ServerName tracing.opendev.org ServerAdmin webmaster@openstack.org ErrorLog ${APACHE_LOG_DIR}/tracing-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/tracing-access.log combined Redirect / https://tracing.opendev.org/ ServerName tracing.opendev.org ServerAdmin webmaster@openstack.org AllowEncodedSlashes On ErrorLog ${APACHE_LOG_DIR}/tracing-ssl-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/tracing-ssl-access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/letsencrypt-certs/tracing.opendev.org/tracing.opendev.org.cer SSLCertificateKeyFile /etc/letsencrypt-certs/tracing.opendev.org/tracing.opendev.org.key SSLCertificateChainFile /etc/letsencrypt-certs/tracing.opendev.org/ca.cer BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown RewriteEngine on # Do not rewrite the /server-status URL (though by default, this # is only accessible from localhost). Connect to it with: # ssh -L 8443:localhost:443 $HOSTNAME # https://localhost:8443/server-status RewriteRule ^/server-status$ /server-status [L] ProxyPass / http://localhost:16686/ retry=0 ProxyPassReverse / http://localhost:16686/ ProxyPreserveHost on RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}