diff options
author | Lopo | 2015-12-08 13:06:11 +0100 |
---|---|---|
committer | Lopo | 2015-12-08 13:06:11 +0100 |
commit | 1d4d59072c72c95003114d90077e3611ff2d54fa (patch) | |
tree | 9238fe4dbaf1627e4e8bb6e88c2e878b8e805d29 /apache2.2-ssl.conf.example | |
parent | 2ee287d69163a3499730a18f3e9ce5c54e59eb4b (diff) | |
download | aur-1d4d59072c72c95003114d90077e3611ff2d54fa.tar.gz |
v8.0.5
Diffstat (limited to 'apache2.2-ssl.conf.example')
-rw-r--r-- | apache2.2-ssl.conf.example | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/apache2.2-ssl.conf.example b/apache2.2-ssl.conf.example new file mode 100644 index 000000000000..d32c1d9171e0 --- /dev/null +++ b/apache2.2-ssl.conf.example @@ -0,0 +1,64 @@ +#Note this config assumes unicorn is listening on default port 8081. +#Module dependencies +# mod_rewrite +# mod_ssl +# mod_proxy +# mod_proxy_http +# mod_headers + +# This section is only needed if you want to redirect http traffic to https. +# You can live without it but clients will have to type in https:// to reach gitlab CI. +<VirtualHost *:80> + ServerName gitlabci.example.com + ServerSignature Off + + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] +</VirtualHost> + +<VirtualHost *:443> + SSLEngine on + #strong encryption ciphers only + #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html + SSLCipherSuite !SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL + SSLCertificateFile /etc/httpd/ssl.crt/gitlabci.example.com.crt + SSLCertificateKeyFile /etc/httpd/ssl.key/gitlabci.example.com.key + SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt + + ServerName gitlabci.example.com + ServerSignature Off + + ProxyPreserveHost On + + <Location /> + Order deny,allow + Allow from all + + ProxyPassReverse http://127.0.0.1:8081 + ProxyPassReverse http://gitlabci.example.com/ + </Location> + + #apache equivalent of nginx try files + # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files + # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab + RewriteEngine on + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f + RewriteRule .* http://127.0.0.1:8081%{REQUEST_URI} [P,QSA] + RequestHeader set X_FORWARDED_PROTO 'https' + + # needed for downloading attachments + DocumentRoot /usr/share/webapps/gitlab-ci/public + + #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. + ErrorDocument 404 /404.html + ErrorDocument 422 /422.html + ErrorDocument 500 /500.html + ErrorDocument 503 /deploy.html + + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded + ErrorLog /var/log/httpd/logs/gitlabci.example.com_error.log + CustomLog /var/log/httpd/logs/gitlabci.example.com_forwarded.log common_forwarded + CustomLog /var/log/httpd/logs/gitlabci.example.com_access.log combined env=!dontlog + CustomLog /var/log/httpd/logs/gitlabci.example.com.log combined +</VirtualHost> |