# {{ ansible_managed }}

{% set threads = ansible_processor_vcpus // 2 %}

<VirtualHost *:80>
    ServerName {{ horizon_server_name }}
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName {{ horizon_server_name }}

    LogLevel  {{ horizon_log_level }}
    ErrorLog  /var/log/horizon/horizon-error.log
    CustomLog /var/log/horizon/ssl_access.log combined
    Options +FollowSymLinks

    SSLEngine on
    SSLCertificateFile    {{ horizon_ssl_cert }}
    SSLCertificateKeyFile {{ horizon_ssl_key }}
    {% if horizon_user_ssl_ca_cert is defined -%}
    SSLCACertificateFile  {{ horizon_ssl_ca_cert }}
    {% endif -%}
    SSLCompression Off
    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCipherSuite {{ horizon_ssl_cipher_suite }}
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    WSGIScriptAlias / {{ horizon_lib_dir }}/openstack_dashboard/wsgi/django.wsgi
    WSGIDaemonProcess horizon user={{ horizon_system_user_name }} group={{ horizon_system_group_name }} processes={{ ansible_processor_cores }} threads={{ threads if threads > 0 else 1 }}
    WSGIProcessGroup horizon
    WSGIApplicationGroup horizon

    Alias /static {{ horizon_lib_dir }}/static/
    <Directory /usr/local/lib/python2.7/dist-packages/openstack_dashboard/wsgi/>
      <Files django.wsgi>
        Order allow,deny
        allow from all
        Require all granted
      </Files>
    </Directory>

    <Directory {{ horizon_lib_dir }}/static/>
      Options -FollowSymlinks
      AllowOverride None
      Order allow,deny
      allow from all
      Require all granted
    </Directory>
</VirtualHost>