diff --git a/roles/copr/frontend-cloud/templates/httpd/coprs.conf b/roles/copr/frontend-cloud/templates/httpd/coprs.conf
index 11679fee44..6911d5158a 100644
--- a/roles/copr/frontend-cloud/templates/httpd/coprs.conf
+++ b/roles/copr/frontend-cloud/templates/httpd/coprs.conf
@@ -9,33 +9,38 @@ WSGIDaemonProcess stats user=copr-fe group=copr-fe threads=15 display-name=stats
WSGIDaemonProcess tmp user=copr-fe group=copr-fe threads=15 display-name=tmp maximum-requests=8000 graceful-timeout=20
WSGIDaemonProcess repo user=copr-fe group=copr-fe threads=15 display-name=repo maximum-requests=8000 graceful-timeout=20
WSGIDaemonProcess packages user=copr-fe group=copr-fe processes=1 threads=6 maximum-requests=100 display-name=packages graceful-timeout=20
-WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
+
+WSGIApplicationGroup %{GLOBAL}
- ServerName copr.fedorainfracloud.org
- ServerAlias copr-fe.cloud.fedoraproject.org
- WSGIPassAuthorization On
+ ServerName {{ copr_frontend_public_hostname }}
+ ServerAlias copr-fe{% if devel %}-dev{% endif %}.cloud.fedoraproject.org
+ # We don't strictly enforce https (only HSTS) for python-processed content.
+ # This is still useful at least for *.repo URLs. But, that's why we still
+ # configure port 80 here.
+ WSGIPassAuthorization On
WSGIProcessGroup 127.0.0.1
-
- #ErrorLog logs/error_coprs
- #CustomLog logs/access_coprs common
-
- WSGIApplicationGroup %{GLOBAL}
- Require all granted
+ Require all granted
{% if letsencrypt is defined %}
+ # For ansible.git roles/copr/certbot role. Needs to run on port 80.
RewriteEngine on
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
- RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
{% endif %}
+ ServerName {{ copr_frontend_public_hostname }}
+{% if not devel %}
+ ServerAlias copr.fedoraproject.org
+ Redirect 302 / https://copr.fedorainfracloud.org/
+{% endif %}
+
SSLEngine on
SSLProtocol {{ ssl_protocols }}
# Use secure TLSv1.1 and TLSv1.2 ciphers
@@ -43,25 +48,17 @@ WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
SSLHonorCipherOrder on
Header always add Strict-Transport-Security "max-age=31536000; preload"
- {% if not devel %}
- SSLCertificateFile /etc/pki/tls/certs/copr.fedorainfracloud.org.crt
- SSLCertificateKeyFile /etc/pki/tls/private/copr.fedorainfracloud.org.key
+{% if not devel %}
+ SSLCertificateFile /etc/pki/tls/certs/copr.fedorainfracloud.org.crt
+ SSLCertificateKeyFile /etc/pki/tls/private/copr.fedorainfracloud.org.key
SSLCertificateChainFile /etc/pki/tls/certs/copr.fedorainfracloud.org.intermediate.crt
- {% else %}
- SSLCertificateFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/privkey.pem
+{% else %}
+ SSLCertificateFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/fullchain.pem
- {% endif %}
-
- ServerName {{ copr_frontend_public_hostname }}
-
- {% if not devel %}
- ServerAlias copr.fedoraproject.org
- Redirect 302 / https://copr.fedorainfracloud.org/
- {% endif %}
+{% endif %}
WSGIPassAuthorization On
- WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
WSGIProcessGroup 127.0.0.1
@@ -87,11 +84,7 @@ WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
- #ErrorLog logs/error_coprs
- #CustomLog logs/access_coprs common
-
- WSGIApplicationGroup %{GLOBAL}
Require all granted
@@ -105,19 +98,20 @@ WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
-ExtendedStatus On
-
-
- SetHandler server-status
- Require all denied
- Require host localhost .redhat.com
-
+ ExtendedStatus On
+
+ SetHandler server-status
+ Require all denied
+ Require host localhost .redhat.com
+
StartServers 8
MinSpareServers 8
- MaxSpareServers 20
- MaxClients 50
+ MaxSpareServers 20
+ MaxClients 50
MaxRequestsPerChild 10000
+
+# vim: ft=apache