jlengrand/gitlab-recipes
1
0
Fork 0
mirror of https://github.com/jlengrand/gitlab-recipes.git synced 2026-03-10 08:11:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #132 from sag47/docs-apache_grammar

Browse Source 
apache README grammar corrections
This commit is contained in:
Axilleas Pipinellis
2013-09-25 12:42:58 -07:00
parent e67fcfd400 0a5b0e1b4e
commit ed76508d2d
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
web-server/apache/README.md
View File

@@ -1,12 +1,12 @@
# RHEL6/CentOS6 recommendations
The up-to-date recommended `gitlab.conf` was configured on RHEL 6.4.
The up-to-date recommended [gitlab-ssl.conf](gitlab-ssl.conf) was configured on RHEL 6.4.
## Puma or unicorn?
### unicorn
By default, Unicorn (i.e. `unicorn.rb`) is configured to listen on port `8080` in the gitlabhq documentation. Therefore, [gitlab.conf](gitlab.conf) does that by default.
By default, Unicorn (i.e. `unicorn.rb`) is configured to listen on port `8080` in the gitlabhq documentation. Therefore, [gitlab-ssl.conf](gitlab-ssl.conf) does that by default.
### puma
@@ -14,12 +14,12 @@ Info taken from [PR #87](https://github.com/gitlabhq/gitlab-recipes/pull/87).
As apache's mod_proxy [doesn't support][sock] sockets, the proxy URL must be configured to use tcp instead of unix sockets. `/home/git/gitlab/config/puma.rb` should exist and be configured. Two changes must then be made:
1. In `gitlab.conf` replace `http://127.0.0.1:8080/ ` with `http://0.0.0.0:9292/`
1. In `gitlab-ssl.conf` replace `http://127.0.0.1:8080 ` with `http://0.0.0.0:9292`. Also replace `ProxyPassreverse http://gitlab.example.com:9292`
2. Edit `puma.rb`: comment out `bind 'tcp://0.0.0.0:9292'` and comment `bind "unix://#{application_path}/tmp/sockets/gitlab.socket"`
## Assumptions
It is assumed GitLab will be running in a secure production system. This Apache `httpd` configuration is hardened for that purpose. By default this configuration only allows strong SSL and HTTP is redirected to HTTPS. I self signed certificates are preferred then see below in this document on managing SSL certificates. Also see additional security recommendations located at the bottom of this document for `httpd`. Managing GitLab with plain text HTTP only is not recommended however [gitlab.conf](gitlab.conf) has been provided for that purpose.
It is assumed GitLab will be running in a secure production environment. This Apache `httpd` configuration is hardened for that purpose. By default this configuration only allows strong SSL and HTTP is redirected to HTTPS. If self signed certificates are preferred then see below in this document on managing SSL certificates. Also see additional security recommendations located at the bottom of this document for `httpd`. Managing GitLab with plain text HTTP only is not recommended however [gitlab.conf](gitlab.conf) has been provided for that purpose.
### Encryption assumptions
@@ -35,8 +35,8 @@ There are a few places in [gitlab-ssl.conf](gitlab-ssl.conf) which need to be cu
1. `ServerName` is defined in two VirtualHosts. `ServerName` should be set to host name of the GitLab installation.
2. `SSLCertificateFile`, `SSLCertificateKeyFile`, and `SSLCACertificateFile` should be customized for signed certificates.
3. `ProxyPassReverse http://gitlab.example.com:8080` should be customized for public host name of the GitLab installtion.
4. At the bottom of `gitlab-ssl.conf` log file names defined with `gitlab.example.com`. The log file names should reflect the GitLab installation host name.
3. `ProxyPassReverse http://gitlab.example.com:8080` should be customized for public host name of the GitLab installation.
4. At the bottom of `gitlab-ssl.conf` log file names contain `gitlab.example.com`. The log file names should reflect the GitLab installation host name.
A quicker method is to use `sed` to modify the file.