ansible/roles/planet/templates/planet.conf

<VirtualHost *:80>
    ##
    # Domain: fedoraplanet.org
    # Owner: admin@fedoraproject.org
    #
    # fedoraplanet.org only supports plain http because of user generated content
    # to allow HSTS for *.fedoraproject.org it is on a separate domain:
    # https://fedorahosted.org/fedora-infrastructure/ticket/4670
    # https://fedorahosted.org/fedora-infrastructure/ticket/2888
    ServerAdmin admin@fedoraproject.org
    ServerName fedoraplanet.org

    DocumentRoot "/srv/planet/site/"

    ErrorLog logs/planet-error.log
    CustomLog logs/fedoraplanet.org-access.log common
 
    # let certbot get an answer from certgetter01 
    RewriteEngine on
    RewriteRule ^/\.well-known/(.*) "http://fedoraproject.org/\.well-known/$1" [L,R=301,NE]

    UserDir disable
    AddCharset UTF-8 .xml

    <Location /images/>
        ExpiresActive On
        ExpiresDefault "access plus 30 minutes"
    </Location>

    <Location /css/>
        ExpiresActive On
        ExpiresDefault "access plus 30 minutes"
    </Location>

    <Directory "/srv/planet/site/">
      Options Indexes FollowSymLinks
      Require all granted
    </Directory>

    RedirectMatch 301 /favicon\.ico$ https://fedoraproject.org/favicon.ico
    Redirect /ldc http://fedoraldc.wordpress.com/feed/
    Alias /justfedora /srv/planet/site/edited

</VirtualHost>
<VirtualHost *:80>
    ServerAdmin admin@fedoraproject.org
    ServerName planet.fedoraproject.org
    DocumentRoot "/srv/planet/site/"

    ErrorLog logs/planet-error.log
    CustomLog logs/planet.fedoraproject.org-access.log common

    UserDir disable
    AddCharset UTF-8 .xml

    RedirectMatch permanent /(.*) http://fedoraplanet.org/$1

</VirtualHost>
<VirtualHost *:443>
    ##
    # Domain: planet.fedoraproject.org
    # Owner: admin@fedoraproject.org
    #
    ServerAdmin admin@fedoraproject.org
    ServerName planet.fedoraproject.org

    SSLEngine on
    SSLCertificateFile    /etc/pki/tls/certs/planet.fedoraproject.org.cert
    SSLCertificateKeyFile /etc/pki/tls/private/planet.fedoraproject.org.key
    SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2023.fedorapeople.org.intermediate.cert
    SSLHonorCipherOrder On
    SSLProtocol {{ ssl_protocols }}
    SSLCipherSuite {{ ssl_ciphers }}

    DocumentRoot "/srv/planet/site/"

    ErrorLog logs/planet-error.log
    CustomLog logs/planet.fedoraproject.org-access.log common

    UserDir disable
    AddCharset UTF-8 .xml

    RedirectMatch permanent /(.*) http://fedoraplanet.org/$1

</VirtualHost>
<VirtualHost *:443>
    ##
    # Domain: fedoraplanet.org
    # Owner: admin@fedoraplanet.org
    #
    ServerName fedoraplanet.org

    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/fedoraplanet.org.cert
    SSLCertificateKeyFile /etc/pki/tls/private/fedoraplanet.org.key
    SSLCertificateChainFile /etc/pki/tls/certs/fedoraplanet.org.intermediate.cert
    SSLHonorCipherOrder On
    SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
    SSLProtocol ALL -SSLv2

    ServerAdmin admin@fedoraplanet.org
    ServerName fedoraplanet.org

    DocumentRoot "/srv/planet/site/"

    ErrorLog logs/planet-error.log
    CustomLog logs/planet.fedoraproject.org-access.log common

    UserDir disable
    AddCharset UTF-8 .xml

    RedirectMatch permanent /(.*) http://fedoraplanet.org/$1

</VirtualHost>