# Note this config assumes unicorn is listening on port 9737.
# Module dependencies
# mod_rewrite
# mod_ssl
# mod_proxy
# mod_proxy_http
# mod_headers
# This section is only needed if you want to redirect http traffic to https.
# You can live without it but clients will have to type in https:// to reach discourse.
ServerName discourse.example.com
ServerSignature Off
# Include the trailing slash!
Redirect permanent / https://discourse.example.com/
SSLEngine on
# strong encryption ciphers only
# see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLCompression Off
SSLCertificateFile /etc/httpd/ssl.crt/discourse.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/discourse.example.com.key
SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
ServerName discourse.example.com
ServerSignature Off
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
# http://doc.discourse.com/ce/api/projects.html#get-single-project
AllowEncodedSlashes NoDecode
# New authorization commands for apache 2.4 and up
# http://httpd.apache.org/docs/2.4/upgrading.html#access
Require all granted
ProxyPassReverse http://127.0.0.1:9737
ProxyPassReverse http://discourse.example.com/
# Set caching headers here, providing advice to downstream cache
Header set Cache-Control "public, max-age = 604800"
# apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:9737%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
# needed for downloading attachments
DocumentRoot /usr/share/webapps/discourse/public
# Set up apache error documents, if back end goes down an error page is thrown up.
ErrorDocument 403 /403.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /503.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/httpd/logs/discourse.example.com_error.log
CustomLog /var/log/httpd/logs/discourse.example.com_forwarded.log common_forwarded
CustomLog /var/log/httpd/logs/discourse.example.com_access.log combined env=!dontlog
CustomLog /var/log/httpd/logs/discourse.example.com.log combined