Advertisement
cadtek

gitlab.conf

Mar 24th, 2018
72
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.58 KB | None | 0 0
  1. root@gitlab:/etc/apache2/sites-available# cat gitlab.conf
  2. # This configuration has been tested on GitLab 8.2
  3. # Note this config assumes unicorn is listening on default port 8080 and
  4. # gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
  5. # listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
  6. #
  7. # gitlab_workhorse['listen_network'] = "tcp"
  8. # gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
  9. #
  10. #Module dependencies
  11. # mod_rewrite
  12. # mod_ssl
  13. # mod_proxy
  14. # mod_proxy_http
  15. # mod_headers
  16. # This section is only needed if you want to redirect http traffic to https.
  17. # You can live without it but clients will have to type in https:// to reach gitlab.
  18. <VirtualHost *:80>
  19. ServerName gitlab.omniteklabs.com
  20. ServerSignature Off
  21. RewriteEngine on
  22. RewriteCond %{HTTPS} !=on
  23. RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
  24. </VirtualHost>
  25. <VirtualHost *:443>
  26. SSLEngine on
  27. #strong encryption ciphers only
  28. #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
  29. SSLProtocol all -SSLv2
  30. SSLHonorCipherOrder on
  31. SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
  32. Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
  33. SSLCompression Off
  34. SSLCertificateFile /etc/letsencrypt/live/gitlab.omniteklabs.com/fullchain.pem
  35. SSLCertificateKeyFile /etc/letsencrypt/live/gitlab.omniteklabs.com/privkey.pem
  36. #SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
  37. ServerName gitlab.omniteklabs.com
  38. ServerSignature Off
  39. ProxyPreserveHost On
  40. # Ensure that encoded slashes are not decoded but left in their encoded state.
  41. # http://doc.gitlab.com/ce/api/projects.html#get-single-project
  42. AllowEncodedSlashes NoDecode
  43. <Location />
  44. # New authorization commands for apache 2.4 and up
  45. # http://httpd.apache.org/docs/2.4/upgrading.html#access
  46. Require all granted
  47. #Allow forwarding to gitlab-workhorse
  48. ProxyPassReverse http://127.0.0.1:8181
  49. ProxyPassReverse http://gitlab.omniteklabs.com/
  50. </Location>
  51. # Apache equivalent of nginx try files
  52. # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
  53. # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  54. RewriteEngine on
  55. #Forward all requests to gitlab-workhorse except existing files like error documents
  56. RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
  57. RewriteCond %{REQUEST_URI} ^/uploads/.*
  58. RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
  59. RequestHeader set X_FORWARDED_PROTO 'https'
  60. RequestHeader set X-Forwarded-Ssl on
  61. # needed for downloading attachments
  62. DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
  63. #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
  64. ErrorDocument 404 /404.html
  65. ErrorDocument 422 /422.html
  66. ErrorDocument 500 /500.html
  67. ErrorDocument 502 /502.html
  68. ErrorDocument 503 /503.html
  69. # It is assumed that the log directory is in /var/log/httpd.
  70. # For Debian distributions you might want to change this to
  71. # /var/log/apache2.
  72. LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  73. ErrorLog /var/log/apache2/logs/gitlab.omniteklabs.com_error.log
  74. CustomLog /var/log/apache2/logs/gitlab.omniteklabs.com_forwarded.log common_forwarded
  75. CustomLog /var/log/apache2/logs/gitlab.omniteklabs.com_access.log combined env=!dontlog
  76. CustomLog /var/log/apache2/logs/gitlab.omniteklabs.com.log combined
  77. </VirtualHost>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement