haproxy-wi/config_other/httpd/roxy-wi.conf

<VirtualHost *:443>
    AddDefaultCharset UTF-8
    SetEnv PYTHONIOENCODING utf8

	SSLEngine on
    SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
    SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key

    ServerName haproxy-wi.example.com
    ErrorLog /var/log/httpd/roxy-wi.error.log
    CustomLog /var/log/httpd/roxy-wi.access.log combined
	TimeOut 600
	LimitRequestLine 16380

    WSGIDaemonProcess api display-name=%{GROUP} user=apache group=apache processes=1 threads=5
    WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi

    DocumentRoot /var/www/haproxy-wi
    ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"

    <Directory /var/www/haproxy-wi/app>
		AllowOverride FileInfo
        DirectoryIndex overview.py
        Options +ExecCGI
        AddHandler cgi-script .py
        Order deny,allow
        Allow from all
    </Directory>

	<Directory /var/www/haproxy-wi/app/certs>
        Options +ExecCGI -Indexes +MultiViews
	    Order Deny,Allow
	    Deny from all
    </Directory>

	<Directory /var/www/haproxy-wi/keys>
		Options +ExecCGI -Indexes +MultiViews
		Order Deny,Allow
  		Deny from all
	</Directory>

	<Directory /var/www/haproxy-wi/app/scripts/terraform/>
		Deny from all
    </Directory>

	<Directory /var/www/haproxy-wi/.git/>
		Deny from all
    </Directory>

	<FilesMatch "\.cfg$">
  		Order Deny,Allow
  		Deny from all
	</FilesMatch>
	
	<FilesMatch "\.db$">
  		Order Deny,Allow
  		Deny from all
	</FilesMatch>

	<IfModule mod_headers.c>
		Header set X-XSS-Protection: 1;
		Header set X-Frame-Options: deny
		Header set X-Content-Type-Options: nosniff
		Header set Strict-Transport-Security: max-age=3600;
		Header set Cache-Control no-cache
		Header set Expires: 0

		<filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
			Header set Cache-Control "max-age=86400, public"
		</filesMatch>
	</IfModule>
</VirtualHost>