##// END OF EJS Templates
deps: bumped pycryptodome==3.21.0 for security issue
deps: bumped pycryptodome==3.21.0 for security issue

File last commit:

r4398:683e15bf default
r5640:acc4336c default
Show More
apache-conf-example.rst
107 lines | 4.0 KiB | text/x-rst | RstLexer
/ docs / admin / system_admin / apache / apache-conf-example.rst
docs: updated documentation structure
r3693 .. _apache-conf-eg:
Apache Configuration Example
----------------------------
Use the following example to configure Apache as a your web server.
Below config if for an Apache Reverse Proxy configuration.
.. note::
Apache requires the following modules to be enabled. Below is an example
how to enable them on Ubuntu Server
.. code-block:: bash
$ sudo a2enmod proxy
$ sudo a2enmod proxy_http
$ sudo a2enmod proxy_balancer
$ sudo a2enmod headers
$ sudo a2enmod ssl
$ sudo a2enmod rewrite
# requires Apache 2.4+, required to handle websockets/channelstream
$ sudo a2enmod proxy_wstunnel
.. code-block:: apache
## HTTP to HTTPS rewrite
<VirtualHost *:80>
ServerName rhodecode.myserver.com
DocumentRoot /var/www/html
Redirect permanent / https://rhodecode.myserver.com/
</VirtualHost>
## MAIN SSL enabled server
<VirtualHost *:443>
ServerName rhodecode.myserver.com
ServerAlias rhodecode.myserver.com
## Skip ProxyPass the _static to backend server
#ProxyPass /_static !
## serve static files by Apache, recommended for performance
#Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static
## Allow Apache to access the static files in this directory
#<Directory /home/ubuntu/.rccontrol/community-1/static/>
# AllowOverride none
# Require all granted
#</Directory>
RequestHeader set X-Forwarded-Proto "https"
## channelstream websocket handling
ProxyPass /_channelstream ws://localhost:9800
ProxyPassReverse /_channelstream ws://localhost:9800
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# Directive to properly generate url (clone url) for RhodeCode
ProxyPreserveHost On
# It allows request bodies to be sent to the backend using chunked transfer encoding.
SetEnv proxy-sendchunked 1
# Increase headers size for large Mercurial headers sent with many branches
LimitRequestLine 16380
# Url to running RhodeCode instance. This is shown as `- URL:` when
# running rccontrol status.
docs: added additional timeout example to Apache config to ensure we've covered also connection timeouts for reverse proxy.
r4398 ProxyPass / http://127.0.0.1:10002/ connectiontimeout=7200 timeout=7200 Keepalive=On
docs: updated documentation structure
r3693 ProxyPassReverse / http://127.0.0.1:10002/
# strict http prevents from https -> http downgrade
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
# Set x-frame options
Header always append X-Frame-Options SAMEORIGIN
# To enable https use line below
# SetEnvIf X-Url-Scheme https HTTPS=1
# SSL setup
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
## custom 502 error page. Will be displayed while RhodeCode server
## is turned off
ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html
</VirtualHost>