ServerName zuul.openstack.org ServerAdmin webmaster@openstack.org ErrorLog ${APACHE_LOG_DIR}/zuul-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/zuul-access.log combined Redirect / https://zuul.openstack.org/ ServerName zuul.openstack.org ServerAdmin webmaster@openstack.org AllowEncodedSlashes On ErrorLog ${APACHE_LOG_DIR}/zuul-ssl-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/zuul-ssl-access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.cer SSLCertificateKeyFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.key SSLCertificateChainFile /etc/letsencrypt-certs/zuul.opendev.org/ca.cer BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown RewriteEngine on RewriteRule ^/api/connection/(.*)$ http://127.0.0.1:9000/api/connection/$1 [P,L] RewriteRule ^/api/console-stream ws://127.0.0.1:9000/api/tenant/openstack/console-stream [P,L] RewriteRule ^/api/(.*)$ http://127.0.0.1:9000/api/tenant/openstack/$1 [P,L] RewriteRule ^/(.*)$ http://127.0.0.1:9000/$1 [P,L] AddOutputFilterByType DEFLATE application/json text/css text/javascript application/javascript CacheDefaultExpire 5 # TODO: Should we cache the rest of the API too? CacheEnable mem /api/status CacheEnable mem /static/.* # 80MB max cache size. 10 objects at 8MB max each. MCacheSize 81920 MCacheMaxObjectCount 10 MCacheMinObjectSize 1 # 8MByte max size per cache entry MCacheMaxObjectSize 8388608 MCacheMaxStreamingBuffer 8388608 CacheEnable disk /api/status CacheEnable disk /static/.* CacheRoot /var/cache/apache2/mod_cache_disk CacheMaxFileSize 10000000