haproxy-wi/config_other/httpd/roxy-wi_deb.conf

<VirtualHost *:443>
    AddDefaultCharset UTF-8
    SetEnv PYTHONIOENCODING utf8

    SSLEngine on
    SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
    SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key

    ServerName roxy-wi.example.com
    ErrorLog /var/log/apache2/roxy-wi.error.log
    CustomLog /var/log/apache2/roxy-wi.access.log combined
    TimeOut 600
    LimitRequestLine 16380

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*)           ws://localhost:8765/ [P,L]
    ProxyPassReverse / http://localhost:8765/

    DocumentRoot /var/www/haproxy-wi

    WSGIDaemonProcess roxy-wi-app request-timeout=60 display-name=%{GROUP} user=www-data group=www-data processes=5 threads=20
    WSGIScriptAlias / /var/www/haproxy-wi/app/app.wsgi
    WSGIApplicationGroup %{GLOBAL}

    <Directory /var/www/haproxy-wi/app/>
        WSGIPassAuthorization On
        WSGIProcessGroup roxy-wi-app
        Order deny,allow
        Allow from all
    </Directory>

    <Directory /var/www/haproxy-wi/app/certs>
        Options +ExecCGI -Indexes +MultiViews
        Order Deny,Allow
        Deny from all
    </Directory>

    <Directory /var/www/haproxy-wi/app/scripts/terraform/>
        Deny from all
    </Directory>

    <Directory /var/www/haproxy-wi/.git/>
        Deny from all
    </Directory>

    <IfModule mod_headers.c>
        Header set X-XSS-Protection: 1;
        Header set X-Frame-Options: deny
        Header set X-Content-Type-Options: nosniff
        Header set Strict-Transport-Security: max-age=3600;
        Header set Cache-Control no-cache
        Header set Expires: 0

        <filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
                Header set Cache-Control "max-age=86400, public"
		</filesMatch>
	</IfModule>
</VirtualHost>