##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: updated nginx/apache configurations....
marcink -
r1263:dd531307 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,114 +1,87 b''
1 .. _apache-conf-eg:
1 .. _apache-conf-eg:
2
2
3 Apache Configuration Examples
3 Apache Configuration Example
4 -----------------------------
4 ----------------------------
5
6 Use the following example to configure Apache as a your web server.
7 Below config if for an Apache Reverse Proxy configuration.
8
9 .. note::
10
11 Apache requires the following modules to be enabled. Below is an example
12 how to enable them on Ubuntu Server
13
5
14
6 Use the following example to securely configure your Apache HTTP virtual hosts
15 .. code-block:: bash
7 file.
16
17 $ sudo a2enmod proxy
18 $ sudo a2enmod proxy_http
19 $ sudo a2enmod proxy_balancer
20 $ sudo a2enmod headers
21 $ sudo a2enmod ssl
22 $ sudo a2enmod rewrite
23
24 # requires Apache 2.4+, required to handle websockets/channelstream
25 $ sudo a2enmod proxy_wstunnel
26
8
27
9 .. code-block:: apache
28 .. code-block:: apache
10
29
30 ## HTTP to HTTPS rewrite
11 <VirtualHost *:80>
31 <VirtualHost *:80>
12 ServerName hg.myserver.com
32 ServerName rhodecode.myserver.com
13 ServerAlias hg.myserver.com
33 DocumentRoot /var/www/html
34 Redirect permanent / https://rhodecode.myserver.com/
35 </VirtualHost>
36
37 ## MAIN SSL enabled server
38 <VirtualHost *:443>
39
40 ServerName rhodecode.myserver.com
41 ServerAlias rhodecode.myserver.com
42
43 ## serve static files by Apache, recommended for performance
44 #Alias /_static /home/ubuntu/.rccontrol/community-1/static
45
46 RequestHeader set X-Forwarded-Proto "https"
47
48 ## channelstream websocket handling
49 ProxyPass /_channelstream ws://localhost:9800
50 ProxyPassReverse /_channelstream ws://localhost:9800
14
51
15 <Proxy *>
52 <Proxy *>
16 Order allow,deny
53 Order allow,deny
17 Allow from all
54 Allow from all
18 </Proxy>
55 </Proxy>
19
56
20 # important !
57 # Directive to properly generate url (clone url) for RhodeCode
21 # Directive to properly generate url (clone url) for pylons
22
23 ProxyPreserveHost On
58 ProxyPreserveHost On
24
59
25 #rhodecode instance
60 # Url to running RhodeCode instance. This is shown as `- URL:` when
26 ProxyPass / http://127.0.0.1:5000/
61 # running rccontrol status.
27 ProxyPassReverse / http://127.0.0.1:5000/
62 ProxyPass / http://127.0.0.1:10002/
63 ProxyPassReverse / http://127.0.0.1:10002/
28
64
29 # Set strict HTTPS
65 # strict http prevents from https -> http downgrade
30 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
66 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
31
67
32 # Set x-frame options
68 # Set x-frame options
33 Header always append X-Frame-Options SAMEORIGIN
69 Header always append X-Frame-Options SAMEORIGIN
34
70
35 # To enable https use line below
71 # To enable https use line below
36 # SetEnvIf X-Url-Scheme https HTTPS=1
72 # SetEnvIf X-Url-Scheme https HTTPS=1
37
73
38 # Secure your Diffie-hellmann deployment
74 # SSL setup
75 SSLEngine On
76 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
77 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
78
39 SSLProtocol all -SSLv2 -SSLv3
79 SSLProtocol all -SSLv2 -SSLv3
40 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
80 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
41 SSLHonorCipherOrder on
81 SSLHonorCipherOrder on
42 SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"
82
83 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
84 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
43
85
44 </VirtualHost>
86 </VirtualHost>
45
87
46 Use the following example to configure Apache for a multi-node setup. The
47 timeout setting should be increased if you experience timeouts when working
48 with large |repos|.
49
50 .. code-block:: apache
51
52 #
53 # Timeout: The number of seconds before receives and sends time out.
54 #
55 Timeout 600
56
57 <VirtualHost *:80>
58
59 ProxyRequests off
60
61 #important !
62 #Directive to properly generate url (clone url) for pylons
63 ProxyPreserveHost On
64
65 ServerName your.rce.com
66 ServerAlias your.rce.com
67
68 <Proxy balancer://mycluster>
69 # WebHead1
70 BalancerMember http://10.58.1.171:10002 route=1
71 # WebHead2
72 BalancerMember http://10.58.1.172:10001 route=2
73
74 # Security "technically we aren't blocking
75 # anyone but this the place to make those
76 # chages
77 Order Deny,Allow
78 Deny from none
79 Allow from all
80
81 # Load Balancer Settings
82 # We will be configuring a simple Round
83 # Robin style load balancer. This means
84 # that all webheads take an equal share of
85 # of the load.
86 ProxySet stickysession=ROUTEID
87
88 </Proxy>
89
90 # balancer-manager
91 # This tool is built into the mod_proxy_balancer
92 # module and will allow you to do some simple
93 # modifications to the balanced group via a gui
94 # web interface.
95 <Location /balancer-manager>
96 SetHandler balancer-manager
97
98 # recommend locking this one down to your
99 # your office
100 Order deny,allow
101 Allow from all
102 </Location>
103
104 # Point of Balance
105 # This setting will allow to explicitly name the
106 # the location in the site that we want to be
107 # balanced, in this example we will balance "/"
108 # or everything in the site.
109 ProxyPass /balancer-manager !
110 ProxyPass / balancer://mycluster/
111
112 ProxyPassReverse / balancer://mycluster/
113
114 </VirtualHost>
Show file before | Show file after | Hide comments
@@ -1,15 +1,14 b''
1 .. _apache-ws-ref:
1 .. _apache-ws-ref:
2
2
3 Apache HTTP Server Configuration
3 Apache HTTP Server Configuration
4 --------------------------------
4 --------------------------------
5
5
6 To set up your Apache Web Server for optimal performance and security, use
6 To set up your Apache Web Server for optimal performance and security, use
7 the information in the following sections.
7 the information in the following sections.
8
8
9 .. toctree::
9 .. toctree::
10
10
11 apache-diffie-hellman
11 apache-diffie-hellman
12 apache-conf-examples
12 apache-conf-example
13 apache-subdirectory
13 apache-subdirectory
14 apache-reverse-proxy
15 apache-wsgi-coding
14 apache-wsgi-coding
Show file before | Show file after | Hide comments
@@ -1,34 +1,35 b''
1 .. _apache-sub-ref:
1 .. _apache-sub-ref:
2
2
3 Apache URL Prefix Configuration
3 Apache URL Prefix Configuration
4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
5
5
6 Use the following example to configure Apache to use a URL prefix.
6 Use the following example to configure Apache to use a URL prefix.
7
7
8 .. code-block:: apache
8 .. code-block:: apache
9
9
10 <Location /<someprefix>/ # Change <someprefix> into your chosen prefix
10 # Change someprefix into your chosen prefix
11 <Location /someprefix >
11 ProxyPreserveHost On
12 ProxyPreserveHost On
12 ProxyPass "http://127.0.0.1:5000/"
13 ProxyPass "http://127.0.0.1:5000/"
13 ProxyPassReverse "http://127.0.0.1:5000/"
14 ProxyPassReverse "http://127.0.0.1:5000/"
14 Header set X-Url-Scheme https env=HTTPS
15 Header set X-Url-Scheme https env=HTTPS
15 </Location>
16 </Location>
16
17
17 In addition to the regular Apache setup you will need to add the following
18 In addition to the regular Apache setup you will need to add the following
18 lines into the ``rhodecode.ini`` file.
19 lines into the ``rhodecode.ini`` file.
19
20
20 * Above ``[app:main]`` section of the ``rhodecode.ini`` file add the
21 * Above ``[app:main]`` section of the ``rhodecode.ini`` file add the
21 following section if it doesn't exist yet.
22 following section if it doesn't exist yet.
22
23
23 .. code-block:: ini
24 .. code-block:: ini
24
25
25 [filter:proxy-prefix]
26 [filter:proxy-prefix]
26 use = egg:PasteDeploy#prefix
27 use = egg:PasteDeploy#prefix
27 prefix = /<someprefix> # Change <someprefix> into your chosen prefix
28 prefix = /<someprefix> # Change <someprefix> into your chosen prefix
28
29
29 * In the the ``[app:main]`` section of your ``rhodecode.ini`` file add the
30 * In the the ``[app:main]`` section of your ``rhodecode.ini`` file add the
30 following line.
31 following line.
31
32
32 .. code-block:: ini
33 .. code-block:: ini
33
34
34 filter-with = proxy-prefix
35 filter-with = proxy-prefix
Show file before | Show file after | Hide comments
@@ -1,120 +1,125 b''
1 Nginx Configuration Example
1 Nginx Configuration Example
2 ---------------------------
2 ---------------------------
3
3
4 Use the following example to configure Nginx as a your web server.
4 Use the following example to configure Nginx as a your web server.
5
5
6
6 .. code-block:: nginx
7 .. code-block:: nginx
7
8
8 log_format log_custom '$remote_addr - $remote_user [$time_local] '
9 log_format log_custom '$remote_addr - $remote_user [$time_local] '
9 '"$request" $status $body_bytes_sent '
10 '"$request" $status $body_bytes_sent '
10 '"$http_referer" "$http_user_agent" '
11 '"$http_referer" "$http_user_agent" '
11 '$request_time $upstream_response_time $pipe';
12 '$request_time $upstream_response_time $pipe';
12
13
14 ## define upstream (local RhodeCode instance) to connect to
13 upstream rc {
15 upstream rc {
14
16 # Url to running RhodeCode instance.
17 # This is shown as `- URL:` in output from rccontrol status.
15 server 127.0.0.1:10002;
18 server 127.0.0.1:10002;
16
19
17 # add more instances for load balancing
20 # add more instances for load balancing
18 # server 127.0.0.1:10003;
21 # server 127.0.0.1:10003;
19 # server 127.0.0.1:10004;
22 # server 127.0.0.1:10004;
20 }
23 }
21
24
22 ## gist alias server, for serving nicer GIST urls
25 ## HTTP to HTTPS rewrite
26 server {
27 listen 80;
28 server_name rhodecode.myserver.com;
23
29
30 if ($http_host = rhodecode.myserver.com) {
31 rewrite (.*) https://rhodecode.myserver.com$1 permanent;
32 }
33 }
34
35 ## Optional gist alias server, for serving nicer GIST urls.
24 server {
36 server {
25 listen 443;
37 listen 443;
26 server_name gist.myserver.com;
38 server_name gist.myserver.com;
27 access_log /var/log/nginx/gist.access.log log_custom;
39 access_log /var/log/nginx/gist.access.log log_custom;
28 error_log /var/log/nginx/gist.error.log;
40 error_log /var/log/nginx/gist.error.log;
29
41
30 ssl on;
42 ssl on;
31 ssl_certificate gist.rhodecode.myserver.com.crt;
43 ssl_certificate gist.rhodecode.myserver.com.crt;
32 ssl_certificate_key gist.rhodecode.myserver.com.key;
44 ssl_certificate_key gist.rhodecode.myserver.com.key;
33
45
34 ssl_session_timeout 5m;
46 ssl_session_timeout 5m;
35
47
36 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
48 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
37 ssl_prefer_server_ciphers on;
49 ssl_prefer_server_ciphers on;
38 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
50 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
39
51
52 # strict http prevents from https -> http downgrade
40 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
53 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
41
54
42 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
55 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
43 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
56 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
44
57
45 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
58 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
46 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
59 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
47 }
60 }
48
61
49 ## HTTP to HTTPS rewrite
50 server {
51 listen 80;
52 server_name rhodecode.myserver.com;
53
54 if ($http_host = rhodecode.myserver.com) {
55 rewrite (.*) https://rhodecode.myserver.com$1 permanent;
56 }
57 }
58
62
59 ## MAIN SSL enabled server
63 ## MAIN SSL enabled server
60 server {
64 server {
61 listen 443 ssl;
65 listen 443 ssl;
62 server_name rhodecode.myserver.com;
66 server_name rhodecode.myserver.com;
63
67
64 access_log /var/log/nginx/rhodecode.access.log log_custom;
68 access_log /var/log/nginx/rhodecode.access.log log_custom;
65 error_log /var/log/nginx/rhodecode.error.log;
69 error_log /var/log/nginx/rhodecode.error.log;
66
70
67 ssl on;
71 ssl on;
68 ssl_certificate rhodecode.myserver.com.crt;
72 ssl_certificate rhodecode.myserver.com.crt;
69 ssl_certificate_key rhodecode.myserver.com.key;
73 ssl_certificate_key rhodecode.myserver.com.key;
70
74
71 ssl_session_timeout 5m;
75 ssl_session_timeout 5m;
72
76
73 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
77 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
74 ssl_prefer_server_ciphers on;
78 ssl_prefer_server_ciphers on;
75 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
79 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
76
80
77 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
81 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
78 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
82 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
79
83
80 include /etc/nginx/proxy.conf;
84 include /etc/nginx/proxy.conf;
81
85
82 ## serve static files by nginx, recommended
86 ## serve static files by Nginx, recommended for performance
83 # location /_static/rhodecode {
87 # location /_static/rhodecode {
84 # alias /path/to/.rccontrol/enterprise-1/static;
88 # alias /path/to/.rccontrol/enterprise-1/static;
85 # }
89 # }
86
90
87 ## channel stream live components
91 ## channelstream websocket handling
88 location /_channelstream {
92 location /_channelstream {
89 rewrite /_channelstream/(.*) /$1 break;
93 rewrite /_channelstream/(.*) /$1 break;
94
90 proxy_pass http://127.0.0.1:9800;
95 proxy_pass http://127.0.0.1:9800;
91
96
92 proxy_connect_timeout 10;
97 proxy_connect_timeout 10;
93 proxy_send_timeout 10m;
98 proxy_send_timeout 10m;
94 proxy_read_timeout 10m;
99 proxy_read_timeout 10m;
95 tcp_nodelay off;
100 tcp_nodelay off;
96 proxy_set_header Host $host;
101 proxy_set_header Host $host;
97 proxy_set_header X-Real-IP $remote_addr;
102 proxy_set_header X-Real-IP $remote_addr;
98 proxy_set_header X-Url-Scheme $scheme;
103 proxy_set_header X-Url-Scheme $scheme;
99 proxy_set_header X-Forwarded-Proto $scheme;
104 proxy_set_header X-Forwarded-Proto $scheme;
100 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
105 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
101 gzip off;
106 gzip off;
102 proxy_http_version 1.1;
107 proxy_http_version 1.1;
103 proxy_set_header Upgrade $http_upgrade;
108 proxy_set_header Upgrade $http_upgrade;
104 proxy_set_header Connection "upgrade";
109 proxy_set_header Connection "upgrade";
105 }
110 }
106
111
107 location / {
112 location / {
108 try_files $uri @rhode;
113 try_files $uri @rhode;
109 }
114 }
110
115
111 location @rhode {
116 location @rhode {
112 proxy_pass http://rc;
117 proxy_pass http://rc;
113 }
118 }
114
119
115 ## custom 502 error page
120 ## custom 502 error page
116 error_page 502 /502.html;
121 error_page 502 /502.html;
117 location = /502.html {
122 location = /502.html {
118 root /path/to/.rccontrol/enterprise-1/static;
123 root /path/to/.rccontrol/enterprise-1/static;
119 }
124 }
120 } No newline at end of file
125 }
Show file before | Show file after | Hide comments
@@ -1,14 +1,14 b''
1 .. _nginx-ws-ref:
1 .. _nginx-ws-ref:
2
2
3 Nginx Configuration
3 Nginx HTTP Server Configuration
4 ===================
4 -------------------------------
5
5
6 To set up your Nginx Web Server for optimal performance and security, use
6 To set up your Nginx Web Server for optimal performance and security, use
7 the information in the following sections.
7 the information in the following sections.
8
8
9 .. toctree::
9 .. toctree::
10
10
11 nginx-diffie-hellman
11 nginx-diffie-hellman
12 nginx-config-example
12 nginx-config-example
13 nginx-tuning
13 nginx-tuning
14 nginx-url-prefix
14 nginx-url-prefix
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
NO CONTENT: file was removed
General Comments 0
You need to be logged in to leave comments. Login now