.. _apache-conf-eg: Apache Configuration Examples ----------------------------- Use the following example to securely configure your Apache HTTP virtual hosts file. .. code-block:: apache ServerName hg.myserver.com ServerAlias hg.myserver.com Order allow,deny Allow from all # important ! # Directive to properly generate url (clone url) for pylons ProxyPreserveHost On #rhodecode instance ProxyPass / http://127.0.0.1:5000/ ProxyPassReverse / http://127.0.0.1:5000/ # Set strict HTTPS Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" # Set x-frame options Header always append X-Frame-Options SAMEORIGIN # To enable https use line below # SetEnvIf X-Url-Scheme https HTTPS=1 # Secure your Diffie-hellmann deployment SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}" Use the following example to configure Apache for a multi-node setup. The timeout setting should be increased if you experience timeouts when working with large |repos|. .. code-block:: apache # # Timeout: The number of seconds before receives and sends time out. # Timeout 600 ProxyRequests off #important ! #Directive to properly generate url (clone url) for pylons ProxyPreserveHost On ServerName your.rce.com ServerAlias your.rce.com # WebHead1 BalancerMember http://10.58.1.171:10002 route=1 # WebHead2 BalancerMember http://10.58.1.172:10001 route=2 # Security "technically we aren't blocking # anyone but this the place to make those # chages Order Deny,Allow Deny from none Allow from all # Load Balancer Settings # We will be configuring a simple Round # Robin style load balancer. This means # that all webheads take an equal share of # of the load. ProxySet stickysession=ROUTEID # balancer-manager # This tool is built into the mod_proxy_balancer # module and will allow you to do some simple # modifications to the balanced group via a gui # web interface. SetHandler balancer-manager # recommend locking this one down to your # your office Order deny,allow Allow from all # Point of Balance # This setting will allow to explicitly name the # the location in the site that we want to be # balanced, in this example we will balance "/" # or everything in the site. ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ ProxyPassReverse / balancer://mycluster/