Merge pull request #125 from sag47/sam-contrib

A better Apache httpd config for GitLab 6

web-server/apache/gitlab.conf

@@ -1,66 +1,58 @@
-# Requires apache modules: mod_proxy and mod_proxy_http
-# In Debian based distros enable with: sudo a2enmod mod_proxy mod_proxy_http
-# Change ServerName to your fqdn
-#
-# You need to run openssl to generate a self-signed ssl certificate:
-# cd /etc/apache2 (or /etc/httpd)
-# sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
-# sudo chmod o-r gitlab.key
-
+#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
+#Note this config assumes unicorn is listening on default port 8080.
+#Module dependencies
+#  mod_rewrite
+#  mod_ssl
+#  mod_proxy
+#  mod_proxy_balancer
+#  mod_proxy_http
 <VirtualHost *:80>
-	ServerName gitlab.example.com
-	#ServerAlias git.example.com
-
-	# Uncomment the following 3 lines if you want to redirect HTTP to HTTPS
-
-	#RewriteEngine   on
-	#RewriteCond     %{SERVER_PORT} ^80$
-	#RewriteRule     ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
-	
-	ProxyPass /uploads !
-	ProxyPass /error !
-	
-	# If you use puma, see https://github.com/gitlabhq/gitlab-recipes/blob/master/web-server/apache/README.md
-	ProxyPass / http://127.0.0.1:8080/
-	ProxyPassReverse / http://127.0.0.1:8080/
-	ProxyPreserveHost On
-
-	CustomLog /var/log/apache2/gitlab/access.log combined
-	ErrorLog  /var/log/apache2/gitlab/error.log
-
-	# Modify path to your needs (needed for downloading attachments)
-	DocumentRoot /home/git/gitlab/public
-
-	<Location />
-		Order allow,deny
-		Allow from all
-	</Location>
+  ServerName gitlab.example.com
+  ServerSignature Off
 
+  RewriteEngine on
+  RewriteCond %{HTTPS} !=on
+  RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
 </VirtualHost>
-
 <VirtualHost *:443>
-	ServerName gitlab.example.com
-	ServerAdmin gitlab@example.com
+  SSLEngine on
+  SSLCipherSuite ALL:!ADH:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:-MEDIUM:!LOW:-SSLv2
+  SSLCertificateFile    /etc/httpd/ssl.crt/gitlab.example.com.crt
+  SSLCertificateKeyFile /etc/httpd/ssl.key/gitlab.example.com.key
+  SSLCACertificateFile  /etc/httpd/ssl.crt/incommon-ca.crt
 
-	SSLEngine On
-	SSLCertificateFile /etc/apache2/gitlab.crt
-	SSLCertificateKeyFile /etc/apache2/gitlab.key
+  ServerName gitlab.example.com
+  ServerSignature Off
 
-	ProxyPass /uploads !
-	ProxyPass /error !
-	ProxyPass / http://127.0.0.1:8080/
-	ProxyPassReverse / http://127.0.0.1:8080/
-	ProxyPreserveHost On
+  #apache equivalent of nginx try files
+  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
+  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
+  RewriteEngine on
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+  RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]
 
-	CustomLog /var/log/apache2/gitlab/access.log combined
-	ErrorLog  /var/log/apache2/gitlab/error.log
+  ProxyPreserveHost On
+  ProxyPass /uploads !
+  ProxyPass /error !
 
-	# Modify path to your needs (needed for downloading attachments)
-	DocumentRoot /home/git/gitlab/public
+  <Proxy balancer://unicornservers>
+    BalancerMember http://127.0.0.1:8080
+    ProxyPassReverse http://127.0.0.1:8080
+    ProxyPassReverse http://gitlab.example.com:8080
+  </Proxy>
 
-	<Location />
-		Order allow,deny
-		Allow from all
-	</Location>
+  # needed for downloading attachments
+  DocumentRoot /home/git/gitlab/public
+
+  <Location />
+    Order deny,allow
+    Allow from all
+  </Location>
+
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog  /var/log/httpd/logs/gitlab.example.com_error.log
+  CustomLog /var/log/httpd/logs/gitlab.example.com_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/gitlab.example.com_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/gitlab.example.com.log combined
 
 </VirtualHost>