Created
August 10, 2014 07:31
-
-
Save yuuan/6aae83dd703017a4bbd8 to your computer and use it in GitHub Desktop.
https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/gitlab-ssl.conf を少しいじったもの。詳しくは http://www.yuuan.net/item/895
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1 | |
| #Note this config assumes unicorn is listening on default port 8080. | |
| #Module dependencies | |
| # mod_rewrite | |
| # mod_ssl | |
| # mod_proxy | |
| # mod_proxy_http | |
| # mod_headers | |
| # This section is only needed if you want to redirect http traffic to https. | |
| # You can live without it but clients will have to type in https:// to reach gitlab. | |
| <VirtualHost *:80> | |
| ServerName gitlab.example.com | |
| ServerSignature Off | |
| # DocumentRoot /home/git/gitlab/public | |
| # ProxyPass / http://localhost:8080/ timeout=300 | |
| # ProxyPassReverse / http://localhost:8080/ | |
| RewriteEngine on | |
| RewriteCond %{HTTPS} !=on | |
| RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] | |
| ErrorLog /var/log/httpd/gitlab/error_log | |
| TransferLog /var/log/httpd/gitlab/access_log | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| SSLEngine on | |
| #strong encryption ciphers only | |
| #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html | |
| SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL | |
| SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt | |
| SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key | |
| # SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt | |
| ServerName gitlab.example.com | |
| ServerSignature Off | |
| ProxyPreserveHost On | |
| # Ensure that encoded slashes are not decoded but left in their encoded state. | |
| # http://doc.gitlab.com/ce/api/projects.html#get-single-project | |
| # AllowEncodedSlashes NoDecode | |
| <Location /> | |
| Order deny,allow | |
| Allow from all | |
| ProxyPassReverse http://127.0.0.1:8080 | |
| ProxyPassReverse http://gitlab.example.com/ | |
| </Location> | |
| #apache equivalent of nginx try files | |
| # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files | |
| # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab | |
| RewriteEngine on | |
| RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
| RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA] | |
| RequestHeader set X_FORWARDED_PROTO 'https' | |
| # needed for downloading attachments | |
| DocumentRoot /home/git/gitlab/public | |
| #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. | |
| ErrorDocument 404 /404.html | |
| ErrorDocument 422 /422.html | |
| ErrorDocument 500 /500.html | |
| ErrorDocument 503 /deploy.html | |
| LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded | |
| ErrorLog /var/log/httpd/gitlab/error_log | |
| CustomLog /var/log/httpd/gitlab/forwarded.log common_forwarded | |
| CustomLog /var/log/httpd/gitlab/access.log combined env=!dontlog | |
| CustomLog /var/log/httpd/gitlab/log combined | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment