ServerTokens Prod
ServerSignature Off
TraceEnable Off
PidFile run/httpd.pid
ServerRoot "/etc/httpd"
ServerName "localhost.localdomain"

User apache
Group apache

Listen 8774

TypesConfig /etc/mime.types

Include conf.modules.d/*.conf
## TODO: fix default ssl.conf to comment not available tls certs. Than we can remove this condition
Include conf.d/*.conf

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
ErrorLog /dev/stderr
TransferLog /dev/stdout
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
## set default apache log level to info from warning
LogLevel info


# internal vhost nova-internal.openstack.svc configuration
<VirtualHost *:8774>
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded

  ServerName nova-internal.openstack.svc
  TimeOut 60

  ## Vhost docroot
  DocumentRoot "/var/www/cgi-bin"

  ## Directories, there should at least be a declaration for /var/www/cgi-bin
  <Directory "/var/www/cgi-bin">
    Options -Indexes +FollowSymLinks +MultiViews
    AllowOverride None
    Require all granted
  </Directory>

  ## Logging
  ErrorLog /dev/stdout
  ServerSignature Off
  CustomLog /dev/stdout combined env=!forwarded
  CustomLog /dev/stdout proxy env=forwarded
  ## set nova vhost log level to debug
  LogLevel debug
  SetEnvIf X-Forwarded-Proto https HTTPS=1

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/etc/pki/tls/certs/internal.crt"
  SSLCertificateKeyFile   "/etc/pki/tls/private/internal.key"

  ## WSGI configuration
  WSGIProcessGroup internal
  #WSGIProcessGroup nova-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  ## In general we want nova-api to scale via k8s replicas but we need
  ## two processes per replica to always has a room for a healthecheck query
  WSGIDaemonProcess internal display-name=internal processes=2 threads=1 user=nova group=nova
  WSGIScriptAlias / "/usr/bin/nova-api-wsgi"
</VirtualHost>

# public vhost nova-public.openstack.svc configuration
<VirtualHost *:8774>
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded

  ServerName nova-public.openstack.svc
  TimeOut 60

  ## Vhost docroot
  DocumentRoot "/var/www/cgi-bin"

  ## Directories, there should at least be a declaration for /var/www/cgi-bin
  <Directory "/var/www/cgi-bin">
    Options -Indexes +FollowSymLinks +MultiViews
    AllowOverride None
    Require all granted
  </Directory>

  ## Logging
  ErrorLog /dev/stdout
  ServerSignature Off
  CustomLog /dev/stdout combined env=!forwarded
  CustomLog /dev/stdout proxy env=forwarded
  ## set nova vhost log level to debug
  LogLevel debug
  SetEnvIf X-Forwarded-Proto https HTTPS=1

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/etc/pki/tls/certs/public.crt"
  SSLCertificateKeyFile   "/etc/pki/tls/private/public.key"

  ## WSGI configuration
  WSGIProcessGroup public
  #WSGIProcessGroup nova-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  ## In general we want nova-api to scale via k8s replicas but we need
  ## two processes per replica to always has a room for a healthecheck query
  WSGIDaemonProcess public display-name=public processes=2 threads=1 user=nova group=nova
  WSGIScriptAlias / "/usr/bin/nova-api-wsgi"
</VirtualHost>


Alias /nova-api /usr/bin/nova-api-wsgi
<Location /nova-api>
  SetHandler wsgi-script
  Options +ExecCGI
  WSGIProcessGroup public
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
</Location>