##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: added large header support for Apache
marcink -
r1726:9ad86764 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,87 +1,90 b''
1 1 .. _apache-conf-eg:
2 2
3 3 Apache Configuration Example
4 4 ----------------------------
5 5
6 6 Use the following example to configure Apache as a your web server.
7 7 Below config if for an Apache Reverse Proxy configuration.
8 8
9 9 .. note::
10 10
11 11 Apache requires the following modules to be enabled. Below is an example
12 12 how to enable them on Ubuntu Server
13 13
14 14
15 15 .. code-block:: bash
16 16
17 17 $ sudo a2enmod proxy
18 18 $ sudo a2enmod proxy_http
19 19 $ sudo a2enmod proxy_balancer
20 20 $ sudo a2enmod headers
21 21 $ sudo a2enmod ssl
22 22 $ sudo a2enmod rewrite
23 23
24 24 # requires Apache 2.4+, required to handle websockets/channelstream
25 25 $ sudo a2enmod proxy_wstunnel
26 26
27 27
28 28 .. code-block:: apache
29 29
30 30 ## HTTP to HTTPS rewrite
31 31 <VirtualHost *:80>
32 32 ServerName rhodecode.myserver.com
33 33 DocumentRoot /var/www/html
34 34 Redirect permanent / https://rhodecode.myserver.com/
35 35 </VirtualHost>
36 36
37 37 ## MAIN SSL enabled server
38 38 <VirtualHost *:443>
39 39
40 40 ServerName rhodecode.myserver.com
41 41 ServerAlias rhodecode.myserver.com
42 42
43 43 ## serve static files by Apache, recommended for performance
44 44 #Alias /_static /home/ubuntu/.rccontrol/community-1/static
45 45
46 46 RequestHeader set X-Forwarded-Proto "https"
47 47
48 48 ## channelstream websocket handling
49 49 ProxyPass /_channelstream ws://localhost:9800
50 50 ProxyPassReverse /_channelstream ws://localhost:9800
51 51
52 52 <Proxy *>
53 53 Order allow,deny
54 54 Allow from all
55 55 </Proxy>
56 56
57 57 # Directive to properly generate url (clone url) for RhodeCode
58 58 ProxyPreserveHost On
59 59
60 60 # Url to running RhodeCode instance. This is shown as `- URL:` when
61 61 # running rccontrol status.
62 62 ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
63 63 ProxyPassReverse / http://127.0.0.1:10002/
64 64
65 # Increase headers for large Mercurial headers
66 LimitRequestLine 16380
67
65 68 # strict http prevents from https -> http downgrade
66 69 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
67 70
68 71 # Set x-frame options
69 72 Header always append X-Frame-Options SAMEORIGIN
70 73
71 74 # To enable https use line below
72 75 # SetEnvIf X-Url-Scheme https HTTPS=1
73 76
74 77 # SSL setup
75 78 SSLEngine On
76 79 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
77 80 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
78 81
79 82 SSLProtocol all -SSLv2 -SSLv3
80 83 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
81 84 SSLHonorCipherOrder on
82 85
83 86 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
84 87 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
85 88
86 89 </VirtualHost>
87 90
General Comments 0
You need to be logged in to leave comments. Login now