haproxy-wi/config_other/httpd/roxy-wi_deb.conf

<VirtualHost *:443>
    AddDefaultCharset UTF-8
    SetEnv PYTHONIOENCODING utf8

    SSLEngine on
    SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
    SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key

    ServerName roxy-wi.example.com
    ErrorLog /var/log/apache2/roxy-wi.error.log
    CustomLog /var/log/apache2/roxy-wi.access.log combined
    TimeOut 600
    LimitRequestLine 16380

    WSGIDaemonProcess api display-name=%{GROUP} user=www-data group=www-data processes=1 threads=5
    WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi

    DocumentRoot /var/www/haproxy-wi
    ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"

    <Directory /var/www/haproxy-wi/app>
        AllowOverride FileInfo
        DirectoryIndex overview.py
        Options +ExecCGI
        AddHandler cgi-script .py
        Order deny,allow
        Allow from all
    </Directory>

    <Directory /var/www/haproxy-wi/app/certs>
        Options +ExecCGI -Indexes +MultiViews
        Order Deny,Allow
        Deny from all
    </Directory>

    <Directory /var/www/haproxy-wi/keys>
        Options +ExecCGI -Indexes +MultiViews
        Order Deny,Allow
        Deny from all
    </Directory>

    <Directory /var/www/haproxy-wi/app/scripts/terraform/>
        Deny from all
    </Directory>

    <Directory /var/www/haproxy-wi/.git/>
        Deny from all
    </Directory>

	<FilesMatch "\.cfg$">
  		Order Deny,Allow
  		Deny from all
	</FilesMatch>
	
	<FilesMatch "\.db$">
  		Order Deny,Allow
  		Deny from all
	</FilesMatch>

	<IfModule mod_headers.c>
		Header set X-XSS-Protection: 1;
		Header set X-Frame-Options: deny
		Header set X-Content-Type-Options: nosniff
		Header set Strict-Transport-Security: max-age=3600;
		Header set Cache-Control no-cache
		Header set Expires: 0

		<filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
			Header set Cache-Control "max-age=86400, public"
		</filesMatch>
	</IfModule>
</VirtualHost>