Use common-debian-service-https-redirect * security-tracker.debian.org

<VirtualHost *:443>
	ServerAdmin team@security.debian.org
	ServerName security-tracker.debian.org

	Use common-debian-service-ssl security-tracker.debian.org
	Use common-ssl-HSTS
	Use http-pkp-security-tracker.debian.org

	<IfModule mod_userdir.c>
		UserDir disabled
	</IfModule>

	LogLevel warn
	ErrorLog /var/log/apache2/security-tracker.debian.org-error.log
	CustomLog /var/log/apache2/security-tracker.debian.org-access.log privacyssl
	ServerSignature On

	RewriteEngine on
	RewriteRule ^/tracker(?:/|$)			-				[L]
	# The next rule matches favicon.ico, robots.txt etc.
	RewriteRule ^/[^./]+[.][a-z]{3}$ 		-				[L]
	RewriteRule ^/((?:TEMP|CVE)[^/]+)$		/tracker/$1			[R]
	RewriteRule ^/((?:old|un)?stable|testing)$	/tracker/status/release/$1	[R]
	RewriteRule ^/((?:old)?stable-backports)$	/tracker/status/release/$1	[R]
	RewriteRule ^/([a-z0-9.+-]+)$			/tracker/$1			[R]
	RewriteRule ^/+$				/tracker/			[R]

	DocumentRoot /srv/security-tracker.debian.org/htdocs/security-tracker
	<Directory /srv/security-tracker.debian.org/htdocs/security-tracker>
		AllowOverride none
		Options +Indexes
		Require all granted
	</Directory>

	<DirectoryMatch "\.svn" >
		Require all denied
	</DirectoryMatch>

	<Location /tracker/data/json>
		SetOutputFilter DEFLATE
	</Location>

	ProxyRequests off
	ProxyPass /tracker http://localhost:25648/tracker retry=1
	ProxyPassReverse /tracker http://localhost:25648/tracker
</VirtualHost>
# vim: set filetype=apache: