##// END OF EJS Templates
docs: added large header support for Apache
marcink -
r1726:9ad86764 default
parent child Browse files
Show More
@@ -1,87 +1,90 b''
1 .. _apache-conf-eg:
1 .. _apache-conf-eg:
2
2
3 Apache Configuration Example
3 Apache Configuration Example
4 ----------------------------
4 ----------------------------
5
5
6 Use the following example to configure Apache as a your web server.
6 Use the following example to configure Apache as a your web server.
7 Below config if for an Apache Reverse Proxy configuration.
7 Below config if for an Apache Reverse Proxy configuration.
8
8
9 .. note::
9 .. note::
10
10
11 Apache requires the following modules to be enabled. Below is an example
11 Apache requires the following modules to be enabled. Below is an example
12 how to enable them on Ubuntu Server
12 how to enable them on Ubuntu Server
13
13
14
14
15 .. code-block:: bash
15 .. code-block:: bash
16
16
17 $ sudo a2enmod proxy
17 $ sudo a2enmod proxy
18 $ sudo a2enmod proxy_http
18 $ sudo a2enmod proxy_http
19 $ sudo a2enmod proxy_balancer
19 $ sudo a2enmod proxy_balancer
20 $ sudo a2enmod headers
20 $ sudo a2enmod headers
21 $ sudo a2enmod ssl
21 $ sudo a2enmod ssl
22 $ sudo a2enmod rewrite
22 $ sudo a2enmod rewrite
23
23
24 # requires Apache 2.4+, required to handle websockets/channelstream
24 # requires Apache 2.4+, required to handle websockets/channelstream
25 $ sudo a2enmod proxy_wstunnel
25 $ sudo a2enmod proxy_wstunnel
26
26
27
27
28 .. code-block:: apache
28 .. code-block:: apache
29
29
30 ## HTTP to HTTPS rewrite
30 ## HTTP to HTTPS rewrite
31 <VirtualHost *:80>
31 <VirtualHost *:80>
32 ServerName rhodecode.myserver.com
32 ServerName rhodecode.myserver.com
33 DocumentRoot /var/www/html
33 DocumentRoot /var/www/html
34 Redirect permanent / https://rhodecode.myserver.com/
34 Redirect permanent / https://rhodecode.myserver.com/
35 </VirtualHost>
35 </VirtualHost>
36
36
37 ## MAIN SSL enabled server
37 ## MAIN SSL enabled server
38 <VirtualHost *:443>
38 <VirtualHost *:443>
39
39
40 ServerName rhodecode.myserver.com
40 ServerName rhodecode.myserver.com
41 ServerAlias rhodecode.myserver.com
41 ServerAlias rhodecode.myserver.com
42
42
43 ## serve static files by Apache, recommended for performance
43 ## serve static files by Apache, recommended for performance
44 #Alias /_static /home/ubuntu/.rccontrol/community-1/static
44 #Alias /_static /home/ubuntu/.rccontrol/community-1/static
45
45
46 RequestHeader set X-Forwarded-Proto "https"
46 RequestHeader set X-Forwarded-Proto "https"
47
47
48 ## channelstream websocket handling
48 ## channelstream websocket handling
49 ProxyPass /_channelstream ws://localhost:9800
49 ProxyPass /_channelstream ws://localhost:9800
50 ProxyPassReverse /_channelstream ws://localhost:9800
50 ProxyPassReverse /_channelstream ws://localhost:9800
51
51
52 <Proxy *>
52 <Proxy *>
53 Order allow,deny
53 Order allow,deny
54 Allow from all
54 Allow from all
55 </Proxy>
55 </Proxy>
56
56
57 # Directive to properly generate url (clone url) for RhodeCode
57 # Directive to properly generate url (clone url) for RhodeCode
58 ProxyPreserveHost On
58 ProxyPreserveHost On
59
59
60 # Url to running RhodeCode instance. This is shown as `- URL:` when
60 # Url to running RhodeCode instance. This is shown as `- URL:` when
61 # running rccontrol status.
61 # running rccontrol status.
62 ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
62 ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
63 ProxyPassReverse / http://127.0.0.1:10002/
63 ProxyPassReverse / http://127.0.0.1:10002/
64
64
65 # Increase headers for large Mercurial headers
66 LimitRequestLine 16380
67
65 # strict http prevents from https -> http downgrade
68 # strict http prevents from https -> http downgrade
66 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
69 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
67
70
68 # Set x-frame options
71 # Set x-frame options
69 Header always append X-Frame-Options SAMEORIGIN
72 Header always append X-Frame-Options SAMEORIGIN
70
73
71 # To enable https use line below
74 # To enable https use line below
72 # SetEnvIf X-Url-Scheme https HTTPS=1
75 # SetEnvIf X-Url-Scheme https HTTPS=1
73
76
74 # SSL setup
77 # SSL setup
75 SSLEngine On
78 SSLEngine On
76 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
79 SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
77 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
80 SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key
78
81
79 SSLProtocol all -SSLv2 -SSLv3
82 SSLProtocol all -SSLv2 -SSLv3
80 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
83 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
81 SSLHonorCipherOrder on
84 SSLHonorCipherOrder on
82
85
83 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
86 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
84 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
87 #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"
85
88
86 </VirtualHost>
89 </VirtualHost>
87
90
General Comments 0
You need to be logged in to leave comments. Login now