Show More
| @@ -1,107 +1,107 b'' | |||
|
|
1 | 1 | .. _apache-conf-eg: |
|
|
2 | 2 | |
|
|
3 | 3 | Apache Configuration Example |
|
|
4 | 4 | ---------------------------- |
|
|
5 | 5 | |
|
|
6 | 6 | Use the following example to configure Apache as a your web server. |
|
|
7 | 7 | Below config if for an Apache Reverse Proxy configuration. |
|
|
8 | 8 | |
|
|
9 | 9 | .. note:: |
|
|
10 | 10 | |
|
|
11 | 11 | Apache requires the following modules to be enabled. Below is an example |
|
|
12 | 12 | how to enable them on Ubuntu Server |
|
|
13 | 13 | |
|
|
14 | 14 | |
|
|
15 | 15 | .. code-block:: bash |
|
|
16 | 16 | |
|
|
17 | 17 | $ sudo a2enmod proxy |
|
|
18 | 18 | $ sudo a2enmod proxy_http |
|
|
19 | 19 | $ sudo a2enmod proxy_balancer |
|
|
20 | 20 | $ sudo a2enmod headers |
|
|
21 | 21 | $ sudo a2enmod ssl |
|
|
22 | 22 | $ sudo a2enmod rewrite |
|
|
23 | 23 | |
|
|
24 | 24 | # requires Apache 2.4+, required to handle websockets/channelstream |
|
|
25 | 25 | $ sudo a2enmod proxy_wstunnel |
|
|
26 | 26 | |
|
|
27 | 27 | |
|
|
28 | 28 | .. code-block:: apache |
|
|
29 | 29 | |
|
|
30 | 30 | ## HTTP to HTTPS rewrite |
|
|
31 | 31 | <VirtualHost *:80> |
|
|
32 | 32 | ServerName rhodecode.myserver.com |
|
|
33 | 33 | DocumentRoot /var/www/html |
|
|
34 | 34 | Redirect permanent / https://rhodecode.myserver.com/ |
|
|
35 | 35 | </VirtualHost> |
|
|
36 | 36 | |
|
|
37 | 37 | ## MAIN SSL enabled server |
|
|
38 | 38 | <VirtualHost *:443> |
|
|
39 | 39 | |
|
|
40 | 40 | ServerName rhodecode.myserver.com |
|
|
41 | 41 | ServerAlias rhodecode.myserver.com |
|
|
42 | 42 | |
|
|
43 | 43 | ## Skip ProxyPass the _static to backend server |
|
|
44 | 44 | #ProxyPass /_static ! |
|
|
45 | 45 | |
|
|
46 | 46 | ## serve static files by Apache, recommended for performance |
|
|
47 | 47 | #Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static |
|
|
48 | 48 | |
|
|
49 | 49 | ## Allow Apache to access the static files in this directory |
|
|
50 | 50 | #<Directory /home/ubuntu/.rccontrol/community-1/static/> |
|
|
51 | 51 | # AllowOverride none |
|
|
52 | 52 | # Require all granted |
|
|
53 | 53 | #</Directory> |
|
|
54 | 54 | |
|
|
55 | 55 | RequestHeader set X-Forwarded-Proto "https" |
|
|
56 | 56 | |
|
|
57 | 57 | ## channelstream websocket handling |
|
|
58 | 58 | ProxyPass /_channelstream ws://localhost:9800 |
|
|
59 | 59 | ProxyPassReverse /_channelstream ws://localhost:9800 |
|
|
60 | 60 | |
|
|
61 | 61 | <Proxy *> |
|
|
62 | 62 | Order allow,deny |
|
|
63 | 63 | Allow from all |
|
|
64 | 64 | </Proxy> |
|
|
65 | 65 | |
|
|
66 | 66 | # Directive to properly generate url (clone url) for RhodeCode |
|
|
67 | 67 | ProxyPreserveHost On |
|
|
68 | 68 | |
|
|
69 | 69 | # It allows request bodies to be sent to the backend using chunked transfer encoding. |
|
|
70 | 70 | SetEnv proxy-sendchunked 1 |
|
|
71 | 71 | |
|
|
72 | 72 | # Increase headers size for large Mercurial headers sent with many branches |
|
|
73 | 73 | LimitRequestLine 16380 |
|
|
74 | 74 | |
|
|
75 | 75 | # Url to running RhodeCode instance. This is shown as `- URL:` when |
|
|
76 | 76 | # running rccontrol status. |
|
|
77 | 77 | |
|
|
78 | ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On | |
|
|
78 | ProxyPass / http://127.0.0.1:10002/ connectiontimeout=7200 timeout=7200 Keepalive=On | |
|
|
79 | 79 | ProxyPassReverse / http://127.0.0.1:10002/ |
|
|
80 | 80 | |
|
|
81 | 81 | # strict http prevents from https -> http downgrade |
|
|
82 | 82 | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" |
|
|
83 | 83 | |
|
|
84 | 84 | # Set x-frame options |
|
|
85 | 85 | Header always append X-Frame-Options SAMEORIGIN |
|
|
86 | 86 | |
|
|
87 | 87 | # To enable https use line below |
|
|
88 | 88 | # SetEnvIf X-Url-Scheme https HTTPS=1 |
|
|
89 | 89 | |
|
|
90 | 90 | # SSL setup |
|
|
91 | 91 | SSLEngine On |
|
|
92 | 92 | SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem |
|
|
93 | 93 | SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key |
|
|
94 | 94 | |
|
|
95 | 95 | SSLProtocol all -SSLv2 -SSLv3 |
|
|
96 | 96 | SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA |
|
|
97 | 97 | SSLHonorCipherOrder on |
|
|
98 | 98 | |
|
|
99 | 99 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits |
|
|
100 | 100 | #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem" |
|
|
101 | 101 | |
|
|
102 | 102 | ## custom 502 error page. Will be displayed while RhodeCode server |
|
|
103 | 103 | ## is turned off |
|
|
104 | 104 | ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html |
|
|
105 | 105 | |
|
|
106 | 106 | </VirtualHost> |
|
|
107 | 107 | |
General Comments 0
You need to be logged in to leave comments.
Login now