u/ewong/rhodecode-enterprise-ce-fork Files · docs/admin/apache-conf-examples.rst

vcs: Use a thread scoped cache invalidation context to cache repository objects....

vcs: Use a thread scoped cache invalidation context to cache repository objects. Without this change the cache is on a process scope. If running with multiple threads this leads to sharing the cached object between threads. This will cause exceptions if multiple threads are trying to access the same curl object. Even worse it allows multiple threads to operate on the same repository object concurrently.

marcink - - Load All Authors

File last commit:

r1:854a839a default


                r614:cbe55781

default

Download file

             apache-conf-examples.rst
        
                    114 lines
            
             | 4.1 KiB
            
                | text/x-rst
            
             |
                RstLexer
            
             / docs / admin / apache-conf-examples.rst
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
project: added all source files and assets

              r1
            
      .. _apache-conf-eg:

      Apache Configuration Examples

      -----------------------------

      Use the following example to securely configure your Apache HTTP virtual hosts

      file.

      .. code-block:: apache

          <VirtualHost *:80>

              ServerName hg.myserver.com

              ServerAlias hg.myserver.com

              <Proxy *>

                Order allow,deny

                Allow from all

              </Proxy>

              # important !

              # Directive to properly generate url (clone url) for pylons

              ProxyPreserveHost On

              #rhodecode instance

              ProxyPass / http://127.0.0.1:5000/

              ProxyPassReverse / http://127.0.0.1:5000/

              # Set strict HTTPS

              Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

              # Set x-frame options

              Header always append X-Frame-Options SAMEORIGIN

              # To enable https use line below

              # SetEnvIf X-Url-Scheme https HTTPS=1

              # Secure your Diffie-hellmann deployment

              SSLProtocol             all -SSLv2 -SSLv3

              SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

              SSLHonorCipherOrder     on

              SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"

          </VirtualHost>

      Use the following example to configure Apache for a multi-node setup. The

      timeout setting should be increased if you experience timeouts when working

      with large |repos|.

      .. code-block:: apache

          #

          # Timeout: The number of seconds before receives and sends time out.

          #

          Timeout 600

          <VirtualHost *:80>

                  ProxyRequests off

                  #important !

                  #Directive to properly generate url (clone url) for pylons

                  ProxyPreserveHost On

                  ServerName your.rce.com

                  ServerAlias your.rce.com

                  <Proxy balancer://mycluster>

                          # WebHead1

                          BalancerMember http://10.58.1.171:10002 route=1

                          # WebHead2

                          BalancerMember http://10.58.1.172:10001 route=2

                          # Security "technically we aren't blocking

                          # anyone but this the place to make those

                          # chages

                          Order Deny,Allow

                          Deny from none

                          Allow from all

                          # Load Balancer Settings

                          # We will be configuring a simple Round

                          # Robin style load balancer. This means

                          # that all webheads take an equal share of

                          # of the load.

                          ProxySet stickysession=ROUTEID

                  </Proxy>

                  # balancer-manager

                  # This tool is built into the mod_proxy_balancer

                  # module and will allow you to do some simple

                  # modifications to the balanced group via a gui

                  # web interface.

                  <Location /balancer-manager>

                          SetHandler balancer-manager

                          # recommend locking this one down to your

                          # your office

                         Order deny,allow

                          Allow from all

                  </Location>

                  # Point of Balance

                  # This setting will allow to explicitly name the

                  # the location in the site that we want to be

                  # balanced, in this example we will balance "/"

                  # or everything in the site.

                  ProxyPass /balancer-manager !

                  ProxyPass / balancer://mycluster/

                  ProxyPassReverse / balancer://mycluster/

          </VirtualHost>

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink project: added all source files and assets	r1	.. _apache-conf-eg:

		Apache Configuration Examples
		-----------------------------

		Use the following example to securely configure your Apache HTTP virtual hosts
		file.

		.. code-block:: apache

		<VirtualHost *:80>
		ServerName hg.myserver.com
		ServerAlias hg.myserver.com

		<Proxy *>
		Order allow,deny
		Allow from all
		</Proxy>

		# important !
		# Directive to properly generate url (clone url) for pylons

		ProxyPreserveHost On

		#rhodecode instance
		ProxyPass / http://127.0.0.1:5000/
		ProxyPassReverse / http://127.0.0.1:5000/

		# Set strict HTTPS
		Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

		# Set x-frame options
		Header always append X-Frame-Options SAMEORIGIN

		# To enable https use line below
		# SetEnvIf X-Url-Scheme https HTTPS=1

		# Secure your Diffie-hellmann deployment
		SSLProtocol all -SSLv2 -SSLv3
		SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
		SSLHonorCipherOrder on
		SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"

		</VirtualHost>

		Use the following example to configure Apache for a multi-node setup. The
		timeout setting should be increased if you experience timeouts when working
		with large \|repos\|.

		.. code-block:: apache

		#
		# Timeout: The number of seconds before receives and sends time out.
		#
		Timeout 600

		<VirtualHost *:80>

		ProxyRequests off

		#important !
		#Directive to properly generate url (clone url) for pylons
		ProxyPreserveHost On

		ServerName your.rce.com
		ServerAlias your.rce.com

		<Proxy balancer://mycluster>
		# WebHead1
		BalancerMember http://10.58.1.171:10002 route=1
		# WebHead2
		BalancerMember http://10.58.1.172:10001 route=2

		# Security "technically we aren't blocking
		# anyone but this the place to make those
		# chages
		Order Deny,Allow
		Deny from none
		Allow from all

		# Load Balancer Settings
		# We will be configuring a simple Round
		# Robin style load balancer. This means
		# that all webheads take an equal share of
		# of the load.
		ProxySet stickysession=ROUTEID

		</Proxy>

		# balancer-manager
		# This tool is built into the mod_proxy_balancer
		# module and will allow you to do some simple
		# modifications to the balanced group via a gui
		# web interface.
		<Location /balancer-manager>
		SetHandler balancer-manager

		# recommend locking this one down to your
		# your office
		Order deny,allow
		Allow from all
		</Location>

		# Point of Balance
		# This setting will allow to explicitly name the
		# the location in the site that we want to be
		# balanced, in this example we will balance "/"
		# or everything in the site.
		ProxyPass /balancer-manager !
		ProxyPass / balancer://mycluster/

		ProxyPassReverse / balancer://mycluster/

		</VirtualHost>