<Virtualhost *:80>
  ServerName %%fqdn%%
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"

  KeepAlive Off

  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !/cgi-bin/
  RewriteCond %{REQUEST_FILENAME} !/.well-known/acme-challenge/
  RewriteRule ^/(.*)$ https://%%fqdn%%/$1 [R=301,L]

</Virtualhost>
<VirtualHost *:443>
  ServerName %%fqdn%%
  AssignUserId www-data www-data
  SetEnv LOGIN "0000-roundcube"

  DocumentRoot /var/lib/roundcube

  # Access to tinymce files
  <Directory "/usr/share/tinymce/www/">
        Options +Indexes +MultiViews +FollowSymLinks
        AllowOverride None
  	Require all granted
  </Directory>

  <Directory /var/lib/roundcube/>
    Options +FollowSymLinks
    # This is needed to parse /var/lib/roundcube/.htaccess. See its
    # content before setting AllowOverride to None.
    AllowOverride All
    Require all granted
  </Directory>

  # Protecting basic directories:
  <Directory /var/lib/roundcube/config>
    Options -FollowSymLinks
    AllowOverride None
  </Directory>

  <Directory /var/lib/roundcube/temp>
    Options -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
  </Directory>

  <Directory /var/lib/roundcube/logs>
    Options -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
  </Directory>

  Alias /javascript /usr/share/javascript/

  <Directory "/usr/share/javascript/">
        Options +FollowSymLinks +MultiViews
  	Require all granted
  </Directory>

  SSLEngine On
  SSLCertificateFile %%CRT%%
  SSLCertificateKeyFile %%KEY%%
  %%CHAINLINE%%

</VirtualHost>