##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: added additional timeout example to Apache config to ensure we've covered also connection timeouts for reverse proxy.
marcink -
r4398:683e15bf default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,107 +1,107 b''
1 .. _apache-conf-eg:
1 .. _apache-conf-eg:
2
2
3 Apache Configuration Example
3 Apache Configuration Example
4 ----------------------------
4 ----------------------------
5
5
6 Use the following example to configure Apache as a your web server.
6 Use the following example to configure Apache as a your web server.
7 Below config if for an Apache Reverse Proxy configuration.
7 Below config if for an Apache Reverse Proxy configuration.
8
8
9 .. note::
9 .. note::
10
10
11 Apache requires the following modules to be enabled. Below is an example
11 Apache requires the following modules to be enabled. Below is an example
12 how to enable them on Ubuntu Server
12 how to enable them on Ubuntu Server
13
13
14
14
15 .. code-block:: bash
15 .. code-block:: bash
16
16
17 $ sudo a2enmod proxy
17 $ sudo a2enmod proxy
18 $ sudo a2enmod proxy_http
18 $ sudo a2enmod proxy_http
19 $ sudo a2enmod proxy_balancer
19 $ sudo a2enmod proxy_balancer
20 $ sudo a2enmod headers
20 $ sudo a2enmod headers
21 $ sudo a2enmod ssl
21 $ sudo a2enmod ssl
22 $ sudo a2enmod rewrite
22 $ sudo a2enmod rewrite
23
23
24 # requires Apache 2.4+, required to handle websockets/channelstream
24 # requires Apache 2.4+, required to handle websockets/channelstream
25 $ sudo a2enmod proxy_wstunnel
25 $ sudo a2enmod proxy_wstunnel
26
26
27
27
28 .. code-block:: apache
28 .. code-block:: apache
29
29
30 ## HTTP to HTTPS rewrite
30 ## HTTP to HTTPS rewrite
31 <VirtualHost *:80>
31 <VirtualHost *:80>
32 ServerName rhodecode.myserver.com
32 ServerName rhodecode.myserver.com
33 DocumentRoot /var/www/html
33 DocumentRoot /var/www/html
34 Redirect permanent / https://rhodecode.myserver.com/
34 Redirect permanent / https://rhodecode.myserver.com/
35 </VirtualHost>
35 </VirtualHost>
36
36
37 ## MAIN SSL enabled server
37 ## MAIN SSL enabled server
38 <VirtualHost *:443>
38 <VirtualHost *:443>
39
39
40 ServerName rhodecode.myserver.com
40 ServerName rhodecode.myserver.com
41 ServerAlias rhodecode.myserver.com
41 ServerAlias rhodecode.myserver.com
42
42
43 ## Skip ProxyPass the _static to backend server
43 ## Skip ProxyPass the _static to backend server
44 #ProxyPass /_static !
44 #ProxyPass /_static !
45
45
46 ## serve static files by Apache, recommended for performance
46 ## serve static files by Apache, recommended for performance
47 #Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static
47 #Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static
48
48
49 ## Allow Apache to access the static files in this directory
49 ## Allow Apache to access the static files in this directory
50 #<Directory /home/ubuntu/.rccontrol/community-1/static/>
50 #<Directory /home/ubuntu/.rccontrol/community-1/static/>
51 # AllowOverride none
51 # AllowOverride none
52 # Require all granted
52 # Require all granted
53 #</Directory>
53 #</Directory>
54
54
55 RequestHeader set X-Forwarded-Proto "https"
55 RequestHeader set X-Forwarded-Proto "https"
56
56
57 ## channelstream websocket handling
57 ## channelstream websocket handling
58 ProxyPass /_channelstream ws://localhost:9800
58 ProxyPass /_channelstream ws://localhost:9800
59 ProxyPassReverse /_channelstream ws://localhost:9800
59 ProxyPassReverse /_channelstream ws://localhost:9800
60
60
61 <Proxy *>
61 <Proxy *>
62 Order allow,deny
62 Order allow,deny
63 Allow from all
63 Allow from all
64 </Proxy>
64 </Proxy>
65
65
66 # Directive to properly generate url (clone url) for RhodeCode
66 # Directive to properly generate url (clone url) for RhodeCode
67 ProxyPreserveHost On
67 ProxyPreserveHost On
68
68
69 # It allows request bodies to be sent to the backend using chunked transfer encoding.
69 # It allows request bodies to be sent to the backend using chunked transfer encoding.
70 SetEnv proxy-sendchunked 1
70 SetEnv proxy-sendchunked 1
71
71
72 # Increase headers size for large Mercurial headers sent with many branches
72 # Increase headers size for large Mercurial headers sent with many branches
73 LimitRequestLine 16380
73 LimitRequestLine 16380
74
74
75 # Url to running RhodeCode instance. This is shown as `- URL:` when
75 # Url to running RhodeCode instance. This is shown as `- URL:` when
76 # running rccontrol status.
76 # running rccontrol status.
77
77
78 ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
78 ProxyPass / http://127.0.0.1:10002/ connectiontimeout=7200 timeout=7200 Keepalive=On
79 ProxyPassReverse / http://127.0.0.1:10002/
79 ProxyPassReverse / http://127.0.0.1:10002/
80
80
81 # strict http prevents from https -> http downgrade
81 # strict http prevents from https -> http downgrade
82 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
82 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
83
83
84 # Set x-frame options
84 # Set x-frame options
85 Header always append X-Frame-Options SAMEORIGIN
85 Header always append X-Frame-Options SAMEORIGIN
86
86
87 # To enable https use line below
87 # To enable https use line below
88 # SetEnvIf X-Url-Scheme https HTTPS=1
88 # SetEnvIf X-Url-Scheme https HTTPS=1
89
89
90 # SSL setup
90 # SSL setup
91 SSLEngine On
91 SSLEngine On
92 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
92 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
93 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
93 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
94
94
95 SSLProtocol all -SSLv2 -SSLv3
95 SSLProtocol all -SSLv2 -SSLv3
96 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
96 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
97 SSLHonorCipherOrder on
97 SSLHonorCipherOrder on
98
98
99 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
99 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
100 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
100 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
101
101
102 ## custom 502 error page. Will be displayed while RhodeCode server
102 ## custom 502 error page. Will be displayed while RhodeCode server
103 ## is turned off
103 ## is turned off
104 ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html
104 ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html
105
105
106 </VirtualHost>
106 </VirtualHost>
107
107
General Comments 0
You need to be logged in to leave comments. Login now