diff --git a/manifests/varnish/vhost.pp b/manifests/varnish/vhost.pp
new file mode 100644
index 0000000..89fbbe6
--- /dev/null
+++ b/manifests/varnish/vhost.pp
@@ -0,0 +1,15 @@
+# Virtual host definition for varnish
+
+define profile::varnish::vhost (
+  String $servername = $title,
+  String $order = '50',
+  Array[String] $aliases = [],
+  String $extra_recv_vcl = '',
+  String $extra_deliver_vcl = '',
+  String $hsts_max_age = undef,
+) {
+  ::profile::varnish::vcl_include {"vhost_${servername}":
+    order   => $order,
+    content => template('profile/varnish/vhost.vcl.erb'),
+  }
+}
diff --git a/templates/varnish/vhost.vcl.erb b/templates/varnish/vhost.vcl.erb
new file mode 100644
index 0000000..246dbe3
--- /dev/null
+++ b/templates/varnish/vhost.vcl.erb
@@ -0,0 +1,40 @@
+# vhost_<%= @servername %>.vcl
+#
+# Settings for the <%= @servername %> vhost
+#
+# File managed by puppet. All modifications will be lost.
+
+import std;
+
+sub vcl_recv {
+    if (
+<% @aliases.each do |alias| %>
+        req.http.host ~ "^(?i)<%= Regexp.escape(alias) %>$" ||
+<% end %>
+        req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>$"
+    ) {
+        if (std.port(server.ip) != <%= scope['::profile::varnish::http_port'] %>) {
+            set req.http.x-redir = "https://" + req.http.host + req.url;
+            return(synth(850, "Moved permanently"));
+        }
+        <%= @extra_recv_vcl %>
+    }
+}
+
+<% if @hsts_max_age or @extra_deliver_vcl %>
+sub vcl_deliver {
+    if (
+<% @aliases.each do |alias| %>
+        req.http.host ~ "^(?i)<%= Regexp.escape(alias) %>$" ||
+<% end %>
+        req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>$"
+    ) {
+<% if @hsts_max_age %>
+        if (std.port(server.ip) != <%= scope['::profile::varnish::http_port'] %>) {
+            set resp.http.Strict-Transport-Security = "max-age=<%= @hsts_max_age %>;";
+        }
+<% end %>
+        <%= @extra_deliver_vcl %>
+    }
+}
+<% end %>
diff --git a/templates/varnish/vhost_redirect_https.vcl.erb b/templates/varnish/vhost_redirect_https.vcl.erb
deleted file mode 100644
index 6bbefa6..0000000
--- a/templates/varnish/vhost_redirect_https.vcl.erb
+++ /dev/null
@@ -1,27 +0,0 @@
-# vhost_<%= @aliases[0] %>_redirect_https.vcl
-#
-# Redirect virtual host to https
-#
-# File managed by puppet. All modifications will be lost.
-
-import std;
-
-sub vcl_recv {
-    if (std.port(server.ip) != <%= scope['::profile::varnish::http_port'] %> && (
-<% @aliases.each do |alias| %>
-        req.http.host ~ "^(?i)<%= Regexp.escape(alias) %>$" ||
-<% end %>
-        false
-    )) {
-        set req.http.x-redir = "https://" + req.http.host + req.url;
-        return(synth(850, "Moved permanently"));
-    }
-}
-
-<% if scope['::profile::varnish::hsts_max_age'] %>
-sub vcl_deliver {
-    if (std.port(server.ip) != <%= scope['::profile::varnish::http_port'] %>) {
-        set resp.http.Strict-Transport-Security = "max-age=<%= scope['::profile::varnish::hsts_max_age'] %>;";
-    }
-}
-<% end -%>