AddType application/font-woff2 .woff2 Use common-debian-service-https-redirect * wafertest.debconf.org WSGIDaemonProcess wafertest \ processes=3 threads=2 \ user=www-data group=www-data maximum-requests=750 umask=0007 display-name=wsgi-wafertest.debconf.org \ python-path=/srv/debconf-web/wafertest.debconf.org/dc18.dc.o/:/srv/debconf-web/wafertest.debconf.org/dc18.dc.o/ve/lib/python3.5/site-packages/ ServerAdmin admin@debconf.org ServerName wafertest.debconf.org ErrorLog /var/log/apache2/wafertest.debconf.org-error.log CustomLog /var/log/apache2/wafertest.debconf.org-access.log combined Use common-debian-service-ssl wafertest.debconf.org Use common-ssl-HSTS Header always set X-Content-Type-Options nosniff Header always set X-XSS-Protection "1; mode=block" # Header always set Access-Control-Allow-Origin: "*" # Debian SSO SSLCACertificateFile /var/lib/dsa/sso/ca.crt SSLCARevocationCheck chain SSLCARevocationFile /var/lib/dsa/sso/ca.crl SSLVerifyClient optional WSGIProcessGroup wafertest WSGIScriptAlias / /srv/debconf-web/wafertest.debconf.org/dc18.dc.o/wsgi.py Require all granted Alias /static/ /srv/debconf-web/wafertest.debconf.org/dc18.dc.o/localstatic/ Alias /favicon.ico /srv/debconf-web/wafertest.debconf.org/dc18.dc.o/localstatic/img/favicon/favicon.ico Require all granted # A little hacky, but it means we won't accidentally catch non-hashed filenames ExpiresActive on ExpiresDefault "access plus 1 year" Alias /media/ /srv/debconf-web/wafertest.debconf.org/dc18.dc.o/media/ Require all granted SSLOptions +StdEnvVars # Allow access if one does not have a valid certificate SSLVerifyClient optional # vim: set ft=apache: