<VirtualHost *:80>
  ServerName {{ inventory_hostname }}
  ServerAdmin infra-root@openstack.org

  ErrorLog ${APACHE_LOG_DIR}/codesearch-error.log

  LogLevel warn

  CustomLog ${APACHE_LOG_DIR}/codesearch-access.log combined

  Redirect / https://codesearch.opendev.org/

</VirtualHost>

<VirtualHost *:443>
  ServerName {{ inventory_hostname }}
  ServerAdmin webmaster@openstack.org

  RewriteCond %{HTTP_HOST} !^codesearch\.opendev\.org [nocase]
  RewriteRule ^/(.*) https://codesearch.opendev.org/$1 [last,redirect=permanent]

  AllowEncodedSlashes On

  ErrorLog ${APACHE_LOG_DIR}/codesearch-ssl-error.log

  LogLevel warn

  CustomLog ${APACHE_LOG_DIR}/codesearch-ssl-access.log combined

  SSLEngine on
  SSLProtocol All -SSLv2 -SSLv3
  # Note: this list should ensure ciphers that provide forward secrecy
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
  SSLHonorCipherOrder on

  SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
  SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
  SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer

  ProxyPass  / http://localhost:6080/ retry=0
  ProxyPassReverse / http://localhost:6080/

  <Location "/robots.txt">
    ProxyPass !
  </Location>
  <Directory "/var/lib/hound/www">
    Require all granted
  </Directory>
  Alias /robots.txt /var/lib/hound/www/robots.txt
  
</VirtualHost>