system-config/playbooks/roles/ptgbot/templates/ptgbot.vhost.config.j2

<VirtualHost *:80>
  ServerName ptg.opendev.org
  ServerAlias ptg.openstack.org
  ServerAlias ptgbot.opendev.org
  ServerAdmin infra-root@openstack.org

  ErrorLog ${APACHE_LOG_DIR}/ptg-error.log

  LogLevel warn

  CustomLog ${APACHE_LOG_DIR}/ptg-access.log combined

  Redirect / https://ptg.opendev.org/

</VirtualHost>

<VirtualHost *:443>
  ServerName ptg.opendev.org
  ServerAlias ptg.openstack.org
  ServerAlias ptgbot.opendev.org
  ServerAdmin infra-root@openstack.org

  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^ptg\.opendev\.org [nocase]
  RewriteRule ^/(.*) https://ptg.opendev.org/$1 [last,redirect=permanent]

  AllowEncodedSlashes On

  ErrorLog ${APACHE_LOG_DIR}/ptg-ssl-error.log

  LogLevel warn

  CustomLog ${APACHE_LOG_DIR}/ptg-ssl-access.log combined

  SSLEngine on
  SSLProtocol All -SSLv2 -SSLv3
  # Note: this list should ensure ciphers that provide forward secrecy
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
  SSLHonorCipherOrder on

  SSLCertificateFile /etc/letsencrypt-certs/ptg.opendev.org/ptg.opendev.org.cer
  SSLCertificateKeyFile /etc/letsencrypt-certs/ptg.opendev.org/ptg.opendev.org.key
  SSLCertificateChainFile /etc/letsencrypt-certs/ptg.opendev.org/ca.cer

  # Enable SHM backend
  CacheSocache shmcb
  # disk fallback
  CacheRoot "/var/cache/apache2/proxy"
  # required to match on rewrites
  CacheQuickHandler off
  # don't pass requests to backend
  CacheIgnoreCacheControl On

  CacheEnable socache /
  CacheEnable disk /

  ProxyPass  / http://localhost:8000/ retry=0
  ProxyPassReverse / http://localhost:8000/

</VirtualHost>