## OpenLiteSpeed APPEND fragment — added to the stock httpd_config.conf
## that ships with litespeedtech/openlitespeed. Keeping the stock config
## intact preserves all the cgid/lscgid plumbing (CGIRLimit defaults,
## fileAccessControl defaults, etc.) — when we tried writing a fully
## custom httpd_config.conf, lscgid never created its IPC socket and
## every PHP request 503'd. The upstream OLS docker template uses this
## append pattern too (see setup_docker.sh in litespeedtech/ols-dockerfiles).
##
## Rendered at container start by scripts/create-vhost-litespeed.sh via
## envsubst. Templated vars: $user $domain $vhost_map_aliases.

## --- our listeners (replace stock Default :8088) ---
listener HTTP {
  address                 *:80
  secure                  0
  map                     siteVH *
  ## NB: HTTP→HTTPS redirect is in site-template.tpl's rewrite{} block,
  ## NOT here — OLS 1.8 listener-level rewrites are inert for vhTemplate
  ## members. Don't move it back to this listener.
}

listener HTTPS {
  address                 *:443
  secure                  1
  keyFile                 /usr/local/lsws/conf/cert/self.key
  certFile                /usr/local/lsws/conf/cert/self.crt
  sslProtocol             24
  enableSpdy              15
  enableQuic              0
  map                     siteVH *
}

## --- our vhost via vhTemplate (upstream's working pattern) ---
## The template file is /usr/local/lsws/conf/templates/site.conf — written
## by create-vhost-litespeed.sh at the same time as this fragment.
vhTemplate site {
  templateFile            conf/templates/site.conf
  listeners               HTTP, HTTPS
  note                    cac-litespeed per-customer vhost

  ## vhDomain: customer's domain + serveralias list + `*` catchall so
  ## ip-only requests (e.g. HAProxy backend health check by container_name)
  ## still resolve. WHP/HAProxy filters hostnames upstream — no risk to
  ## allowing the catchall here.
  member siteVH {
    vhDomain              ${domain}${vhost_map_aliases}, *
  }
}