ServerName {{ inventory_hostname }} ServerAdmin infra-root@openstack.org ErrorLog ${APACHE_LOG_DIR}/codesearch-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/codesearch-access.log combined Redirect / https://codesearch.opendev.org/ ServerName {{ inventory_hostname }} ServerAdmin webmaster@openstack.org RewriteCond %{HTTP_HOST} !^codesearch\.opendev\.org [nocase] RewriteRule ^/(.*) https://codesearch.opendev.org/$1 [last,redirect=permanent] AllowEncodedSlashes On ErrorLog ${APACHE_LOG_DIR}/codesearch-ssl-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/codesearch-ssl-access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer ProxyPass / http://localhost:6080/ retry=0 ProxyPassReverse / http://localhost:6080/ ProxyPass ! Require all granted Alias /robots.txt /var/lib/hound/www/robots.txt