##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: updated Apache config with chunked proxy option
marcink -
r3530:8ce58b9b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,103 +1,107 b''
1 .. _apache-conf-eg:
1 .. _apache-conf-eg:
2
2
3 Apache Configuration Example
3 Apache Configuration Example
4 ----------------------------
4 ----------------------------
5
5
6 Use the following example to configure Apache as a your web server.
6 Use the following example to configure Apache as a your web server.
7 Below config if for an Apache Reverse Proxy configuration.
7 Below config if for an Apache Reverse Proxy configuration.
8
8
9 .. note::
9 .. note::
10
10
11 Apache requires the following modules to be enabled. Below is an example
11 Apache requires the following modules to be enabled. Below is an example
12 how to enable them on Ubuntu Server
12 how to enable them on Ubuntu Server
13
13
14
14
15 .. code-block:: bash
15 .. code-block:: bash
16
16
17 $ sudo a2enmod proxy
17 $ sudo a2enmod proxy
18 $ sudo a2enmod proxy_http
18 $ sudo a2enmod proxy_http
19 $ sudo a2enmod proxy_balancer
19 $ sudo a2enmod proxy_balancer
20 $ sudo a2enmod headers
20 $ sudo a2enmod headers
21 $ sudo a2enmod ssl
21 $ sudo a2enmod ssl
22 $ sudo a2enmod rewrite
22 $ sudo a2enmod rewrite
23
23
24 # requires Apache 2.4+, required to handle websockets/channelstream
24 # requires Apache 2.4+, required to handle websockets/channelstream
25 $ sudo a2enmod proxy_wstunnel
25 $ sudo a2enmod proxy_wstunnel
26
26
27
27
28 .. code-block:: apache
28 .. code-block:: apache
29
29
30 ## HTTP to HTTPS rewrite
30 ## HTTP to HTTPS rewrite
31 <VirtualHost *:80>
31 <VirtualHost *:80>
32 ServerName rhodecode.myserver.com
32 ServerName rhodecode.myserver.com
33 DocumentRoot /var/www/html
33 DocumentRoot /var/www/html
34 Redirect permanent / https://rhodecode.myserver.com/
34 Redirect permanent / https://rhodecode.myserver.com/
35 </VirtualHost>
35 </VirtualHost>
36
36
37 ## MAIN SSL enabled server
37 ## MAIN SSL enabled server
38 <VirtualHost *:443>
38 <VirtualHost *:443>
39
39
40 ServerName rhodecode.myserver.com
40 ServerName rhodecode.myserver.com
41 ServerAlias rhodecode.myserver.com
41 ServerAlias rhodecode.myserver.com
42
42
43 ## Skip ProxyPass the _static to backend server
43 ## Skip ProxyPass the _static to backend server
44 #ProxyPass /_static !
44 #ProxyPass /_static !
45
45
46 ## serve static files by Apache, recommended for performance
46 ## serve static files by Apache, recommended for performance
47 #Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static
47 #Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static
48
48
49 ## Allow Apache to access the static files in this directory
49 ## Allow Apache to access the static files in this directory
50 #<Directory /home/ubuntu/.rccontrol/community-1/static/>
50 #<Directory /home/ubuntu/.rccontrol/community-1/static/>
51 # AllowOverride none
51 # AllowOverride none
52 # Require all granted
52 # Require all granted
53 #</Directory>
53 #</Directory>
54
54
55 RequestHeader set X-Forwarded-Proto "https"
55 RequestHeader set X-Forwarded-Proto "https"
56
56
57 ## channelstream websocket handling
57 ## channelstream websocket handling
58 ProxyPass /_channelstream ws://localhost:9800
58 ProxyPass /_channelstream ws://localhost:9800
59 ProxyPassReverse /_channelstream ws://localhost:9800
59 ProxyPassReverse /_channelstream ws://localhost:9800
60
60
61 <Proxy *>
61 <Proxy *>
62 Order allow,deny
62 Order allow,deny
63 Allow from all
63 Allow from all
64 </Proxy>
64 </Proxy>
65
65
66 # Directive to properly generate url (clone url) for RhodeCode
66 # Directive to properly generate url (clone url) for RhodeCode
67 ProxyPreserveHost On
67 ProxyPreserveHost On
68
68
69 # It allows request bodies to be sent to the backend using chunked transfer encoding.
70 SetEnv proxy-sendchunked 1
71
72 # Increase headers size for large Mercurial headers sent with many branches
73 LimitRequestLine 16380
74
69 # Url to running RhodeCode instance. This is shown as `- URL:` when
75 # Url to running RhodeCode instance. This is shown as `- URL:` when
70 # running rccontrol status.
76 # running rccontrol status.
77
71 ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
78 ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
72 ProxyPassReverse / http://127.0.0.1:10002/
79 ProxyPassReverse / http://127.0.0.1:10002/
73
80
74 # Increase headers for large Mercurial headers
75 LimitRequestLine 16380
76
77 # strict http prevents from https -> http downgrade
81 # strict http prevents from https -> http downgrade
78 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
82 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
79
83
80 # Set x-frame options
84 # Set x-frame options
81 Header always append X-Frame-Options SAMEORIGIN
85 Header always append X-Frame-Options SAMEORIGIN
82
86
83 # To enable https use line below
87 # To enable https use line below
84 # SetEnvIf X-Url-Scheme https HTTPS=1
88 # SetEnvIf X-Url-Scheme https HTTPS=1
85
89
86 # SSL setup
90 # SSL setup
87 SSLEngine On
91 SSLEngine On
88 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
92 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
89 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
93 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
90
94
91 SSLProtocol all -SSLv2 -SSLv3
95 SSLProtocol all -SSLv2 -SSLv3
92 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
96 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
93 SSLHonorCipherOrder on
97 SSLHonorCipherOrder on
94
98
95 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
99 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
96 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
100 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
97
101
98 ## custom 502 error page. Will be displayed while RhodeCode server
102 ## custom 502 error page. Will be displayed while RhodeCode server
99 ## is turned off
103 ## is turned off
100 ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html
104 ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html
101
105
102 </VirtualHost>
106 </VirtualHost>
103
107
General Comments 0
You need to be logged in to leave comments. Login now