u/pc/rhodecode-enterprise-ce-fork-pc Files · docs/admin/apache-conf-example.rst

pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits....

pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits. This is required to increase the versions on each concurrent call. Otherwise we could get into an integrity errors of commitsha+version+repo

marcink - - Load All Authors

File last commit:

r2145:9fb0230b default


                r3408:2a133f7e

stable

Download file

             apache-conf-example.rst
        
                    103 lines
            
             | 3.8 KiB
            
                | text/x-rst
            
             |
                RstLexer
            
             / docs / admin / apache-conf-example.rst
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
      .. _apache-conf-eg:

      Apache Configuration Example

      ----------------------------

      Use the following example to configure Apache as a your web server.

      Below config if for an Apache Reverse Proxy configuration.

      .. note::

         Apache requires the following modules to be enabled. Below is an example

         how to enable them on Ubuntu Server

      .. code-block:: bash

          $ sudo a2enmod proxy

          $ sudo a2enmod proxy_http

          $ sudo a2enmod proxy_balancer

          $ sudo a2enmod headers

          $ sudo a2enmod ssl

          $ sudo a2enmod rewrite

          # requires Apache 2.4+, required to handle websockets/channelstream

          $ sudo a2enmod proxy_wstunnel

      .. code-block:: apache

          ## HTTP to HTTPS rewrite

          <VirtualHost *:80>

             ServerName rhodecode.myserver.com

             DocumentRoot /var/www/html

             Redirect permanent / https://rhodecode.myserver.com/

          </VirtualHost>

          ## MAIN SSL enabled server

          <VirtualHost *:443>

              ServerName rhodecode.myserver.com

              ServerAlias rhodecode.myserver.com

        marcink
    
docs: updated Apache documentation for serving static files

              r2041
            
              ## Skip ProxyPass the _static to backend server

              #ProxyPass /_static !

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              ## serve static files by Apache, recommended for performance

        marcink
    
docs: updated Apache documentation for serving static files

              r2041
            
              #Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static

              ## Allow Apache to access the static files in this directory

              #<Directory /home/ubuntu/.rccontrol/community-1/static/>

              #    AllowOverride none

              #    Require all granted

              #</Directory>

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              RequestHeader set X-Forwarded-Proto "https"

              ## channelstream websocket handling

              ProxyPass /_channelstream ws://localhost:9800

              ProxyPassReverse /_channelstream ws://localhost:9800

              <Proxy *>

                Order allow,deny

                Allow from all

              </Proxy>

              # Directive to properly generate url (clone url) for RhodeCode

              ProxyPreserveHost On

              # Url to running RhodeCode instance. This is shown as `- URL:` when

              # running rccontrol status.

        marcink
    
conf: updated Apache config with keepalive and timeout....

              r1441
            
              ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              ProxyPassReverse / http://127.0.0.1:10002/

        marcink
    
docs: added large header support for Apache

              r1726
            
              # Increase headers for large Mercurial headers

              LimitRequestLine 16380

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              # strict http prevents from https -> http downgrade

              Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

              # Set x-frame options

              Header always append X-Frame-Options SAMEORIGIN

              # To enable https use line below

              # SetEnvIf X-Url-Scheme https HTTPS=1

              # SSL setup

              SSLEngine On

              SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem

              SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key

              SSLProtocol             all -SSLv2 -SSLv3

              SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

              SSLHonorCipherOrder     on

              # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

              #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"

        marcink
    
docs: added 502 page instructions for nginx and apache

              r2145
            
              ## custom 502 error page. Will be displayed while RhodeCode server

              ## is turned off

              ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
          </VirtualHost>

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink docs: updated nginx/apache configurations....	r1263	.. _apache-conf-eg:

		Apache Configuration Example
		----------------------------

		Use the following example to configure Apache as a your web server.
		Below config if for an Apache Reverse Proxy configuration.

		.. note::

		Apache requires the following modules to be enabled. Below is an example
		how to enable them on Ubuntu Server


		.. code-block:: bash

		$ sudo a2enmod proxy
		$ sudo a2enmod proxy_http
		$ sudo a2enmod proxy_balancer
		$ sudo a2enmod headers
		$ sudo a2enmod ssl
		$ sudo a2enmod rewrite

		# requires Apache 2.4+, required to handle websockets/channelstream
		$ sudo a2enmod proxy_wstunnel


		.. code-block:: apache

		## HTTP to HTTPS rewrite
		<VirtualHost *:80>
		ServerName rhodecode.myserver.com
		DocumentRoot /var/www/html
		Redirect permanent / https://rhodecode.myserver.com/
		</VirtualHost>

		## MAIN SSL enabled server
		<VirtualHost *:443>

		ServerName rhodecode.myserver.com
		ServerAlias rhodecode.myserver.com

marcink docs: updated Apache documentation for serving static files	r2041	## Skip ProxyPass the _static to backend server
		#ProxyPass /_static !

marcink docs: updated nginx/apache configurations....	r1263	## serve static files by Apache, recommended for performance
marcink docs: updated Apache documentation for serving static files	r2041	#Alias /_static/rhodecode /home/ubuntu/.rccontrol/community-1/static

		## Allow Apache to access the static files in this directory
		#<Directory /home/ubuntu/.rccontrol/community-1/static/>
		# AllowOverride none
		# Require all granted
		#</Directory>
marcink docs: updated nginx/apache configurations....	r1263
		RequestHeader set X-Forwarded-Proto "https"

		## channelstream websocket handling
		ProxyPass /_channelstream ws://localhost:9800
		ProxyPassReverse /_channelstream ws://localhost:9800

		<Proxy *>
		Order allow,deny
		Allow from all
		</Proxy>

		# Directive to properly generate url (clone url) for RhodeCode
		ProxyPreserveHost On

		# Url to running RhodeCode instance. This is shown as `- URL:` when
		# running rccontrol status.
marcink conf: updated Apache config with keepalive and timeout....	r1441	ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
marcink docs: updated nginx/apache configurations....	r1263	ProxyPassReverse / http://127.0.0.1:10002/

marcink docs: added large header support for Apache	r1726	# Increase headers for large Mercurial headers
		LimitRequestLine 16380

marcink docs: updated nginx/apache configurations....	r1263	# strict http prevents from https -> http downgrade
		Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

		# Set x-frame options
		Header always append X-Frame-Options SAMEORIGIN

		# To enable https use line below
		# SetEnvIf X-Url-Scheme https HTTPS=1

		# SSL setup
		SSLEngine On
		SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem
		SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key

		SSLProtocol all -SSLv2 -SSLv3
		SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
		SSLHonorCipherOrder on

		# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
		#SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem"

marcink docs: added 502 page instructions for nginx and apache	r2145	## custom 502 error page. Will be displayed while RhodeCode server
		## is turned off
		ErrorDocument 502 /path/to/.rccontrol/enterprise-1/static/502.html

marcink docs: updated nginx/apache configurations....	r1263	</VirtualHost>