rhodecode-enterprise-ce Commit - r4607:41ef225e

1

.. _nginx-proxy-conf:

1

.. _nginx-proxy-conf:

2

3

Nginx Proxy Config

3

Nginx Proxy Config

4

------------------

4

------------------

5

6

7

Set the following properties in your ``/etc/nginx/proxy.conf`` so it does not

7

Set the following properties in your ``/etc/nginx/proxy.conf`` so it does not

8

timeout during large pushes.

8

timeout during large pushes.

9

10

.. code-block:: nginx

10

.. code-block:: nginx

11

12

proxy_redirect off;

12

proxy_redirect off;

13

proxy_set_header Host $http_host;

13

proxy_set_header Host $http_host;

14

15

## If you use HTTPS make sure you disable gzip compression

15

## If you use HTTPS make sure you disable gzip compression

16

## to be safe against BREACH attack.

16

## to be safe against BREACH attack.

17

gzip off;

17

gzip off;

18

19

# Don't buffer requests in NGINX stream them using chunked-encoding

19

# Don't buffer requests in NGINX stream them using chunked-encoding

20

proxy_buffering off;

20

proxy_buffering off;

21

22

## This is also required for later GIT to use streaming.

22

## This is also required for later GIT to use streaming.

23

## Works only for Nginx 1.7.11 and newer

23

## Works only for Nginx 1.7.11 and newer

24

proxy_request_buffering off;

24

proxy_request_buffering off;

25

proxy_http_version 1.1;

25

proxy_http_version 1.1;

26

27

## Set this to a larger number if you experience timeouts

27

## Set this to a larger number if you experience timeouts

28

## or 413 Request Entity Too Large, 10GB is enough for most cases

28

## or 413 Request Entity Too Large, 10GB is enough for most cases

29

client_max_body_size 10240m;

29

client_max_body_size 10240m;

30

31

## needed for container auth

31

## needed for container auth

32

# proxy_set_header REMOTE_USER $remote_user;

32

# proxy_set_header REMOTE_USER $remote_user;

33

# proxy_set_header X-Forwarded-User $remote_user;

33

# proxy_set_header X-Forwarded-User $remote_user;

34

35

proxy_set_header X-Url-Scheme $scheme;

35

proxy_set_header X-Url-Scheme $scheme;

36

proxy_set_header X-Host $http_host;

36

proxy_set_header X-Host $http_host;

37

proxy_set_header X-Real-IP $remote_addr;

37

proxy_set_header X-Real-IP $remote_addr;

38

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

38

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

39

proxy_set_header X-Forwarded-Proto $proto;

40

proxy_set_header X-Url-Scheme $scheme;

39

proxy_set_header Proxy-host $proxy_host;

41

proxy_set_header Proxy-host $proxy_host;

40

42

41

proxy_connect_timeout 7200;

43

proxy_connect_timeout 7200;

42

proxy_send_timeout 7200;

44

proxy_send_timeout 7200;

43

proxy_read_timeout 7200;

45

proxy_read_timeout 7200;

44

proxy_buffers 8 32k;

46

proxy_buffers 8 32k;

45

47

46

add_header X-Frame-Options SAMEORIGIN;

48

add_header X-Frame-Options SAMEORIGIN;

47

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

49

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             .. _nginx-proxy-conf:
             Nginx Proxy Config
             ------------------
             Set the following properties in your ``/etc/nginx/proxy.conf`` so it does not
             timeout during large pushes.
             .. code-block:: nginx
                 proxy_redirect              off;
                 proxy_set_header            Host $http_host;
                 ## If you use HTTPS make sure you disable gzip compression
                 ## to be safe against BREACH attack.
                 gzip                        off;
                 # Don't buffer requests in NGINX stream them using chunked-encoding
                 proxy_buffering             off;
                 ## This is also required for later GIT to use streaming.
                 ## Works only for Nginx 1.7.11 and newer
                 proxy_request_buffering off;
                 proxy_http_version 1.1;
                 ## Set this to a larger number if you experience timeouts
                 ## or 413 Request Entity Too Large, 10GB is enough for most cases
                 client_max_body_size        10240m;
                 ## needed for container auth
                 # proxy_set_header          REMOTE_USER $remote_user;
                 # proxy_set_header          X-Forwarded-User $remote_user;
                 proxy_set_header            X-Url-Scheme $scheme;
                 proxy_set_header            X-Host $http_host;
                 proxy_set_header            X-Real-IP $remote_addr;
                 proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header            X-Forwarded-Proto $proto;
+                proxy_set_header            X-Url-Scheme $scheme;
                 proxy_set_header            Proxy-host $proxy_host;
                 proxy_connect_timeout       7200;
                 proxy_send_timeout          7200;
                 proxy_read_timeout          7200;
                 proxy_buffers               8 32k;
                 add_header X-Frame-Options SAMEORIGIN;
                 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";