Skip to content

Instantly share code, notes, and snippets.

@yuuan
Created August 10, 2014 07:31
Show Gist options
  • Save yuuan/6aae83dd703017a4bbd8 to your computer and use it in GitHub Desktop.
Save yuuan/6aae83dd703017a4bbd8 to your computer and use it in GitHub Desktop.
#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
# mod_rewrite
# mod_ssl
# mod_proxy
# mod_proxy_http
# mod_headers
# This section is only needed if you want to redirect http traffic to https.
# You can live without it but clients will have to type in https:// to reach gitlab.
<VirtualHost *:80>
ServerName gitlab.example.com
ServerSignature Off
# DocumentRoot /home/git/gitlab/public
# ProxyPass / http://localhost:8080/ timeout=300
# ProxyPassReverse / http://localhost:8080/
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
ErrorLog /var/log/httpd/gitlab/error_log
TransferLog /var/log/httpd/gitlab/access_log
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
#strong encryption ciphers only
#see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
# SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
ServerName gitlab.example.com
ServerSignature Off
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
# http://doc.gitlab.com/ce/api/projects.html#get-single-project
# AllowEncodedSlashes NoDecode
<Location />
Order deny,allow
Allow from all
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://gitlab.example.com/
</Location>
#apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/httpd/gitlab/error_log
CustomLog /var/log/httpd/gitlab/forwarded.log common_forwarded
CustomLog /var/log/httpd/gitlab/access.log combined env=!dontlog
CustomLog /var/log/httpd/gitlab/log combined
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment