Show More
@@ -1,87 +1,90 b'' | |||||
1 | .. _apache-conf-eg: |
|
1 | .. _apache-conf-eg: | |
2 |
|
2 | |||
3 | Apache Configuration Example |
|
3 | Apache Configuration Example | |
4 | ---------------------------- |
|
4 | ---------------------------- | |
5 |
|
5 | |||
6 | Use the following example to configure Apache as a your web server. |
|
6 | Use the following example to configure Apache as a your web server. | |
7 | Below config if for an Apache Reverse Proxy configuration. |
|
7 | Below config if for an Apache Reverse Proxy configuration. | |
8 |
|
8 | |||
9 | .. note:: |
|
9 | .. note:: | |
10 |
|
10 | |||
11 | Apache requires the following modules to be enabled. Below is an example |
|
11 | Apache requires the following modules to be enabled. Below is an example | |
12 | how to enable them on Ubuntu Server |
|
12 | how to enable them on Ubuntu Server | |
13 |
|
13 | |||
14 |
|
14 | |||
15 | .. code-block:: bash |
|
15 | .. code-block:: bash | |
16 |
|
16 | |||
17 | $ sudo a2enmod proxy |
|
17 | $ sudo a2enmod proxy | |
18 | $ sudo a2enmod proxy_http |
|
18 | $ sudo a2enmod proxy_http | |
19 | $ sudo a2enmod proxy_balancer |
|
19 | $ sudo a2enmod proxy_balancer | |
20 | $ sudo a2enmod headers |
|
20 | $ sudo a2enmod headers | |
21 | $ sudo a2enmod ssl |
|
21 | $ sudo a2enmod ssl | |
22 | $ sudo a2enmod rewrite |
|
22 | $ sudo a2enmod rewrite | |
23 |
|
23 | |||
24 | # requires Apache 2.4+, required to handle websockets/channelstream |
|
24 | # requires Apache 2.4+, required to handle websockets/channelstream | |
25 | $ sudo a2enmod proxy_wstunnel |
|
25 | $ sudo a2enmod proxy_wstunnel | |
26 |
|
26 | |||
27 |
|
27 | |||
28 | .. code-block:: apache |
|
28 | .. code-block:: apache | |
29 |
|
29 | |||
30 | ## HTTP to HTTPS rewrite |
|
30 | ## HTTP to HTTPS rewrite | |
31 | <VirtualHost *:80> |
|
31 | <VirtualHost *:80> | |
32 | ServerName rhodecode.myserver.com |
|
32 | ServerName rhodecode.myserver.com | |
33 | DocumentRoot /var/www/html |
|
33 | DocumentRoot /var/www/html | |
34 | Redirect permanent / https://rhodecode.myserver.com/ |
|
34 | Redirect permanent / https://rhodecode.myserver.com/ | |
35 | </VirtualHost> |
|
35 | </VirtualHost> | |
36 |
|
36 | |||
37 | ## MAIN SSL enabled server |
|
37 | ## MAIN SSL enabled server | |
38 | <VirtualHost *:443> |
|
38 | <VirtualHost *:443> | |
39 |
|
39 | |||
40 | ServerName rhodecode.myserver.com |
|
40 | ServerName rhodecode.myserver.com | |
41 | ServerAlias rhodecode.myserver.com |
|
41 | ServerAlias rhodecode.myserver.com | |
42 |
|
42 | |||
43 | ## serve static files by Apache, recommended for performance |
|
43 | ## serve static files by Apache, recommended for performance | |
44 | #Alias /_static /home/ubuntu/.rccontrol/community-1/static |
|
44 | #Alias /_static /home/ubuntu/.rccontrol/community-1/static | |
45 |
|
45 | |||
46 | RequestHeader set X-Forwarded-Proto "https" |
|
46 | RequestHeader set X-Forwarded-Proto "https" | |
47 |
|
47 | |||
48 | ## channelstream websocket handling |
|
48 | ## channelstream websocket handling | |
49 | ProxyPass /_channelstream ws://localhost:9800 |
|
49 | ProxyPass /_channelstream ws://localhost:9800 | |
50 | ProxyPassReverse /_channelstream ws://localhost:9800 |
|
50 | ProxyPassReverse /_channelstream ws://localhost:9800 | |
51 |
|
51 | |||
52 | <Proxy *> |
|
52 | <Proxy *> | |
53 | Order allow,deny |
|
53 | Order allow,deny | |
54 | Allow from all |
|
54 | Allow from all | |
55 | </Proxy> |
|
55 | </Proxy> | |
56 |
|
56 | |||
57 | # Directive to properly generate url (clone url) for RhodeCode |
|
57 | # Directive to properly generate url (clone url) for RhodeCode | |
58 | ProxyPreserveHost On |
|
58 | ProxyPreserveHost On | |
59 |
|
59 | |||
60 | # Url to running RhodeCode instance. This is shown as `- URL:` when |
|
60 | # Url to running RhodeCode instance. This is shown as `- URL:` when | |
61 | # running rccontrol status. |
|
61 | # running rccontrol status. | |
62 | ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On |
|
62 | ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On | |
63 | ProxyPassReverse / http://127.0.0.1:10002/ |
|
63 | ProxyPassReverse / http://127.0.0.1:10002/ | |
64 |
|
64 | |||
|
65 | # Increase headers for large Mercurial headers | |||
|
66 | LimitRequestLine 16380 | |||
|
67 | ||||
65 | # strict http prevents from https -> http downgrade |
|
68 | # strict http prevents from https -> http downgrade | |
66 | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" |
|
69 | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" | |
67 |
|
70 | |||
68 | # Set x-frame options |
|
71 | # Set x-frame options | |
69 | Header always append X-Frame-Options SAMEORIGIN |
|
72 | Header always append X-Frame-Options SAMEORIGIN | |
70 |
|
73 | |||
71 | # To enable https use line below |
|
74 | # To enable https use line below | |
72 | # SetEnvIf X-Url-Scheme https HTTPS=1 |
|
75 | # SetEnvIf X-Url-Scheme https HTTPS=1 | |
73 |
|
76 | |||
74 | # SSL setup |
|
77 | # SSL setup | |
75 | SSLEngine On |
|
78 | SSLEngine On | |
76 | SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem |
|
79 | SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem | |
77 | SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key |
|
80 | SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key | |
78 |
|
81 | |||
79 | SSLProtocol all -SSLv2 -SSLv3 |
|
82 | SSLProtocol all -SSLv2 -SSLv3 | |
80 | SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA |
|
83 | SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA | |
81 | SSLHonorCipherOrder on |
|
84 | SSLHonorCipherOrder on | |
82 |
|
85 | |||
83 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits |
|
86 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits | |
84 | #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem" |
|
87 | #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem" | |
85 |
|
88 | |||
86 | </VirtualHost> |
|
89 | </VirtualHost> | |
87 |
|
90 |
General Comments 0
You need to be logged in to leave comments.
Login now