Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <VirtualHost *:443>
- # ssl setup
- SSLEngine ON
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder On
- SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNU$
- SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
- ServerName sub.domain.com
- ServerAlias www.sub.domain.com
- ServerSignature Off
- ProxyPreserveHost On
- # Ensure that encoded slashes are not decoded but left in their encoded state.
- # http://doc.gitlab.com/ce/api/projects.html#get-single-project
- AllowEncodedSlashes On
- <Location />
- Order deny,allow
- Allow from all
- #Allow forwarding to gitlab-workhorse
- ProxyPassReverse http://127.0.0.1:8181
- #Allow forwarding to GitLab Rails app (Unicorn)
- ProxyPassReverse http://127.0.0.1:8080
- ProxyPassReverse http://sub.overlordgt.xyz/
- </Location>
- # Apache equivalent of nginx try files
- # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
- # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
- RewriteEngine on
- #Forward these requests to gitlab-workhorse
- RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects.* [OR]
- RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/builds/download.* [OR]
- RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
- RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
- RewriteCond %{REQUEST_URI} ^/ci/api/v1/builds/[0-9]+/artifacts.* [OR]
- RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
- RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
- #Forward any other requests to GitLab Rails app (Unicorn)
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
- RewriteCond %{REQUEST_URI} ^/uploads
- RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
- # needed for downloading attachments
- DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
- #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
- ErrorDocument 404 /404.html
- ErrorDocument 422 /422.html
- ErrorDocument 500 /500.html
- ErrorDocument 503 /deploy.html
- </VirtualHost>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement