<VirtualHost *:443>
    ServerName ai.succhia.cz

    # Define the load balancer cluster
    <Proxy "balancer://myclusterhantani">
        BalancerMember "http://ai.kowa.localhost:4322" loadfactor=90
        BalancerMember "http://ai.bozz.localhost:4321" loadfactor=10
    </Proxy>

    # Set proxy timeout
    ProxyTimeout 10

    # Proxy settings for the root location
    <Location />
        ProxyPass        balancer://myclusterhantani/
        ProxyPassReverse balancer://myclusterhantani/
    </Location>

    # Conditional SSL configuration
    <If "-f '/etc/letsencrypt/live/ai.succhia.cz/cert.pem'">
        SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/ai.succhia.cz/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/ai.succhia.cz/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/ai.succhia.cz/chain.pem
    </If>

    # Harden SSL by setting HSTS header
    Header set Strict-Transport-Security "max-age=31536000"

    # Optional: Additional SSL security settings
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLHonorCipherOrder on

    # Optional: Enable logging
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName ai.succhia.cz
    Include /etc/apache2/my-includes/redirect-to-https.conf
</VirtualHost>