jlengrand/gitlab-recipes
1
0
Fork 0
mirror of https://github.com/jlengrand/gitlab-recipes.git synced 2026-03-10 15:50:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
05acc57c3308f3837d3f2acb67a38ebff1c4b00d
gitlab-recipes/web-server/apache/gitlab-ssl.conf
semiosis 05acc57c33 Simplified & improved apache proxy config 
Previously there was an unnecessary redirect before & after sign-in to http.  This new configuration eliminates that leak, and is easier to read.
2013-10-03 13:27:24 -04:00

60 lines
2.0 KiB
Plaintext
Raw Blame History

#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
# mod_rewrite
# mod_ssl
# mod_proxy
# mod_proxy_http
# This section is only needed if you want to redirect http traffic to https.
# You can live without it but clients will have to type in https:// to reach gitlab.
<VirtualHost *:80>
ServerName gitlab.example.com
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
#strong encryption ciphers only
#see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateFile /etc/httpd/ssl.crt/gitlab.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/gitlab.example.com.key
SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
ServerName gitlab.example.com
ServerSignature Off
ProxyPreserveHost On
ProxyPassReverse / http://gitlab.example.com/
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ http://127.0.0.1:9292%{REQUEST_URI} [P,QSA]
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
<Location />
Order deny,allow
Allow from all
</Location>
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/httpd/logs/gitlab.example.com_error.log
CustomLog /var/log/httpd/logs/gitlab.example.com_forwarded.log common_forwarded
CustomLog /var/log/httpd/logs/gitlab.example.com_access.log combined env=!dontlog
CustomLog /var/log/httpd/logs/gitlab.example.com.log combined
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink