rhodecode-enterprise-ce Files · docs/admin/nginx-config-example.rst

login: Make register views more robust if some POST parameters are missing. We fail to delete passsword/password confirm parameters if they are not part of the POST parameters. But failing to delete them if they are not present seems wrong. Better silently ignore if they are not present.

marcink - - Load All Authors

File last commit:

r636:546e87c2 default


                r1065:64aae6b3

default

Download file

             nginx-config-example.rst
        
                    119 lines
            
             | 5.2 KiB
            
                | text/x-rst
            
             |
                RstLexer
            
             / docs / admin / nginx-config-example.rst
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
project: added all source files and assets

              r1
            
      Nginx Configuration Example

      ---------------------------

      Use the following example to configure Nginx as a your web server.

      .. code-block:: nginx

        marcink
    
docs: updated nginx example...

              r636
            
          log_format log_custom '$remote_addr - $remote_user [$time_local] '

                                '"$request" $status $body_bytes_sent '

                                '"$http_referer" "$http_user_agent" '

                                '$request_time $upstream_response_time $pipe';

        marcink
    
project: added all source files and assets

              r1
            
          upstream rc {

        marcink
    
docs: updated apache/nginx configs

              r120
            
              server 127.0.0.1:10002;

        marcink
    
project: added all source files and assets

              r1
            
              # add more instances for load balancing

        marcink
    
docs: updated apache/nginx configs

              r120
            
              # server 127.0.0.1:10003;

              # server 127.0.0.1:10004;

        marcink
    
project: added all source files and assets

              r1
            
          }

        marcink
    
docs: updated nginx example...

              r636
            
          ## gist alias server, for serving nicer GIST urls

        marcink
    
project: added all source files and assets

              r1
            
          server {

              listen          443;

              server_name     gist.myserver.com;

        marcink
    
docs: updated nginx example...

              r636
            
              access_log      /var/log/nginx/gist.access.log log_custom;

        marcink
    
project: added all source files and assets

              r1
            
              error_log       /var/log/nginx/gist.error.log;

              ssl on;

              ssl_certificate     gist.rhodecode.myserver.com.crt;

              ssl_certificate_key gist.rhodecode.myserver.com.key;

              ssl_session_timeout 5m;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        marcink
    
project: added all source files and assets

              r1
            
              ssl_prefer_server_ciphers on;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

        marcink
    
project: added all source files and assets

              r1
            
              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

              # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

        marcink
    
docs: updated nginx example...

              r636
            
              #ssl_dhparam /etc/nginx/ssl/dhparam.pem;

        marcink
    
project: added all source files and assets

              r1
            
              rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;

              rewrite (.*)    https://rhodecode.myserver.com/_admin/gists;

          }

        marcink
    
docs: updated nginx example...

              r636
            
          ## HTTP to HTTPS rewrite

        marcink
    
project: added all source files and assets

              r1
            
          server {

        marcink
    
docs: updated nginx example...

              r636
            
              listen          80;

        marcink
    
project: added all source files and assets

              r1
            
              server_name     rhodecode.myserver.com;

        marcink
    
docs: updated nginx example...

              r636
            
              if ($http_host = rhodecode.myserver.com) {

                  rewrite  (.*)  https://rhodecode.myserver.com$1 permanent;

              }

          }

          ## MAIN SSL enabled server

          server {

              listen       443 ssl;

              server_name  rhodecode.myserver.com;

              access_log   /var/log/nginx/rhodecode.access.log log_custom;

              error_log    /var/log/nginx/rhodecode.error.log;

        marcink
    
project: added all source files and assets

              r1
            
              ssl on;

              ssl_certificate     rhodecode.myserver.com.crt;

              ssl_certificate_key rhodecode.myserver.com.key;

              ssl_session_timeout 5m;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        marcink
    
project: added all source files and assets

              r1
            
              ssl_prefer_server_ciphers on;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

        marcink
    
project: added all source files and assets

              r1
            
        marcink
    
docs: updated nginx example...

              r636
            
              # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

              #ssl_dhparam /etc/nginx/ssl/dhparam.pem;

        marcink
    
project: added all source files and assets

              r1
            
        marcink
    
docs: updated nginx example...

              r636
            
              include     /etc/nginx/proxy.conf;

              ## serve static files by nginx, recommended

        marcink
    
static: change static path to serve rhodecode static assets from...

              r522
            
              # location /_static/rhodecode {

        dan
    
docs: update example nginx/apache configs to use .rccontrol static path

              r457
            
              #    alias /path/to/.rccontrol/enterprise-1/static;

        dan
    
config: update ini/config files to account for /_static path

              r456
            
              # }

        marcink
    
docs: updated apache/nginx configs

              r120
            
        marcink
    
docs: added channelstream example

              r477
            
              ## channel stream live components

              location /_channelstream {

                  rewrite /_channelstream/(.*) /$1 break;

        marcink
    
docs: updated nginx example...

              r636
            
                  proxy_pass                  http://127.0.0.1:9800;

        marcink
    
docs: added channelstream example

              r477
            
                  proxy_connect_timeout        10;

                  proxy_send_timeout           10m;

                  proxy_read_timeout           10m;

        marcink
    
docs: updated nginx example...

              r636
            
                  tcp_nodelay                  off;

        marcink
    
docs: added channelstream example

              r477
            
                  proxy_set_header             Host $host;

                  proxy_set_header             X-Real-IP $remote_addr;

        marcink
    
docs: updated nginx example...

              r636
            
                  proxy_set_header             X-Url-Scheme $scheme;

                  proxy_set_header             X-Forwarded-Proto $scheme;

                  proxy_set_header             X-Forwarded-For $proxy_add_x_forwarded_for;

        marcink
    
docs: added channelstream example

              r477
            
                  gzip                         off;

                  proxy_http_version           1.1;

                  proxy_set_header Upgrade     $http_upgrade;

                  proxy_set_header Connection  "upgrade";

              }

        marcink
    
docs: updated apache/nginx configs

              r120
            
              location / {

                  try_files $uri @rhode;

              }

        marcink
    
project: added all source files and assets

              r1
            
        marcink
    
docs: added channelstream example

              r477
            
              location @rhode {

                  proxy_pass      http://rc;

              }

        marcink
    
docs: updated nginx example...

              r636
            
              ## custom 502 error page

              error_page 502 /502.html;

              location = /502.html {

                 root  /path/to/.rccontrol/enterprise-1/static;

              }

          }

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink project: added all source files and assets	r1	Nginx Configuration Example
		---------------------------

		Use the following example to configure Nginx as a your web server.

		.. code-block:: nginx

marcink docs: updated nginx example...	r636	log_format log_custom '$remote_addr - $remote_user [$time_local] '
		'"$request" $status $body_bytes_sent '
		'"$http_referer" "$http_user_agent" '
		'$request_time $upstream_response_time $pipe';

marcink project: added all source files and assets	r1	upstream rc {

marcink docs: updated apache/nginx configs	r120	server 127.0.0.1:10002;
marcink project: added all source files and assets	r1
		# add more instances for load balancing
marcink docs: updated apache/nginx configs	r120	# server 127.0.0.1:10003;
		# server 127.0.0.1:10004;
marcink project: added all source files and assets	r1	}

marcink docs: updated nginx example...	r636	## gist alias server, for serving nicer GIST urls
marcink project: added all source files and assets	r1
		server {
		listen 443;
		server_name gist.myserver.com;
marcink docs: updated nginx example...	r636	access_log /var/log/nginx/gist.access.log log_custom;
marcink project: added all source files and assets	r1	error_log /var/log/nginx/gist.error.log;

		ssl on;
		ssl_certificate gist.rhodecode.myserver.com.crt;
		ssl_certificate_key gist.rhodecode.myserver.com.key;

		ssl_session_timeout 5m;

marcink docs: updated nginx example...	r636	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
marcink project: added all source files and assets	r1	ssl_prefer_server_ciphers on;
marcink docs: updated nginx example...	r636	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

marcink project: added all source files and assets	r1	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

		# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
marcink docs: updated nginx example...	r636	#ssl_dhparam /etc/nginx/ssl/dhparam.pem;
marcink project: added all source files and assets	r1
		rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
		rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
		}

marcink docs: updated nginx example...	r636	## HTTP to HTTPS rewrite
marcink project: added all source files and assets	r1	server {
marcink docs: updated nginx example...	r636	listen 80;
marcink project: added all source files and assets	r1	server_name rhodecode.myserver.com;
marcink docs: updated nginx example...	r636
		if ($http_host = rhodecode.myserver.com) {
		rewrite (.*) https://rhodecode.myserver.com$1 permanent;
		}
		}

		## MAIN SSL enabled server
		server {
		listen 443 ssl;
		server_name rhodecode.myserver.com;

		access_log /var/log/nginx/rhodecode.access.log log_custom;
		error_log /var/log/nginx/rhodecode.error.log;
marcink project: added all source files and assets	r1
		ssl on;
		ssl_certificate rhodecode.myserver.com.crt;
		ssl_certificate_key rhodecode.myserver.com.key;

		ssl_session_timeout 5m;

marcink docs: updated nginx example...	r636	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
marcink project: added all source files and assets	r1	ssl_prefer_server_ciphers on;
marcink docs: updated nginx example...	r636	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
marcink project: added all source files and assets	r1
marcink docs: updated nginx example...	r636	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
		#ssl_dhparam /etc/nginx/ssl/dhparam.pem;
marcink project: added all source files and assets	r1
marcink docs: updated nginx example...	r636	include /etc/nginx/proxy.conf;

		## serve static files by nginx, recommended
marcink static: change static path to serve rhodecode static assets from...	r522	# location /_static/rhodecode {
dan docs: update example nginx/apache configs to use .rccontrol static path	r457	# alias /path/to/.rccontrol/enterprise-1/static;
dan config: update ini/config files to account for /_static path	r456	# }
marcink docs: updated apache/nginx configs	r120
marcink docs: added channelstream example	r477	## channel stream live components
		location /_channelstream {
		rewrite /_channelstream/(.*) /$1 break;
marcink docs: updated nginx example...	r636	proxy_pass http://127.0.0.1:9800;

marcink docs: added channelstream example	r477	proxy_connect_timeout 10;
		proxy_send_timeout 10m;
		proxy_read_timeout 10m;
marcink docs: updated nginx example...	r636	tcp_nodelay off;
marcink docs: added channelstream example	r477	proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
marcink docs: updated nginx example...	r636	proxy_set_header X-Url-Scheme $scheme;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
marcink docs: added channelstream example	r477	gzip off;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		}

marcink docs: updated apache/nginx configs	r120	location / {
		try_files $uri @rhode;
		}
marcink project: added all source files and assets	r1
marcink docs: added channelstream example	r477	location @rhode {
		proxy_pass http://rc;
		}
marcink docs: updated nginx example...	r636
		## custom 502 error page
		error_page 502 /502.html;
		location = /502.html {
		root /path/to/.rccontrol/enterprise-1/static;
		}
		}