ServerTokens Prod
ServerSignature Off
TraceEnable Off
PidFile run/httpd.pid
ServerRoot "/etc/httpd"
ServerName "localhost.localdomain"

User apache
Group apache

Listen 8775

TypesConfig /etc/mime.types

Include conf.modules.d/*.conf
## TODO: fix default ssl.conf to comment not available tls certs. Than we can remove this condition
Include conf.d/*.conf

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
ErrorLog /dev/stderr
TransferLog /dev/stdout
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
## set default apache log level to info from warning
LogLevel info

<VirtualHost *:8775>
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded

  ServerName nova-metadata.openstack.svc
  TimeOut 60

  ErrorLog /dev/stdout
  CustomLog /dev/stdout combined env=!forwarded
  CustomLog /dev/stdout proxy env=forwarded
  ## set nova vhost log level to debug
  LogLevel debug
  SetEnvIf X-Forwarded-Proto https HTTPS=1

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/etc/pki/tls/certs/nova-metadata.crt"
  SSLCertificateKeyFile   "/etc/pki/tls/private/nova-metadata.key"

  ## WSGI configuration
  WSGIProcessGroup nova-metadata
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  ## In general we want nova-metadata to scale via k8s replicas but we need
  ## two processes per replica to always has a room for a healthecheck query
  WSGIDaemonProcess nova-metadata processes=2 threads=1 user=nova group=nova display-name=nova-metadata-api
  WSGIScriptAlias / /usr/bin/nova-metadata-wsgi
</VirtualHost>

Alias /nova-metadata /usr/bin/nova-metadata-wsgi
<Location /nova-metadata>
  SetHandler wsgi-script
  Options +ExecCGI
  WSGIProcessGroup nova-metadata
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
</Location>