From 05acc57c3308f3837d3f2acb67a38ebff1c4b00d Mon Sep 17 00:00:00 2001 From: semiosis Date: Thu, 3 Oct 2013 13:27:24 -0400 Subject: [PATCH] Simplified & improved apache proxy config Previously there was an unnecessary redirect before & after sign-in to http. This new configuration eliminates that leak, and is easier to read. --- web-server/apache/gitlab-ssl.conf | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/web-server/apache/gitlab-ssl.conf b/web-server/apache/gitlab-ssl.conf index d8cdeab..ca296a6 100644 --- a/web-server/apache/gitlab-ssl.conf +++ b/web-server/apache/gitlab-ssl.conf @@ -4,8 +4,10 @@ # mod_rewrite # mod_ssl # mod_proxy -# mod_proxy_balancer # mod_proxy_http + +# This section is only needed if you want to redirect http traffic to https. +# You can live without it but clients will have to type in https:// to reach gitlab. ServerName gitlab.example.com ServerSignature Off @@ -14,6 +16,7 @@ RewriteCond %{HTTPS} !=on RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L] + SSLEngine on #strong encryption ciphers only @@ -26,22 +29,12 @@ ServerName gitlab.example.com ServerSignature Off - #apache equivalent of nginx try files - # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files - # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab + ProxyPreserveHost On + ProxyPassReverse / http://gitlab.example.com/ + RewriteEngine on RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f - RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L] - - ProxyPreserveHost On - ProxyPass /uploads ! - ProxyPass /error ! - - - BalancerMember http://127.0.0.1:8080 - ProxyPassReverse http://127.0.0.1:8080 - ProxyPassReverse http://gitlab.example.com:8080 - + RewriteRule ^/(.*)$ http://127.0.0.1:9292%{REQUEST_URI} [P,QSA] # needed for downloading attachments DocumentRoot /home/git/gitlab/public