Apache configuration needed

gistfile1.apacheconf

#
# Currently we have a webshop running that is forced to SSL using
# 301 redirects. There are no exceptions, everything goes through
# SSL.
#
# What we need is a vhost setup (not .htaccess) that allows images
# (/img/*) to be called with and without SSL. So without the
# redirects. Everything else MUST be redirected to HTTPS.
#
# Please note that it MUST always redirect to the www subdomain.
#
# The project is based on CakePHP 1.3. This means there are some
# rewrite rules in the .htaccess that must remain. You'll find
# these rules below.
#
# Basically what these rules do is check whether a file exists and
# if not rewrite the request to index.php?url=img/img.jpg. The
# index.php isn't in the URL though.
#
# We rely on this logic, so it can't be removed. It can happen
# images don't exist at first. The request is then routed to
# PHP, where we generate the image, save it to the disk and
# output it.
#
# It is hosted on a server with DirectAdmin. Even though we
# can add lines to the vhosts, we can't target a particular
# one. When we add rewrite rules they will end up in both
# the vhost for port 80 and 443.
#

#
# CakePHP 1.3's default .htaccess
# Source: https://github.com/cakephp/cakephp/blob/1.3/app/webroot/.htaccess
#

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>

#
# Our current vhost configuration (generated by DirectAdmin):
#

<VirtualHost 127.0.0.1:80 >
	RewriteEngine On
	RewriteCond %{HTTP_HOST} !^www\.
	RewriteRule ^(.*)$ https://www.%{HTTP_HOST}$1 [R=301,L]
	RewriteCond %{HTTPS} off
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
	ServerName www.example.com
	ServerAlias www.example.com example.com 
	ServerAdmin webmaster@example.com
	DocumentRoot /home/example/domains/example.com/public_html/app/webroot
	UseCanonicalName OFF
	<IfModule !mod_ruid2.c>
		SuexecUserGroup example example
	</IfModule>
	<IfModule mod_ruid2.c>
		RMode config
		RUidGid example example
		#RGroups apache access
		RGroups @none
	</IfModule>
	CustomLog /var/log/httpd/domains/example.com.bytes bytes
	CustomLog /var/log/httpd/domains/example.com.log combined
	ErrorLog /var/log/httpd/domains/example.com.error.log
	<Directory /home/example/domains/example.com/public_html/app/webroot>
		AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,Includes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None
		Options -ExecCGI
		php_admin_flag safe_mode OFF
		php_admin_flag engine ON
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f example@example.com'
		php_admin_value mail.log /home/example/.php/php-mail.log
		php_admin_value open_basedir /home/example/:/tmp:/var/tmp:/usr/local/lib/php/
	</Directory>
</VirtualHost>

<VirtualHost 127.0.0.1:443 >
	RewriteEngine On
	RewriteCond %{HTTP_HOST} !^www\.
	RewriteRule ^(.*)$ https://www.%{HTTP_HOST}$1 [R=301,L]
	RewriteCond %{HTTPS} off
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
	SSLEngine on
	SSLCertificateFile /usr/local/directadmin/data/users/example/domains/example.com.cert
	SSLCertificateKeyFile /usr/local/directadmin/data/users/example/domains/example.com.key
	SSLCACertificateFile /usr/local/directadmin/data/users/example/domains/example.com.cacert
	ServerName www.example.com
	ServerAlias www.example.com example.com 
	ServerAdmin webmaster@example.com
	DocumentRoot /home/example/domains/example.com/public_html/app/webroot
	UseCanonicalName OFF
	<IfModule !mod_ruid2.c>
		SuexecUserGroup example example
	</IfModule>
	<IfModule mod_ruid2.c>
		RMode config
		RUidGid example example
		#RGroups apache access
		RGroups @none
	</IfModule>
	CustomLog /var/log/httpd/domains/example.com.bytes bytes
	CustomLog /var/log/httpd/domains/example.com.log combined
	ErrorLog /var/log/httpd/domains/example.com.error.log
	<Directory /home/example/domains/example.com/public_html/app/webroot>
		AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,Includes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None
		Options -ExecCGI
		php_admin_flag safe_mode OFF
		php_admin_flag engine ON
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f example@example.com'
		php_admin_value mail.log /home/example/.php/php-mail.log
		php_admin_value open_basedir /home/example/:/tmp:/var/tmp:/usr/local/lib/php/
	</Directory>
</VirtualHost>

Here are my 2cts from a vhost working in production (Drupal, not Cake though)

RewriteCond %{HTTPS} !=on 
# RewriteCond %{HTTP:X-Forwarded-Proto} !https for some hosts
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]