jlengrand/gitlab-recipes
1
0
Fork 0
mirror of https://github.com/jlengrand/gitlab-recipes.git synced 2026-03-10 08:11:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

More secure SSL and defined errordocuments

Browse Source 
Now ErrorDocuments use GitLab error documents.  When the backend
service is down (i.e. Unicorn) then Apache will show a GitLab
maintenance page (error 503).  Other errors (404, 422, 500) are
also included in the rewrite.

Updated SSL ciphers so that only the strongest SSL ciphers are
allowed.  This is primarily a security update for allowed
encryption ciphers.
This commit is contained in:
Sam Gleske
2013-09-24 14:15:03 -04:00
parent 0bdd1843df
commit e2c8ca3888
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
web-server/apache/gitlab.conf
View File

@@ -16,7 +16,9 @@
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:-MEDIUM:!LOW:-SSLv2
#strong encryption ciphers only
#see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateFile /etc/httpd/ssl.crt/gitlab.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/gitlab.example.com.key
SSLCACertificateFile /etc/httpd/ssl.crt/incommon-ca.crt
@@ -44,6 +46,12 @@
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
<Location />
Order deny,allow
Allow from all