# DO NOT EDIT - This file is being maintained by Chef
-<VirtualHost *:80>
+<VirtualHost *:443>
ServerName piwik.openstreetmap.org
ServerAlias piwik.osm.org
ServerAdmin webmaster@openstreetmap.org
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/piwik.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/piwik.openstreetmap.org.key
+
CustomLog /var/log/apache2/piwik.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/piwik.openstreetmap.org-error.log
+ Options -Indexes
+
DocumentRoot /srv/piwik.openstreetmap.org
</VirtualHost>
-<VirtualHost *:443>
+<VirtualHost *:80>
ServerName piwik.openstreetmap.org
+ ServerAlias piwik.osm.org
ServerAdmin webmaster@openstreetmap.org
- SSLEngine on
- SSLProtocol all -SSLv2
- SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
- SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
- SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
-
CustomLog /var/log/apache2/piwik.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/piwik.openstreetmap.org-error.log
- DocumentRoot /srv/piwik.openstreetmap.org
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://piwik.openstreetmap.org/
</VirtualHost>
+
+<Directory /srv/piwik.openstreetmap.org>
+ Require all granted
+
+ ExpiresActive On
+ RewriteEngine on
+
+ RewriteCond "%{HTTP:Accept-encoding}" "gzip"
+ RewriteCond "%{REQUEST_FILENAME}\.gz" -s
+ RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]
+
+ RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]
+
+ <FilesMatch "\.js\.gz$">
+ Header append Content-Encoding gzip
+ Header append Vary Accept-Encoding
+ </FilesMatch>
+
+ <FilesMatch "(\.js|\.js\.gz)$">
+ ExpiresDefault "access plus 1 week"
+ Header set Cache-Control "max-age=604800"
+ </FilesMatch>
+
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler "proxy:unix:/run/php/piwik.openstreetmap.org.sock|fcgi://127.0.0.1"
+ </FilesMatch>
+</Directory>