Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@gitlab:/etc/apache2/sites-available# cat gitlab.conf
- # This configuration has been tested on GitLab 8.2
- # Note this config assumes unicorn is listening on default port 8080 and
- # gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
- # listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
- #
- # gitlab_workhorse['listen_network'] = "tcp"
- # gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
- #
- #Module dependencies
- # mod_rewrite
- # mod_ssl
- # mod_proxy
- # mod_proxy_http
- # mod_headers
- # This section is only needed if you want to redirect http traffic to https.
- # You can live without it but clients will have to type in https:// to reach gitlab.
- <VirtualHost *:80>
- ServerName gitlab.omniteklabs.com
- ServerSignature Off
- RewriteEngine on
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
- </VirtualHost>
- <VirtualHost *:443>
- SSLEngine on
- #strong encryption ciphers only
- #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
- SSLProtocol all -SSLv2
- SSLHonorCipherOrder on
- SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- SSLCompression Off
- SSLCertificateFile /etc/letsencrypt/live/gitlab.omniteklabs.com/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/gitlab.omniteklabs.com/privkey.pem
- #SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
- ServerName gitlab.omniteklabs.com
- ServerSignature Off
- ProxyPreserveHost On
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes NoDecode
- <Location />
- # New authorization commands for apache 2.4 and up
- # http://httpd.apache.org/docs/2.4/upgrading.html#access
- Require all granted
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- ProxyPassReverse http://gitlab.omniteklabs.com/
- </Location>
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
- #Forward all requests to gitlab-workhorse except existing files like error documents
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads/.*
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
- # needed for downloading attachments
- DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 502 /502.html
- ErrorDocument 503 /503.html
- # It is assumed that the log directory is in /var/log/httpd.
- # For Debian distributions you might want to change this to
- # /var/log/apache2.
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
- ErrorLog /var/log/apache2/logs/gitlab.omniteklabs.com_error.log
- CustomLog /var/log/apache2/logs/gitlab.omniteklabs.com_forwarded.log common_forwarded
- CustomLog /var/log/apache2/logs/gitlab.omniteklabs.com_access.log combined env=!dontlog
- CustomLog /var/log/apache2/logs/gitlab.omniteklabs.com.log combined
- </VirtualHost>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement