<VirtualHost *:80>
    RedirectMatch    "^/$"  "/horizon"
    ServerName merlin.hpc.rug.nl
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
    RedirectMatch    "^/$"  "/horizon"
    ServerName merlin.hpc.rug.nl

    SSLEngine On
    SSLCertificateFile "/certs/merlin.hpc.rug.nl.crt"
    SSLCertificateKeyFile "/certs/merlin.hpc.rug.nl.key"
    SSLCACertificateFile "/certs/DigiCertCA.crt"
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    # HTTP Strict Transport Security (HSTS) enforces that all communications
    # with a server go over SSL. This mitigates the threat from attacks such
    # as SSL-Strip which replaces links on the wire, stripping away https prefixes
    # and potentially allowing an attacker to view confidential information on the
    # wire
    Header add Strict-Transport-Security "max-age=15768000"

    Alias /horizon/static /var/lib/openstack-dashboard/static/
    Alias /static /var/lib/openstack-dashboard/static/

    <Directory /var/lib/openstack-dashboard/static>
        Require all granted
    </Directory>

    WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi process-group=horizon
    WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 display-name=%{GROUP}
    WSGIProcessGroup horizon
</VirtualHost>