diff options
Diffstat (limited to 'apache-ssl.conf.example')
-rw-r--r-- | apache-ssl.conf.example | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/apache-ssl.conf.example b/apache-ssl.conf.example index d32c1d9171e0..c0ff0d418a5b 100644 --- a/apache-ssl.conf.example +++ b/apache-ssl.conf.example @@ -1,13 +1,13 @@ -#Note this config assumes unicorn is listening on default port 8081. +#Note this config assumes unicorn is listening on port 8081. #Module dependencies -# mod_rewrite -# mod_ssl -# mod_proxy -# mod_proxy_http -# mod_headers +# mod_rewrite +# mod_ssl +# mod_proxy +# mod_proxy_http +# mod_headers # This section is only needed if you want to redirect http traffic to https. -# You can live without it but clients will have to type in https:// to reach gitlab CI. +# You can live without it but clients will have to type in https:// to reach gitlab ci. <VirtualHost *:80> ServerName gitlabci.example.com ServerSignature Off @@ -21,10 +21,14 @@ SSLEngine on #strong encryption ciphers only #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html - SSLCipherSuite !SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL - SSLCertificateFile /etc/httpd/ssl.crt/gitlabci.example.com.crt + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on + SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + SSLCompression Off + SSLCertificateFile /etc/httpd/ssl.crt/gitlabci.example.com.crt SSLCertificateKeyFile /etc/httpd/ssl.key/gitlabci.example.com.key - SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt + SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt ServerName gitlabci.example.com ServerSignature Off @@ -32,8 +36,9 @@ ProxyPreserveHost On <Location /> - Order deny,allow - Allow from all + # New authorization commands for apache 2.4 and up + # http://httpd.apache.org/docs/2.4/upgrading.html#access + Require all granted ProxyPassReverse http://127.0.0.1:8081 ProxyPassReverse http://gitlabci.example.com/ @@ -57,7 +62,7 @@ ErrorDocument 503 /deploy.html LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded - ErrorLog /var/log/httpd/logs/gitlabci.example.com_error.log + ErrorLog /var/log/httpd/logs/gitlabci.example.com_error.log CustomLog /var/log/httpd/logs/gitlabci.example.com_forwarded.log common_forwarded CustomLog /var/log/httpd/logs/gitlabci.example.com_access.log combined env=!dontlog CustomLog /var/log/httpd/logs/gitlabci.example.com.log combined |