Skip to content

Instantly share code, notes, and snippets.

@lesstif

lesstif/gitlab.conf

Last active August 29, 2015 14:06
Show Gist options
  • Save lesstif/1a977e5fed63394d4dda to your computer and use it in GitHub Desktop.
Save lesstif/1a977e5fed63394d4dda to your computer and use it in GitHub Desktop.
Download ZIP
/etc/httpd/conf.d/gitlab.conf for CentOS apache httpd
Raw
gitlab.conf
#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
# mod_rewrite
# mod_ssl
# mod_proxy
# mod_proxy_http
# mod_headers
NameVirtualHost *:443
# This section is only needed if you want to redirect http traffic to https.
# You can live without it but clients will have to type in https:// to reach gitlab.
<VirtualHost *:80>
ServerName gitlab.example.com
ServerSignature Off
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8085/
ProxyPassReverse / http://127.0.0.1:8085
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog logs/gitlab.example.com_error.log
CustomLog logs/gitlab.example.com_forwarded.log common_forwarded
CustomLog logs/gitlab.example.com_access.log combined env=!dontlog
CustomLog logs/gitlab.example.com.log combined
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
#strong encryption ciphers only
#see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
ServerName gitlab.example.com
ServerSignature Off
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
# http://doc.gitlab.com/ce/api/projects.html#get-single-project
## apache 2.2.15 not support.
## AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:8085
ProxyPassReverse / http://127.0.0.1:8085
<Location />
Order deny,allow
Allow from all
</Location>
#apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8085%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog logs/gitlab.example.com_error.log
CustomLog logs/gitlab.example.com_forwarded.log common_forwarded
CustomLog logs/gitlab.example.com_access.log combined env=!dontlog
CustomLog logs/gitlab.example.com.log combined
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment