path: root/server/setup/05-service-settings/etc/apache2/apache2.diff

diff -Nur apache2.orig/apache2.conf apache2/apache2.conf
--- apache2.orig/apache2.conf	2013-03-04 22:00:37.000000000 +0100
+++ apache2/apache2.conf	2013-06-06 07:21:33.251843000 +0200
@@ -117,7 +117,9 @@
 # KeepAliveTimeout: Number of seconds to wait for the next request from the
 # same client on the same connection.
 #
-KeepAliveTimeout 5
+# default: 5
+KeepAliveTimeout 10
+
 
 ##
 ## Server-Pool Size Regulation (MPM specific)
@@ -130,10 +132,17 @@
 # MaxClients: maximum number of server processes allowed to start
 # MaxRequestsPerChild: maximum number of requests a server process serves
 <IfModule mpm_prefork_module>
-    StartServers          5
+    # defaults:
+    # StartServers          5
+    # MinSpareServers       5
+    # MaxSpareServers      10
+    # MaxClients          150
+    # MaxRequestsPerChild   0
+
+    StartServers          8
     MinSpareServers       5
-    MaxSpareServers      10
-    MaxClients          150
+    MaxSpareServers      20
+    MaxClients          256
     MaxRequestsPerChild   0
 </IfModule>
 
diff -Nur apache2.orig/mods-enabled/cgid.conf apache2/mods-enabled/cgid.conf
--- apache2.orig/mods-enabled/cgid.conf	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/cgid.conf	2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,2 @@
+# Socket for cgid communication
+ScriptSock ${APACHE_RUN_DIR}/cgisock
diff -Nur apache2.orig/mods-enabled/cgid.load apache2/mods-enabled/cgid.load
--- apache2.orig/mods-enabled/cgid.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/cgid.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so
diff -Nur apache2.orig/mods-enabled/headers.load apache2/mods-enabled/headers.load
--- apache2.orig/mods-enabled/headers.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/headers.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
diff -Nur apache2.orig/mods-enabled/proxy_ajp.load apache2/mods-enabled/proxy_ajp.load
--- apache2.orig/mods-enabled/proxy_ajp.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_ajp.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
diff -Nur apache2.orig/mods-enabled/proxy_balancer.conf apache2/mods-enabled/proxy_balancer.conf
--- apache2.orig/mods-enabled/proxy_balancer.conf	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_balancer.conf	2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,16 @@
+<IfModule mod_proxy_balancer.c>
+
+# Balancer manager enables dynamic update of balancer members
+# (needs mod_status). Uncomment to enable.
+#
+#<IfModule mod_status.c>
+#<Location /balancer-manager>
+#    SetHandler balancer-manager
+#    Order deny,allow
+#    Deny from all
+#    Allow from 127.0.0.1 ::1
+#    Satisfy all
+#</Location>
+#</IfModule>
+
+</IfModule>
diff -Nur apache2.orig/mods-enabled/proxy_balancer.load apache2/mods-enabled/proxy_balancer.load
--- apache2.orig/mods-enabled/proxy_balancer.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_balancer.load	2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so
diff -Nur apache2.orig/mods-enabled/proxy.conf apache2/mods-enabled/proxy.conf
--- apache2.orig/mods-enabled/proxy.conf	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy.conf	2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,26 @@
+<IfModule mod_proxy.c>
+
+# If you want to use apache2 as a forward proxy, uncomment the
+# 'ProxyRequests On' line and the <Proxy *> block below.
+# WARNING: Be careful to restrict access inside the <Proxy *> block.
+# Open proxy servers are dangerous both to your network and to the
+# Internet at large.
+#
+# If you only want to use apache2 as a reverse proxy/gateway in
+# front of some web application server, you DON'T need
+# 'ProxyRequests On'.
+
+#ProxyRequests On
+#<Proxy *>
+#        AddDefaultCharset off
+#        Order deny,allow
+#        Deny from all
+#        #Allow from .example.com
+#</Proxy>
+
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#ProxyVia Off
+
+</IfModule>
diff -Nur apache2.orig/mods-enabled/proxy_connect.load apache2/mods-enabled/proxy_connect.load
--- apache2.orig/mods-enabled/proxy_connect.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_connect.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
diff -Nur apache2.orig/mods-enabled/proxy_ftp.conf apache2/mods-enabled/proxy_ftp.conf
--- apache2.orig/mods-enabled/proxy_ftp.conf	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_ftp.conf	2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,6 @@
+<IfModule mod_proxy_ftp.c>
+
+# Define the character set for proxied FTP listings. Default is ISO-8859-1
+ProxyFtpDirCharset UTF-8
+
+</IfModule>
diff -Nur apache2.orig/mods-enabled/proxy_ftp.load apache2/mods-enabled/proxy_ftp.load
--- apache2.orig/mods-enabled/proxy_ftp.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_ftp.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so
diff -Nur apache2.orig/mods-enabled/proxy_http.load apache2/mods-enabled/proxy_http.load
--- apache2.orig/mods-enabled/proxy_http.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_http.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
diff -Nur apache2.orig/mods-enabled/proxy.load apache2/mods-enabled/proxy.load
--- apache2.orig/mods-enabled/proxy.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
diff -Nur apache2.orig/mods-enabled/proxy_scgi.load apache2/mods-enabled/proxy_scgi.load
--- apache2.orig/mods-enabled/proxy_scgi.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_scgi.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
diff -Nur apache2.orig/mods-enabled/rewrite.load apache2/mods-enabled/rewrite.load
--- apache2.orig/mods-enabled/rewrite.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/rewrite.load	2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
diff -Nur apache2.orig/mods-enabled/ssl.conf apache2/mods-enabled/ssl.conf
--- apache2.orig/mods-enabled/ssl.conf	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/ssl.conf	2013-03-04 22:00:37.000000000 +0100
@@ -0,0 +1,82 @@
+<IfModule mod_ssl.c>
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+#   (The mechanism dbm has known memory leaks and should not be used).
+#SSLSessionCache         dbm:${APACHE_RUN_DIR}/ssl_scache
+SSLSessionCache        shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
+#   Semaphore:
+#   Configure the path to the mutual exclusion semaphore the
+#   SSL engine uses internally for inter-process synchronization. 
+SSLMutex  file:${APACHE_RUN_DIR}/ssl_mutex
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate. See the
+#   ciphers(1) man page from the openssl package for list of all available
+#   options.
+#   Enable only secure ciphers:
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+
+#   Speed-optimized SSL Cipher configuration:
+#   If speed is your main concern (on busy HTTPS servers e.g.),
+#   you might want to force clients to specific, performance
+#   optimized ciphers. In this case, prepend those ciphers
+#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+#   (as in the example below), most connections will no longer
+#   have perfect forward secrecy - if the server's key is
+#   compromised, captures of past or future traffic must be
+#   considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+#SSLHonorCipherOrder on
+
+# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
+SSLProtocol all -SSLv2
+
+# Allow insecure renegotiation with clients which do not yet support the
+# secure renegotiation protocol. Default: Off
+#SSLInsecureRenegotiation on
+
+# Whether to forbid non-SNI clients to access name based virtual hosts.
+# Default: Off
+#SSLStrictSNIVHostCheck On
+
+</IfModule>
diff -Nur apache2.orig/mods-enabled/ssl.load apache2/mods-enabled/ssl.load
--- apache2.orig/mods-enabled/ssl.load	1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/ssl.load	2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1 @@
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff -Nur apache2.orig/ports.conf apache2/ports.conf
--- apache2.orig/ports.conf	2013-03-03 12:14:45.000000000 +0100
+++ apache2/ports.conf	2013-06-06 07:46:07.326283000 +0200
@@ -6,9 +6,11 @@
 # README.Debian.gz
 
 NameVirtualHost *:80
+# NameVirtualHost *
 Listen 80
 
 <IfModule mod_ssl.c>
+    NameVirtualHost *:443
     # If you add NameVirtualHost *:443 here, you will also have to change
     # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
     # to <VirtualHost *:443>
diff -Nur apache2.orig/sites-available/jausoft.com-ssl apache2/sites-available/jausoft.com-ssl
--- apache2.orig/sites-available/jausoft.com-ssl	1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-available/jausoft.com-ssl	2013-06-06 07:36:27.650753118 +0200
@@ -0,0 +1,204 @@
+<IfModule mod_ssl.c>
+<VirtualHost jausoft.com:443>
+
+    # General setup for the virtual host, inherited from global configuration
+    ServerName jausoft.com
+    ServerPath /jausoft.com/
+    RewriteEngine On
+    DocumentRoot /srv/www/jausoft.com
+
+    # Use separate log files for the SSL virtual host; note that LogLevel
+    # is not inherited from httpd.conf.
+    ErrorLog ${APACHE_LOG_DIR}/jausoft.com-ssl-error.log
+    TransferLog ${APACHE_LOG_DIR}/jausoft.com-ssl-access.log
+    LogLevel warn
+
+    #   SSL Engine Switch:
+    #   Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    #   SSL Protocol support:
+    # List the enable protocol levels with which clients will be able to
+    # connect.  Disable SSLv2 access by default:
+    SSLProtocol all -SSLv2
+
+    #   SSL Cipher Suite:
+    # List the ciphers that the client is permitted to negotiate.
+    # See the mod_ssl documentation for a complete list.
+    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+	#   A self-signed (snakeoil) certificate can be created by installing
+	#   the ssl-cert package. See
+	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+	#   If both key and certificate are stored in the same file, only the
+	#   SSLCertificateFile directive is needed.
+	# SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+	# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+    SSLCertificateFile /etc/ssl/local/jausoft2013-hostcert.pem
+    SSLCertificateKeyFile /etc/ssl/local/jausoft2013-hostkey.apache.pem
+
+	#   Server Certificate Chain:
+	#   Point SSLCertificateChainFile at a file containing the
+	#   concatenation of PEM encoded CA certificates which form the
+	#   certificate chain for the server certificate. Alternatively
+	#   the referenced file can be the same as SSLCertificateFile
+	#   when the CA certificates are directly appended to the server
+	#   certificate for convinience.
+	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+    SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem
+
+	#   Certificate Authority (CA):
+	#   Set the CA certificate verification path where to find CA
+	#   certificates for client authentication or alternatively one
+	#   huge file containing all of them (file must be PEM encoded)
+	#   Note: Inside SSLCACertificatePath you need hash symlinks
+	#         to point to the certificate files. Use the provided
+	#         Makefile to update the hash symlinks after changes.
+	#SSLCACertificatePath /etc/ssl/certs/
+	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+	#   Certificate Revocation Lists (CRL):
+	#   Set the CA revocation path where to find CA CRLs for client
+	#   authentication or alternatively one huge file containing all
+	#   of them (file must be PEM encoded)
+	#   Note: Inside SSLCARevocationPath you need hash symlinks
+	#         to point to the certificate files. Use the provided
+	#         Makefile to update the hash symlinks after changes.
+	#SSLCARevocationPath /etc/apache2/ssl.crl/
+	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+	#   Client Authentication (Type):
+	#   Client certificate verification type and depth.  Types are
+	#   none, optional, require and optional_no_ca.  Depth is a
+	#   number which specifies how deeply to verify the certificate
+	#   issuer chain before deciding the certificate is not valid.
+	#SSLVerifyClient require
+	#SSLVerifyDepth  10
+
+    #   Access Control:
+    #   With SSLRequire you can do per-directory access control based
+    #   on arbitrary complex boolean expressions containing server
+    #   variable checks and other lookup directives.  The syntax is a
+    #   mixture between C and Perl.  See the mod_ssl documentation
+    #   for more details.
+    #<Location />
+    #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+    #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+    #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+    #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+    #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+    #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+    #</Location>
+
+    #   SSL Engine Options:
+    #   Set various options for the SSL engine.
+    #   o FakeBasicAuth:
+    #     Translate the client X.509 into a Basic Authorisation.  This means that
+    #     the standard Auth/DBMAuth methods can be used for access control.  The
+    #     user name is the `one line' version of the client's X.509 certificate.
+    #     Note that no password is obtained from the user. Every entry in the user
+    #     file needs this password: `xxj31ZMTZzkVA'.
+    #   o ExportCertData:
+    #     This exports two additional environment variables: SSL_CLIENT_CERT and
+    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+    #     server (always existing) and the client (only existing when client
+    #     authentication is used). This can be used to import the certificates
+    #     into CGI scripts.
+    #   o StdEnvVars:
+    #     This exports the standard SSL/TLS related `SSL_*' environment variables.
+    #     Per default this exportation is switched off for performance reasons,
+    #     because the extraction step is an expensive operation and is usually
+    #     useless for serving static content. So one usually enables the
+    #     exportation for CGI and SSI requests only.
+    #   o StrictRequire:
+    #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+    #     under a "Satisfy any" situation, i.e. when it applies access is denied
+    #     and no other module can change it.
+    #   o OptRenegotiate:
+    #     This enables optimized SSL connection renegotiation handling when SSL
+    #     directives are used in per-directory context. 
+    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
+        SSLOptions +StdEnvVars
+    </Files>
+
+	#   SSL Protocol Adjustments:
+	#   The safe and default but still SSL/TLS standard compliant shutdown
+	#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+	#   the close notify alert from client. When you need a different shutdown
+	#   approach you can use one of the following variables:
+	#   o ssl-unclean-shutdown:
+	#     This forces an unclean shutdown when the connection is closed, i.e. no
+	#     SSL close notify alert is send or allowed to received.  This violates
+	#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+	#     this when you receive I/O errors because of the standard approach where
+	#     mod_ssl sends the close notify alert.
+	#   o ssl-accurate-shutdown:
+	#     This forces an accurate shutdown when the connection is closed, i.e. a
+	#     SSL close notify alert is send and mod_ssl waits for the close notify
+	#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+	#     practice often causes hanging connections with brain-dead browsers. Use
+	#     this only for browsers where you know that their SSL implementation
+	#     works correctly.
+	#   Notice: Most problems of broken clients are also related to the HTTP
+	#   keep-alive facility, so you usually additionally want to disable
+	#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+	#   "force-response-1.0" for this.
+	BrowserMatch "MSIE [2-6]" \
+		nokeepalive ssl-unclean-shutdown \
+		downgrade-1.0 force-response-1.0
+	# MSIE 7 and newer should be able to use keepalive
+	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+    #   Per-Server Logging:
+    #   The home of a custom SSL log file. Use this when you want a
+    #   compact non-error SSL logfile on a virtual host basis.
+    CustomLog /var/log/apache2/ssl_request_log \
+              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+        ErrorLog ${APACHE_LOG_DIR}/jausoft.com-ssl-error.log
+        CustomLog ${APACHE_LOG_DIR}/jausoft.com-ssl-access.log common
+
+        # configures the footer on server-generated documents
+        ServerSignature On
+
+        <Directory "/srv/www/jausoft.com">
+            Options Indexes FollowSymLinks
+            AllowOverride All
+            Order allow,deny
+            Allow from all
+        </Directory>
+
+
+        SetEnv GIT_PROJECT_ROOT /srv/scm
+        SetEnv GIT_HTTP_EXPORT_ALL
+        ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+        <Directory "/srv/www/jausoft.com/git">
+           DirectoryIndex gitweb.cgi
+           Allow from all
+           AllowOverride all
+           Order allow,deny
+           Options ExecCGI
+           <Files gitweb.cgi>
+           SetHandler cgi-script
+           </Files>
+           SetEnv  GITWEB_CONFIG  /srv/scm/gitweb.conf
+        </Directory>
+
+        Alias /icons/ "/srv/www/jausoft.com/icons/"
+
+        <Directory "/srv/www/jausoft.com/icons">
+            Options Indexes MultiViews
+            AllowOverride None
+            Order allow,deny
+            Allow from all
+        </Directory>
+
+
+</VirtualHost>
+</IfModule>
+
diff -Nur apache2.orig/sites-available/jogamp.org apache2/sites-available/jogamp.org
--- apache2.orig/sites-available/jogamp.org	1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-available/jogamp.org	2013-06-06 07:29:00.470204000 +0200
@@ -0,0 +1,247 @@
+#
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+<VirtualHost *:80>
+    ServerAdmin jausoft@jausoft.com
+    ServerName jogamp.org
+    ServerAlias www.jogamp.org
+    ServerPath /jogamp.org/
+    RewriteEngine On
+
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+
+    DocumentRoot /srv/www/jogamp.org
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # configures the footer on server-generated documents
+    ServerSignature On
+
+	<Directory "/srv/www/jogamp.org">
+	    Options Indexes FollowSymLinks
+	    AllowOverride All
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+    RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+    #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+    RewriteCond %{REQUEST_URI} ^/wiki/index.php$
+    RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
+    RewriteCond %{REQUEST_METHOD} ^GET$
+    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE]
+
+    #
+    # Due to security concerns, session hijacking .. etc .. the whole
+    # bugzilla stream will go over https
+    #
+    RewriteCond %{REQUEST_URI} ^/bugzilla
+    RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE]
+
+    SetEnv GIT_PROJECT_ROOT /srv/scm
+    SetEnv GIT_HTTP_EXPORT_ALL
+    ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+	<Directory "/srv/www/jogamp.org/git">
+       DirectoryIndex gitweb.cgi
+       Allow from all
+       AllowOverride all
+       Order allow,deny
+       Options ExecCGI
+       <Files gitweb.cgi>
+       SetHandler cgi-script
+       </Files>
+       SetEnv  GITWEB_CONFIG  /srv/scm/gitweb.conf
+    </Directory>
+
+	Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+	<Directory "/srv/www/jogamp.org/icons">
+	    Options Indexes MultiViews
+	    AllowOverride None
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+    #
+    # Due to security concerns, session hijacking .. etc .. the whole
+    # hudson and bugzilla stream will go over https
+    #
+    RewriteCond %{REQUEST_URI} ^/chuck
+    RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+
+    #RewriteCond %{REQUEST_URI} ^/chuck
+    #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE]
+    #
+    #RewriteCond %{REQUEST_URI} ^/chuck
+    #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR]
+    #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC]
+    #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+    #
+    # Cookies:
+    #   wikidb_mw_LoggedOut                       /
+    #   wikidb_mw__session                        /
+    #   wikidb_mw_Token                           /
+    #   wikidb_mw_UserID                          /
+    #   wikidb_mw_UserName                        /
+    #
+    #   Bugzilla_login                            /bugzilla
+    #   Bugzilla_logincookie                      /bugzilla
+    #   DEFAULTFORMAT                             /bugzilla
+    #
+    #   ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE  /chuck   
+    #   JSESSIONID                                /chuck
+    #
+
+	#
+	# http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+	#
+	#ProxyRequests     Off
+    #ProxyPreserveHost On
+
+	# Local reverse proxy authorization override
+	# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+	#<Proxy http://localhost:8089/chuck*>
+	#  Order deny,allow
+	#  Allow from all
+	#</Proxy>
+	#ProxyPass         /chuck  http://localhost:8080/chuck
+	#ProxyPassReverse  /chuck  http://localhost:8080/chuck
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName blog.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName bugzilla.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName wiki.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName scm.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName jogl.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName jocl.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName joal.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName demos.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName chuck.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName jogamp.com
+    ServerAlias *.jogamp.com
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.com-access_log combined
+
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+</VirtualHost>
+
+#
+# Directives to allow use of AWStats as a CGI
+#
+#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
+#Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
+#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
+#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
+
+#
+# This is to permit URL access to scripts/files in AWStats directory.
+#
+<Directory "/usr/local/awstats/wwwroot">
+    Options None
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
+
diff -Nur apache2.orig/sites-available/jogamp.org-ssl apache2/sites-available/jogamp.org-ssl
--- apache2.orig/sites-available/jogamp.org-ssl	1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-available/jogamp.org-ssl	2013-06-06 07:53:58.298005000 +0200
@@ -0,0 +1,256 @@
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+
+    # General setup for the virtual host, inherited from global configuration
+    ServerName jogamp.org
+    ServerPath /jogamp.org/
+    RewriteEngine On
+    DocumentRoot /srv/www/jogamp.org
+
+    # Use separate log files for the SSL virtual host; note that LogLevel
+    # is not inherited from httpd.conf.
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+    TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log
+    LogLevel warn
+
+    #   SSL Engine Switch:
+    #   Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    #   SSL Protocol support:
+    # List the enable protocol levels with which clients will be able to
+    # connect.  Disable SSLv2 access by default:
+    SSLProtocol all -SSLv2
+
+    #   SSL Cipher Suite:
+    # List the ciphers that the client is permitted to negotiate.
+    # See the mod_ssl documentation for a complete list.
+    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+	#   A self-signed (snakeoil) certificate can be created by installing
+	#   the ssl-cert package. See
+	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+	#   If both key and certificate are stored in the same file, only the
+	#   SSLCertificateFile directive is needed.
+	# SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+	# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+    SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+    SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+	#   Server Certificate Chain:
+	#   Point SSLCertificateChainFile at a file containing the
+	#   concatenation of PEM encoded CA certificates which form the
+	#   certificate chain for the server certificate. Alternatively
+	#   the referenced file can be the same as SSLCertificateFile
+	#   when the CA certificates are directly appended to the server
+	#   certificate for convinience.
+	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+    SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem
+
+	#   Certificate Authority (CA):
+	#   Set the CA certificate verification path where to find CA
+	#   certificates for client authentication or alternatively one
+	#   huge file containing all of them (file must be PEM encoded)
+	#   Note: Inside SSLCACertificatePath you need hash symlinks
+	#         to point to the certificate files. Use the provided
+	#         Makefile to update the hash symlinks after changes.
+	#SSLCACertificatePath /etc/ssl/certs/
+	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+	#   Certificate Revocation Lists (CRL):
+	#   Set the CA revocation path where to find CA CRLs for client
+	#   authentication or alternatively one huge file containing all
+	#   of them (file must be PEM encoded)
+	#   Note: Inside SSLCARevocationPath you need hash symlinks
+	#         to point to the certificate files. Use the provided
+	#         Makefile to update the hash symlinks after changes.
+	#SSLCARevocationPath /etc/apache2/ssl.crl/
+	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+	#   Client Authentication (Type):
+	#   Client certificate verification type and depth.  Types are
+	#   none, optional, require and optional_no_ca.  Depth is a
+	#   number which specifies how deeply to verify the certificate
+	#   issuer chain before deciding the certificate is not valid.
+	#SSLVerifyClient require
+	#SSLVerifyDepth  10
+
+    #   Access Control:
+    #   With SSLRequire you can do per-directory access control based
+    #   on arbitrary complex boolean expressions containing server
+    #   variable checks and other lookup directives.  The syntax is a
+    #   mixture between C and Perl.  See the mod_ssl documentation
+    #   for more details.
+    #<Location />
+    #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+    #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+    #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+    #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+    #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+    #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+    #</Location>
+
+    #   SSL Engine Options:
+    #   Set various options for the SSL engine.
+    #   o FakeBasicAuth:
+    #     Translate the client X.509 into a Basic Authorisation.  This means that
+    #     the standard Auth/DBMAuth methods can be used for access control.  The
+    #     user name is the `one line' version of the client's X.509 certificate.
+    #     Note that no password is obtained from the user. Every entry in the user
+    #     file needs this password: `xxj31ZMTZzkVA'.
+    #   o ExportCertData:
+    #     This exports two additional environment variables: SSL_CLIENT_CERT and
+    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+    #     server (always existing) and the client (only existing when client
+    #     authentication is used). This can be used to import the certificates
+    #     into CGI scripts.
+    #   o StdEnvVars:
+    #     This exports the standard SSL/TLS related `SSL_*' environment variables.
+    #     Per default this exportation is switched off for performance reasons,
+    #     because the extraction step is an expensive operation and is usually
+    #     useless for serving static content. So one usually enables the
+    #     exportation for CGI and SSI requests only.
+    #   o StrictRequire:
+    #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+    #     under a "Satisfy any" situation, i.e. when it applies access is denied
+    #     and no other module can change it.
+    #   o OptRenegotiate:
+    #     This enables optimized SSL connection renegotiation handling when SSL
+    #     directives are used in per-directory context. 
+    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
+        SSLOptions +StdEnvVars
+    </Files>
+
+	#   SSL Protocol Adjustments:
+	#   The safe and default but still SSL/TLS standard compliant shutdown
+	#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+	#   the close notify alert from client. When you need a different shutdown
+	#   approach you can use one of the following variables:
+	#   o ssl-unclean-shutdown:
+	#     This forces an unclean shutdown when the connection is closed, i.e. no
+	#     SSL close notify alert is send or allowed to received.  This violates
+	#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+	#     this when you receive I/O errors because of the standard approach where
+	#     mod_ssl sends the close notify alert.
+	#   o ssl-accurate-shutdown:
+	#     This forces an accurate shutdown when the connection is closed, i.e. a
+	#     SSL close notify alert is send and mod_ssl waits for the close notify
+	#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+	#     practice often causes hanging connections with brain-dead browsers. Use
+	#     this only for browsers where you know that their SSL implementation
+	#     works correctly.
+	#   Notice: Most problems of broken clients are also related to the HTTP
+	#   keep-alive facility, so you usually additionally want to disable
+	#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+	#   "force-response-1.0" for this.
+	BrowserMatch "MSIE [2-6]" \
+		nokeepalive ssl-unclean-shutdown \
+		downgrade-1.0 force-response-1.0
+	# MSIE 7 and newer should be able to use keepalive
+	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+    #   Per-Server Logging:
+    #   The home of a custom SSL log file. Use this when you want a
+    #   compact non-error SSL logfile on a virtual host basis.
+    CustomLog /var/log/apache2/jogamp.org-ssl-request.log \
+              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined
+
+    # configures the footer on server-generated documents
+    ServerSignature On
+
+	<Directory "/srv/www/jogamp.org">
+	    Options Indexes FollowSymLinks
+	    AllowOverride All
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+#	ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla"
+	<Directory /srv/www/jogamp.org/bugzilla>
+	    AddHandler cgi-script .cgi
+	    Options +Indexes +ExecCGI -MultiViews +FollowSymLinks
+	    DirectoryIndex index.cgi
+        AllowOverride Limit FileInfo Indexes
+    </Directory>
+
+    SetEnv GIT_PROJECT_ROOT /srv/scm
+    SetEnv GIT_HTTP_EXPORT_ALL
+    ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+	<Directory "/srv/www/jogamp.org/git">
+       DirectoryIndex gitweb.cgi
+       Allow from all
+       AllowOverride all
+       Order allow,deny
+       Options ExecCGI
+       <Files gitweb.cgi>
+       SetHandler cgi-script
+       </Files>
+       SetEnv  GITWEB_CONFIG  /srv/scm/gitweb.conf
+    </Directory>
+
+	Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+	<Directory "/srv/www/jogamp.org/icons">
+	    Options Indexes MultiViews
+	    AllowOverride None
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+    #
+    # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+    #
+    ProxyRequests     Off
+    ProxyPreserveHost On
+
+    # Local reverse proxy authorization override
+    # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+    <Proxy http://127.0.0.1:8080/chuck*>
+      Order deny,allow
+      Allow from all
+    </Proxy>
+
+    ProxyPass         /chuck  http://127.0.0.1:8080/chuck
+    ProxyPassReverse  /chuck  http://127.0.0.1:8080/chuck
+    ProxyPassReverse  /chuck  http://jogamp.org/chuck
+
+#   ProxyPass /chuck/ http://127.0.0.1:8080/chuck/
+#   <Location /chuck/>
+#     ProxyPassReverse /
+#     Order deny,allow
+#     Allow from all
+#   </Location>
+    Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/
+
+</VirtualHost>                                  
+
+<VirtualHost *:443>
+    ServerName jogamp.com
+    ServerAlias *.jogamp.com
+    ServerPath /jogamp.org/
+    SSLEngine on
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined
+
+    SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+    SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+</VirtualHost>
+
diff -Nur apache2.orig/sites-enabled/000-default apache2/sites-enabled/000-default
--- apache2.orig/sites-enabled/000-default	2013-03-03 12:14:45.000000000 +0100
+++ apache2/sites-enabled/000-default	1970-01-01 01:00:00.000000000 +0100
@@ -1,31 +0,0 @@
-<VirtualHost *:80>
-	ServerAdmin webmaster@localhost
-
-	DocumentRoot /var/www
-	<Directory />
-		Options FollowSymLinks
-		AllowOverride None
-	</Directory>
-	<Directory /var/www/>
-		Options Indexes FollowSymLinks MultiViews
-		AllowOverride None
-		Order allow,deny
-		allow from all
-	</Directory>
-
-	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-	<Directory "/usr/lib/cgi-bin">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-		Order allow,deny
-		Allow from all
-	</Directory>
-
-	ErrorLog ${APACHE_LOG_DIR}/error.log
-
-	# Possible values include: debug, info, notice, warn, error, crit,
-	# alert, emerg.
-	LogLevel warn
-
-	CustomLog ${APACHE_LOG_DIR}/access.log combined
-</VirtualHost>
diff -Nur apache2.orig/sites-enabled/000-jogamp.org apache2/sites-enabled/000-jogamp.org
--- apache2.orig/sites-enabled/000-jogamp.org	1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-enabled/000-jogamp.org	2013-06-06 07:29:00.470204000 +0200
@@ -0,0 +1,247 @@
+#
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+<VirtualHost *:80>
+    ServerAdmin jausoft@jausoft.com
+    ServerName jogamp.org
+    ServerAlias www.jogamp.org
+    ServerPath /jogamp.org/
+    RewriteEngine On
+
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+
+    DocumentRoot /srv/www/jogamp.org
+
+    # don't loose time with IP address lookups
+    HostnameLookups Off
+
+    # needed for named virtual hosts
+    UseCanonicalName Off
+
+    # configures the footer on server-generated documents
+    ServerSignature On
+
+	<Directory "/srv/www/jogamp.org">
+	    Options Indexes FollowSymLinks
+	    AllowOverride All
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+    RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+    #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+    RewriteCond %{REQUEST_URI} ^/wiki/index.php$
+    RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
+    RewriteCond %{REQUEST_METHOD} ^GET$
+    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE]
+
+    #
+    # Due to security concerns, session hijacking .. etc .. the whole
+    # bugzilla stream will go over https
+    #
+    RewriteCond %{REQUEST_URI} ^/bugzilla
+    RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE]
+
+    SetEnv GIT_PROJECT_ROOT /srv/scm
+    SetEnv GIT_HTTP_EXPORT_ALL
+    ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+	<Directory "/srv/www/jogamp.org/git">
+       DirectoryIndex gitweb.cgi
+       Allow from all
+       AllowOverride all
+       Order allow,deny
+       Options ExecCGI
+       <Files gitweb.cgi>
+       SetHandler cgi-script
+       </Files>
+       SetEnv  GITWEB_CONFIG  /srv/scm/gitweb.conf
+    </Directory>
+
+	Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+	<Directory "/srv/www/jogamp.org/icons">
+	    Options Indexes MultiViews
+	    AllowOverride None
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+    #
+    # Due to security concerns, session hijacking .. etc .. the whole
+    # hudson and bugzilla stream will go over https
+    #
+    RewriteCond %{REQUEST_URI} ^/chuck
+    RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+
+    #RewriteCond %{REQUEST_URI} ^/chuck
+    #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE]
+    #
+    #RewriteCond %{REQUEST_URI} ^/chuck
+    #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR]
+    #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC]
+    #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+    #
+    # Cookies:
+    #   wikidb_mw_LoggedOut                       /
+    #   wikidb_mw__session                        /
+    #   wikidb_mw_Token                           /
+    #   wikidb_mw_UserID                          /
+    #   wikidb_mw_UserName                        /
+    #
+    #   Bugzilla_login                            /bugzilla
+    #   Bugzilla_logincookie                      /bugzilla
+    #   DEFAULTFORMAT                             /bugzilla
+    #
+    #   ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE  /chuck   
+    #   JSESSIONID                                /chuck
+    #
+
+	#
+	# http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+	#
+	#ProxyRequests     Off
+    #ProxyPreserveHost On
+
+	# Local reverse proxy authorization override
+	# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+	#<Proxy http://localhost:8089/chuck*>
+	#  Order deny,allow
+	#  Allow from all
+	#</Proxy>
+	#ProxyPass         /chuck  http://localhost:8080/chuck
+	#ProxyPassReverse  /chuck  http://localhost:8080/chuck
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName blog.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName bugzilla.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName wiki.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName scm.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName jogl.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName jocl.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName joal.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName demos.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName chuck.jogamp.org
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName jogamp.com
+    ServerAlias *.jogamp.com
+    ServerPath /jogamp.org/
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error_log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.com-access_log combined
+
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+</VirtualHost>
+
+#
+# Directives to allow use of AWStats as a CGI
+#
+#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
+#Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
+#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
+#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
+
+#
+# This is to permit URL access to scripts/files in AWStats directory.
+#
+<Directory "/usr/local/awstats/wwwroot">
+    Options None
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
+
diff -Nur apache2.orig/sites-enabled/001-jogamp.org-ssl apache2/sites-enabled/001-jogamp.org-ssl
--- apache2.orig/sites-enabled/001-jogamp.org-ssl	1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-enabled/001-jogamp.org-ssl	2013-06-06 07:53:58.298005000 +0200
@@ -0,0 +1,256 @@
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+
+    # General setup for the virtual host, inherited from global configuration
+    ServerName jogamp.org
+    ServerPath /jogamp.org/
+    RewriteEngine On
+    DocumentRoot /srv/www/jogamp.org
+
+    # Use separate log files for the SSL virtual host; note that LogLevel
+    # is not inherited from httpd.conf.
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+    TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log
+    LogLevel warn
+
+    #   SSL Engine Switch:
+    #   Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    #   SSL Protocol support:
+    # List the enable protocol levels with which clients will be able to
+    # connect.  Disable SSLv2 access by default:
+    SSLProtocol all -SSLv2
+
+    #   SSL Cipher Suite:
+    # List the ciphers that the client is permitted to negotiate.
+    # See the mod_ssl documentation for a complete list.
+    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+	#   A self-signed (snakeoil) certificate can be created by installing
+	#   the ssl-cert package. See
+	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+	#   If both key and certificate are stored in the same file, only the
+	#   SSLCertificateFile directive is needed.
+	# SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+	# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+    SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+    SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+	#   Server Certificate Chain:
+	#   Point SSLCertificateChainFile at a file containing the
+	#   concatenation of PEM encoded CA certificates which form the
+	#   certificate chain for the server certificate. Alternatively
+	#   the referenced file can be the same as SSLCertificateFile
+	#   when the CA certificates are directly appended to the server
+	#   certificate for convinience.
+	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+    SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem
+
+	#   Certificate Authority (CA):
+	#   Set the CA certificate verification path where to find CA
+	#   certificates for client authentication or alternatively one
+	#   huge file containing all of them (file must be PEM encoded)
+	#   Note: Inside SSLCACertificatePath you need hash symlinks
+	#         to point to the certificate files. Use the provided
+	#         Makefile to update the hash symlinks after changes.
+	#SSLCACertificatePath /etc/ssl/certs/
+	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+	#   Certificate Revocation Lists (CRL):
+	#   Set the CA revocation path where to find CA CRLs for client
+	#   authentication or alternatively one huge file containing all
+	#   of them (file must be PEM encoded)
+	#   Note: Inside SSLCARevocationPath you need hash symlinks
+	#         to point to the certificate files. Use the provided
+	#         Makefile to update the hash symlinks after changes.
+	#SSLCARevocationPath /etc/apache2/ssl.crl/
+	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+	#   Client Authentication (Type):
+	#   Client certificate verification type and depth.  Types are
+	#   none, optional, require and optional_no_ca.  Depth is a
+	#   number which specifies how deeply to verify the certificate
+	#   issuer chain before deciding the certificate is not valid.
+	#SSLVerifyClient require
+	#SSLVerifyDepth  10
+
+    #   Access Control:
+    #   With SSLRequire you can do per-directory access control based
+    #   on arbitrary complex boolean expressions containing server
+    #   variable checks and other lookup directives.  The syntax is a
+    #   mixture between C and Perl.  See the mod_ssl documentation
+    #   for more details.
+    #<Location />
+    #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+    #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+    #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+    #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+    #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+    #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+    #</Location>
+
+    #   SSL Engine Options:
+    #   Set various options for the SSL engine.
+    #   o FakeBasicAuth:
+    #     Translate the client X.509 into a Basic Authorisation.  This means that
+    #     the standard Auth/DBMAuth methods can be used for access control.  The
+    #     user name is the `one line' version of the client's X.509 certificate.
+    #     Note that no password is obtained from the user. Every entry in the user
+    #     file needs this password: `xxj31ZMTZzkVA'.
+    #   o ExportCertData:
+    #     This exports two additional environment variables: SSL_CLIENT_CERT and
+    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+    #     server (always existing) and the client (only existing when client
+    #     authentication is used). This can be used to import the certificates
+    #     into CGI scripts.
+    #   o StdEnvVars:
+    #     This exports the standard SSL/TLS related `SSL_*' environment variables.
+    #     Per default this exportation is switched off for performance reasons,
+    #     because the extraction step is an expensive operation and is usually
+    #     useless for serving static content. So one usually enables the
+    #     exportation for CGI and SSI requests only.
+    #   o StrictRequire:
+    #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+    #     under a "Satisfy any" situation, i.e. when it applies access is denied
+    #     and no other module can change it.
+    #   o OptRenegotiate:
+    #     This enables optimized SSL connection renegotiation handling when SSL
+    #     directives are used in per-directory context. 
+    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
+        SSLOptions +StdEnvVars
+    </Files>
+
+	#   SSL Protocol Adjustments:
+	#   The safe and default but still SSL/TLS standard compliant shutdown
+	#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+	#   the close notify alert from client. When you need a different shutdown
+	#   approach you can use one of the following variables:
+	#   o ssl-unclean-shutdown:
+	#     This forces an unclean shutdown when the connection is closed, i.e. no
+	#     SSL close notify alert is send or allowed to received.  This violates
+	#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+	#     this when you receive I/O errors because of the standard approach where
+	#     mod_ssl sends the close notify alert.
+	#   o ssl-accurate-shutdown:
+	#     This forces an accurate shutdown when the connection is closed, i.e. a
+	#     SSL close notify alert is send and mod_ssl waits for the close notify
+	#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+	#     practice often causes hanging connections with brain-dead browsers. Use
+	#     this only for browsers where you know that their SSL implementation
+	#     works correctly.
+	#   Notice: Most problems of broken clients are also related to the HTTP
+	#   keep-alive facility, so you usually additionally want to disable
+	#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+	#   "force-response-1.0" for this.
+	BrowserMatch "MSIE [2-6]" \
+		nokeepalive ssl-unclean-shutdown \
+		downgrade-1.0 force-response-1.0
+	# MSIE 7 and newer should be able to use keepalive
+	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+    #   Per-Server Logging:
+    #   The home of a custom SSL log file. Use this when you want a
+    #   compact non-error SSL logfile on a virtual host basis.
+    CustomLog /var/log/apache2/jogamp.org-ssl-request.log \
+              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined
+
+    # configures the footer on server-generated documents
+    ServerSignature On
+
+	<Directory "/srv/www/jogamp.org">
+	    Options Indexes FollowSymLinks
+	    AllowOverride All
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+#	ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla"
+	<Directory /srv/www/jogamp.org/bugzilla>
+	    AddHandler cgi-script .cgi
+	    Options +Indexes +ExecCGI -MultiViews +FollowSymLinks
+	    DirectoryIndex index.cgi
+        AllowOverride Limit FileInfo Indexes
+    </Directory>
+
+    SetEnv GIT_PROJECT_ROOT /srv/scm
+    SetEnv GIT_HTTP_EXPORT_ALL
+    ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+	<Directory "/srv/www/jogamp.org/git">
+       DirectoryIndex gitweb.cgi
+       Allow from all
+       AllowOverride all
+       Order allow,deny
+       Options ExecCGI
+       <Files gitweb.cgi>
+       SetHandler cgi-script
+       </Files>
+       SetEnv  GITWEB_CONFIG  /srv/scm/gitweb.conf
+    </Directory>
+
+	Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+	<Directory "/srv/www/jogamp.org/icons">
+	    Options Indexes MultiViews
+	    AllowOverride None
+	    Order allow,deny
+	    Allow from all
+	</Directory>
+
+    #
+    # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+    #
+    ProxyRequests     Off
+    ProxyPreserveHost On
+
+    # Local reverse proxy authorization override
+    # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+    <Proxy http://127.0.0.1:8080/chuck*>
+      Order deny,allow
+      Allow from all
+    </Proxy>
+
+    ProxyPass         /chuck  http://127.0.0.1:8080/chuck
+    ProxyPassReverse  /chuck  http://127.0.0.1:8080/chuck
+    ProxyPassReverse  /chuck  http://jogamp.org/chuck
+
+#   ProxyPass /chuck/ http://127.0.0.1:8080/chuck/
+#   <Location /chuck/>
+#     ProxyPassReverse /
+#     Order deny,allow
+#     Allow from all
+#   </Location>
+    Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/
+
+</VirtualHost>                                  
+
+<VirtualHost *:443>
+    ServerName jogamp.com
+    ServerAlias *.jogamp.com
+    ServerPath /jogamp.org/
+    SSLEngine on
+    ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log
+    CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined
+
+    SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+    SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+    RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+    RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+</VirtualHost>
+