf"
[% END -%]
[% IF file_test('f', paths.dir_conf_includes _ '/errordocument.conf') -%]
Include "[% paths.dir_conf_includes %]/errordocument.conf"
[% END -%]

# Administrator locations for safely globally altering all virtualhost configurations
[% IF file_test('f', paths.dir_conf_includes _ '/pre_virtualhost_global.conf') -%]
Include "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf" if you want to customize httpd.conf.
[% END -%]

[% IF proxypass_for_proxysubdomains -%]
ProxyPass /___proxy_subdomain_ws_cpanel  ws://127.0.0.1:2082 max=1 retry=0
ProxyPass /___proxy_subdomain_ws_whm     ws://127.0.0.1:2086 max=1 retry=0
ProxyPass /___proxy_subdomain_ws_webmail ws://127.0.0.1:2095 max=1 retry=0
[% END -%]

[% MACRO websocket_proxies (servername) BLOCK -%]
    [% IF servername.match('^cpanel\\.') -%]
        RewriteCond %{HTTP_HOST} !=[% servername %]
    [% END -%]
    RewriteCond %{HTTP_HOST} ^cpanel\.
    RewriteCond %{HTTP:Upgrade} websocket   [nocase]
    RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]

    [% IF servername.match('^webmail\\.') -%]
        RewriteCond %{HTTP_HOST} !=[% servername %]
    [% END -%]
    RewriteCond %{HTTP_HOST} ^webmail\.
    RewriteCond %{HTTP:Upgrade} websocket   [nocase]
    RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]

    [% IF servername.match('^whm\\.') -%]
        RewriteCond %{HTTP_HOST} !=[% servername %]
    [% END -%]
    RewriteCond %{HTTP_HOST} ^whm\.
    RewriteCond %{HTTP:Upgrade} websocket   [nocase]
    RewriteRule ^/(.*) /___proxy_subdomain_ws_whm/$1 [PT]
[% END -%]

##################################################
##################################################
#
# Define default vhosts for shared IPs
#
##################################################
##################################################

[% FOREACH vh IN sharedips -%]
<VirtualHost [% vh %]>
    ServerName [% wildcard_safe(servername) %]
    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]
[% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%]
    # Global DCV Rewrite Exclude
    <IfModule rewrite_module>
    RewriteOptions Inherit
    </IfModule>
[% END %]

[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
    <Directory "/">
      AllowOverride All
    </Directory>
[% ELSE %]
    <Directory "[% paths.dir_docroot %]">
      AllowOverride All
    </Directory>
[% END %]

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>

[%-     IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
    UserDir disabled
[%-         IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%-         END -%]
[%-     END %]
</VirtualHost>

[% END -%]

##################################################
##################################################
#
# Define default vhosts for unbound IPs
#
##################################################
##################################################

<VirtualHost *>
    ServerName [% wildcard_safe(servername) %]
    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]
[% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%]
    # Global DCV Rewrite Exclude
    <IfModule rewrite_module>
    RewriteOptions Inherit
    </IfModule>
[% END %]

[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
    <Directory "/">
      AllowOverride All
    </Directory>
[% ELSE %]
    <Directory "[% paths.dir_docroot %]">
      AllowOverride All
    </Directory>
[% END %]

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>

[%-     IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
    UserDir disabled
[%-         IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%-         END -%]
[%-     END %]
</VirtualHost>

##################################################
##################################################
#
# Define the virtual host configurtion for user domains
#
##################################################
##################################################

# BEGIN: HTTP vhosts list
[%  FOREACH vhost IN vhosts -%]
[%      IF vhost.custom_vhost_template_ap2 != '' -%]
[%          INCLUDE $vhost.custom_vhost_template_ap2 -%]
[%      ELSE -%]
[%          INCLUDE $includes.vhost -%]
[%      END -%]
[%  END -%]
# END: HTTP vhosts list

# BEGIN: HTTPS vhosts list
[% FOREACH vhost IN ssl_vhosts -%]
[%     IF vhost.custom_vhost_template_ap2 != '' -%]
[%         INCLUDE $vhost.custom_vhost_template_ap2 -%]
[%     ELSE -%]
[%         INCLUDE $includes.ssl_vhost -%]
[%     END -%]
[% END -%]
# END: HTTPS vhosts list

##################################################
##################################################
#
# Define the main cPanel & WHM proxy subdomains
#
##################################################
##################################################

[% ips_in_use.push("127.0.0.1") -%]
[% SET copy_of_ips_in_use = ips_in_use.slice(0) -%]
[% WHILE (ip_block = copy_of_ips_in_use.splice(0, 50)) AND ip_block.size -%]
[%      IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%]

[%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%]
# [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %]
<VirtualHost[% FOREACH server_ip IN ip_block -%] [% "${server_ip}:${configured.main_port}" %][% END -%]>
    ServerName proxy-subdomains-vhost.localhost
[%          IF autodiscover_proxy_subdomains -%]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.*
[%          ELSE -%]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
[%          END -%]

    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>
    <Proxy "*">
        <IfModule security2_module>
            SecRuleEngine Off
        </IfModule>
    </Proxy>

[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
    <Directory "/">
      AllowOverride All
    </Directory>
[% ELSE %]
    <Directory "[% paths.dir_docroot %]">
      AllowOverride All
    </Directory>
[% END %]


[%          IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
    UserDir disabled
[%              IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%              END -%]
[%          END -%]

[%  IF dcv_rewrite_patterns -%]
    ScriptAlias /.cpanel/dcv /usr/local/cpanel/cgi-priv/get_local.cgi
[%  END -%]

    RewriteEngine On

[%  IF dcv_rewrite_patterns -%]
        [% FOR pattern = dcv_rewrite_patterns -%]
            RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %]
        [% END -%]
        RewriteRule ^ /.cpanel/dcv [passthrough]
[%  END -%]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpanel\.
    RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2082/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webmail\.
    RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
    ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2095/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^whm\.
    RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
    ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2086/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webdisk\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
    ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2077/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcalendars\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcontacts\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P]
[% END %]

[%          IF autodiscover_proxy_subdomains %]
    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autodiscover\.
    RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autodiscover.cgi [P]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autoconfig\.
    RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autoconfig.cgi [P]
[%          END %]

    [% IF proxypass_for_proxysubdomains -%]
        [% websocket_proxies(servername) -%]
    [% END %]

    UseCanonicalName Off

    <IfModule security2_module>
        SecRuleEngine On
    </IfModule>
</VirtualHost>
[%      END %]
[% END -%]

[% WHILE (ip_block = ips_in_use.splice(0, 50)) AND ip_block.size -%]
[%      IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%]

[%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%]
# [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %]
<VirtualHost[% FOREACH server_ip IN ip_block -%] [% "${server_ip}:${configured.main_port_ssl}" %][% END -%]>
    ServerName [% wildcard_safe(servername) %]
[%          IF autodiscover_proxy_subdomains %]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.*
[%          ELSE %]
    ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
[%          END %]
    DocumentRoot [% paths.dir_docroot %]
    ServerAdmin [% serveradmin %]

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>
    <Proxy "*">
        <IfModule security2_module>
            SecRuleEngine Off
        </IfModule>
    </Proxy>

[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
    <Directory "/">
      AllowOverride All
    </Directory>
[% ELSE %]
    <Directory "[% paths.dir_docroot %]">
      AllowOverride All
    </Directory>
[% END %]


[%          IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
    UserDir disabled
[%              IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
    UserDir enabled [% defaultvhost.userdirprotect %]
[%              END -%]
[%          END -%]

    RewriteEngine On

    <IfModule ssl_module>
        SSLEngine on

[%         IF !ssl_proxy_to_non_ssl -%]
            SSLProxyEngine On
            SSLProxyVerify none
            # Setting to Off for backwards-compatibility
            # Read for more info: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeercn
            SSLProxyCheckPeerCN Off
            [% IF options_support.split_version.2 >= 5 -%]
                SSLProxyCheckPeerName Off
            [% END -%]
            SSLProxyCheckPeerExpire Off
[%         END -%]

[%          IF file_test('f', '/var/cpanel/ssl/cpanel/mycpanel.pem') -%]
        SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
[%              IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/mycpanel.pem') -%]
        SSLUseStapling Off
[%              END -%]
[%          ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.pem') -%]
        SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem
[%              IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.pem') -%]
        SSLUseStapling Off
[%              END -%]
[%          ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.crt') && file_test('f', '/var/cpanel/ssl/cpanel/cpanel.key') -%]
        SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.crt
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.key
[%              IF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.cab') -%]
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.cab
[%              END -%]
[%              IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.crt') -%]
        SSLUseStapling Off
[%              END -%]
[%          ELSE -%]
        # No service SSL installed for cPanel
[%          END -%]
    </IfModule>

    [% SET proxy_prot = ssl_proxy_to_non_ssl ? 'http' : 'https' %]
    [% SET wsproxy_prot = ssl_proxy_to_non_ssl ? 'ws' : 'wss' %]

    <IfModule headers_module>
    RequestHeader set X-HTTPS 1
    </IfModule>

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpanel\.
    RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2082 : 2083 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webmail\.
    RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
    ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2095 : 2096 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^whm\.
    RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
    ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2086 : 2087 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^webdisk\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
    ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2077 : 2078 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcontacts\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P]
[% END %]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^cpcalendars\.
[% IF proxypass_for_proxysubdomains %]
    RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
    RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P]
[% END %]

[%          IF autodiscover_proxy_subdomains %]
    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autodiscover\.
    RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autodiscover.cgi [P]

    RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
    RewriteCond %{HTTP_HOST} ^autoconfig\.
    RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autoconfig.cgi [P]

[%          END %]

    [% IF proxypass_for_proxysubdomains -%]
        [% websocket_proxies(servername) -%]
    [% END %]

    UseCanonicalName Off

    <IfModule security2_module>
        SecRuleEngine On
    </IfModule>
</VirtualHost>
[%      END -%]
[% END -%]

# Administrator locations for safely altering virtualhost configuration
[% IF file_test('f', paths.dir_conf_includes _ '/post_virtualhost_global.conf') -%]
Include "[% paths.dir_conf_includes %]/post_virtualhost_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/post_virtualhost_global.conf" if you want to customize httpd.conf.
[% END -%]

##################################################
##################################################
#
# Define the Domain Forwarding virtual hosts
#
##################################################
##################################################

[% IF file_test('f', '/var/cpanel/domainfwdip') -%]
<VirtualHost [% domainfwdip %]>
    ServerName [% wildcard_safe(domainfwdip) %]
    ServerAdmin root\@localhost
    DocumentRoot /dev/null
    ScriptAliasMatch .* /usr/local/cpanel/cgi-sys/domainredirect.cgi
</VirtualHost>
[% ELSE -%]
# Domain forwarding is currently disabled.
# You can set this by logging into WHM, and navigating to the 'DNS Functions' => 'Setup/Edit Domain Forwarding' interface.
[% END %]

##################################################
##################################################
#
# Default SSL Hostname Virtual Host
#
##################################################
##################################################

[%- WHILE (vh_block = sharedips.splice(0, 50)) AND vh_block.size -%]
<VirtualHost [% FOREACH vh IN vh_block -%][% parsed_ip(vh) _ ":${configured.main_port_ssl}" %] [% END -%][% IF !sharedips.size %]*:[% configured.main_port_ssl %][% END %]>
    ServerName [% wildcard_safe(servername) %]
    DocumentRoot [% paths.dir_docroot %]

    [%- IF serveradmin -%]

    ServerAdmin [% serveradmin %]
    [%- ELSE -%]

    ServerAdmin [email protected][% servername %]
    [%- END -%]

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>

    [%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
    <Directory "/">
        AllowOverride All
    </Directory>
    [% ELSE -%]
    <Directory "[% paths.dir_docroot %]">
        AllowOverride All
    </Directory>
    [%- END -%]

    [%- IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
    UserDir disabled
    [%- IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
    UserDir enabled [% defaultvhost.userdirprotect %]
    [%- END -%]
    [%- END -%]

    <IfModule ssl_module>
        SSLEngine on
        [%- IF file_test('f', '/var/cpanel/ssl/cpanel/mycpanel.pem') -%]

        SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
        [%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/mycpanel.pem') -%]

        SSLUseStapling Off
        [%- END -%]
        [%- ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.pem') -%]

        SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem
        SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem
        [%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.pem') -%]

        SSLUseStapling Off
        [%- END -%]
        [%- ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.crt') && file_test('f', '/var/cpanel/ssl/cpanel/cpanel.key') -%]

        SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.crt
        SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.key
        [%- IF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.cab') -%]

        SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.cab
        [%- END -%]
        [%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.crt') -%]

        SSLUseStapling Off
        [%- END -%]
        [%- ELSE -%]
        # No service SSL installed for cPanel
        [% END -%]

    </IfModule>

    UseCanonicalName Off

    <IfModule security2_module>
        SecRuleEngine On
    </IfModule>
</VirtualHost>
[% END -%]

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   DO NOT EDIT. AUTOMATICALLY GENERATED.  USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

I also have a file called ea4_main.local.i360bak (I'm also running Imunify360 on my VPS) that is dated and time stamped the same - 10/01/2019 13:39:38. My ea4_default is dated 21/08/2019 and time stamped 22:11:03 if this is of any help.

Thanks for your help.