soc-ops/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb

<VirtualHost *:80>
        ServerName <%= @servername %>
        ServerAdmin cert@cert.sunet.se
        DocumentRoot /var/www/html

        RewriteEngine   On
        RewriteRule     ^(.*)$          https://<%= @servername %>/$1     [R,L]

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
        ServerName <%= @servername %>
        ServerAdmin cert@cert.sunet.se

        SSLEngine on
        <% if @use_snakeoil -%>
        SSLCertificateFile      /etc/letsencrypt/live/intelmq-test.cert.sunet.se/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/intelmq-test.cert.sunet.se/privkey.pem
        <% else -%> 
        SSLCertificateFile      <%= @tls_cert %>
        SSLCertificateKeyFile   <%= @tls_key %>
        SSLCertificateChainFile <%= @tls_chain %>
        <% end -%>

        SSLCACertificatePath /etc/ssl/certs/
        SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt

        Protocols               h2 http/1.1
        SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
        SSLHonorCipherOrder     off
        SSLSessionTickets       off
        Header                  always set Strict-Transport-Security "max-age=63072000"

        <IfModule mod_proxy.c>
                ProxyRequests   Off
                <Location "/api">
                        ProxyPass               "http://127.0.0.1:8666/api"
                        ProxyPassReverse        "http://127.0.0.1:8666/api"
                        Header                  always set X-DEBUG-PATH "/api"
                </Location>
        </IfModule>

#        RewriteEngine on
#        RewriteCond %{REQUEST_URI} !^/(index.html|static|api|intelmq-webinput)
#        RewriteRule .* /index.html [PT]

        DocumentRoot /opt/intelmq/www-fody
        <Directory /opt/intelmq/www-fody>
            <IfModule mod_headers.c>
                Header set Content-Security-Policy "script-src 'self'"
                Header set X-Content-Security-Policy "script-src 'self'"
            </IfModule>
            Require all granted
            Options FollowSymLinks
        </Directory>

        Alias /intelmq-manager /usr/share/intelmq_manager/html/
        <Directory /usr/share/intelmq_manager/html>
#                AuthType                Basic
#                AuthName                "IntelMQ"
#                AuthBasicProvider       file
#                AuthUserFile            /etc/apache2/htpasswd
#                Require                 user sunetcert

            <IfModule mod_headers.c>
                    Header set Content-Security-Policy "script-src 'self'"
                    Header set X-Content-Security-Policy "script-src 'self'"
            </IfModule>
        </Directory>

        <Location /intelmq/>
                ProxyPass unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/
                ProxyPassReverse unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/
        </Location>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>