u/pc/rhodecode-enterprise-ce-fork-pc Files · docs/admin/nginx-config-example.rst

http-proto: in case incoming requests come in as chunked stream the data to VCSServer....

http-proto: in case incoming requests come in as chunked stream the data to VCSServer. This should solve a problem of uploading large files to rhodecode. In case of git with small postBuffers GIT client streams data to the server. In such case we want to stream the data back again to vcsserver without reading it fully inside RhodeCode.

marcink - - Load All Authors

File last commit:

r1263:dd531307 default


                r1423:8b2e03e1

default

Download file

             nginx-config-example.rst
        
                    124 lines
            
             | 5.4 KiB
            
                | text/x-rst
            
             |
                RstLexer
            
             / docs / admin / nginx-config-example.rst
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
project: added all source files and assets

              r1
            
      Nginx Configuration Example

      ---------------------------

      Use the following example to configure Nginx as a your web server.

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
        marcink
    
project: added all source files and assets

              r1
            
      .. code-block:: nginx

        marcink
    
docs: updated nginx example...

              r636
            
          log_format log_custom '$remote_addr - $remote_user [$time_local] '

                                '"$request" $status $body_bytes_sent '

                                '"$http_referer" "$http_user_agent" '

                                '$request_time $upstream_response_time $pipe';

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
          ## define upstream (local RhodeCode instance) to connect to

        marcink
    
project: added all source files and assets

              r1
            
          upstream rc {

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              # Url to running RhodeCode instance.

              # This is shown as `- URL:` in output from rccontrol status.

        marcink
    
docs: updated apache/nginx configs

              r120
            
              server 127.0.0.1:10002;

        marcink
    
project: added all source files and assets

              r1
            
              # add more instances for load balancing

        marcink
    
docs: updated apache/nginx configs

              r120
            
              # server 127.0.0.1:10003;

              # server 127.0.0.1:10004;

        marcink
    
project: added all source files and assets

              r1
            
          }

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
          ## HTTP to HTTPS rewrite

          server {

              listen          80;

              server_name     rhodecode.myserver.com;

        marcink
    
project: added all source files and assets

              r1
            
        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              if ($http_host = rhodecode.myserver.com) {

                  rewrite  (.*)  https://rhodecode.myserver.com$1 permanent;

              }

          }

          ## Optional gist alias server, for serving nicer GIST urls.

        marcink
    
project: added all source files and assets

              r1
            
          server {

              listen          443;

              server_name     gist.myserver.com;

        marcink
    
docs: updated nginx example...

              r636
            
              access_log      /var/log/nginx/gist.access.log log_custom;

        marcink
    
project: added all source files and assets

              r1
            
              error_log       /var/log/nginx/gist.error.log;

              ssl on;

              ssl_certificate     gist.rhodecode.myserver.com.crt;

              ssl_certificate_key gist.rhodecode.myserver.com.key;

              ssl_session_timeout 5m;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        marcink
    
project: added all source files and assets

              r1
            
              ssl_prefer_server_ciphers on;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              # strict http prevents from https -> http downgrade

        marcink
    
project: added all source files and assets

              r1
            
              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

              # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

        marcink
    
docs: updated nginx example...

              r636
            
              #ssl_dhparam /etc/nginx/ssl/dhparam.pem;

        marcink
    
project: added all source files and assets

              r1
            
              rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;

              rewrite (.*)    https://rhodecode.myserver.com/_admin/gists;

          }

        marcink
    
docs: updated nginx example...

              r636
            
          ## MAIN SSL enabled server

          server {

              listen       443 ssl;

              server_name  rhodecode.myserver.com;

              access_log   /var/log/nginx/rhodecode.access.log log_custom;

              error_log    /var/log/nginx/rhodecode.error.log;

        marcink
    
project: added all source files and assets

              r1
            
              ssl on;

              ssl_certificate     rhodecode.myserver.com.crt;

              ssl_certificate_key rhodecode.myserver.com.key;

              ssl_session_timeout 5m;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        marcink
    
project: added all source files and assets

              r1
            
              ssl_prefer_server_ciphers on;

        marcink
    
docs: updated nginx example...

              r636
            
              ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

        marcink
    
project: added all source files and assets

              r1
            
        marcink
    
docs: updated nginx example...

              r636
            
              # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

              #ssl_dhparam /etc/nginx/ssl/dhparam.pem;

        marcink
    
project: added all source files and assets

              r1
            
        marcink
    
docs: updated nginx example...

              r636
            
              include     /etc/nginx/proxy.conf;

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              ## serve static files by Nginx, recommended for performance

        marcink
    
static: change static path to serve rhodecode static assets from...

              r522
            
              # location /_static/rhodecode {

        dan
    
docs: update example nginx/apache configs to use .rccontrol static path

              r457
            
              #    alias /path/to/.rccontrol/enterprise-1/static;

        dan
    
config: update ini/config files to account for /_static path

              r456
            
              # }

        marcink
    
docs: updated apache/nginx configs

              r120
            
        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
              ## channelstream websocket handling

        marcink
    
docs: added channelstream example

              r477
            
              location /_channelstream {

                  rewrite /_channelstream/(.*) /$1 break;

        marcink
    
docs: updated nginx/apache configurations....

              r1263
            
        marcink
    
docs: updated nginx example...

              r636
            
                  proxy_pass                  http://127.0.0.1:9800;

        marcink
    
docs: added channelstream example

              r477
            
                  proxy_connect_timeout        10;

                  proxy_send_timeout           10m;

                  proxy_read_timeout           10m;

        marcink
    
docs: updated nginx example...

              r636
            
                  tcp_nodelay                  off;

        marcink
    
docs: added channelstream example

              r477
            
                  proxy_set_header             Host $host;

                  proxy_set_header             X-Real-IP $remote_addr;

        marcink
    
docs: updated nginx example...

              r636
            
                  proxy_set_header             X-Url-Scheme $scheme;

                  proxy_set_header             X-Forwarded-Proto $scheme;

                  proxy_set_header             X-Forwarded-For $proxy_add_x_forwarded_for;

        marcink
    
docs: added channelstream example

              r477
            
                  gzip                         off;

                  proxy_http_version           1.1;

                  proxy_set_header Upgrade     $http_upgrade;

                  proxy_set_header Connection  "upgrade";

              }

        marcink
    
docs: updated apache/nginx configs

              r120
            
              location / {

                  try_files $uri @rhode;

              }

        marcink
    
project: added all source files and assets

              r1
            
        marcink
    
docs: added channelstream example

              r477
            
              location @rhode {

                  proxy_pass      http://rc;

              }

        marcink
    
docs: updated nginx example...

              r636
            
              ## custom 502 error page

              error_page 502 /502.html;

              location = /502.html {

                 root  /path/to/.rccontrol/enterprise-1/static;

              }

          }

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink project: added all source files and assets	r1	Nginx Configuration Example
		---------------------------

		Use the following example to configure Nginx as a your web server.

marcink docs: updated nginx/apache configurations....	r1263
marcink project: added all source files and assets	r1	.. code-block:: nginx

marcink docs: updated nginx example...	r636	log_format log_custom '$remote_addr - $remote_user [$time_local] '
		'"$request" $status $body_bytes_sent '
		'"$http_referer" "$http_user_agent" '
		'$request_time $upstream_response_time $pipe';

marcink docs: updated nginx/apache configurations....	r1263	## define upstream (local RhodeCode instance) to connect to
marcink project: added all source files and assets	r1	upstream rc {
marcink docs: updated nginx/apache configurations....	r1263	# Url to running RhodeCode instance.
		# This is shown as `- URL:` in output from rccontrol status.
marcink docs: updated apache/nginx configs	r120	server 127.0.0.1:10002;
marcink project: added all source files and assets	r1
		# add more instances for load balancing
marcink docs: updated apache/nginx configs	r120	# server 127.0.0.1:10003;
		# server 127.0.0.1:10004;
marcink project: added all source files and assets	r1	}

marcink docs: updated nginx/apache configurations....	r1263	## HTTP to HTTPS rewrite
		server {
		listen 80;
		server_name rhodecode.myserver.com;
marcink project: added all source files and assets	r1
marcink docs: updated nginx/apache configurations....	r1263	if ($http_host = rhodecode.myserver.com) {
		rewrite (.*) https://rhodecode.myserver.com$1 permanent;
		}
		}

		## Optional gist alias server, for serving nicer GIST urls.
marcink project: added all source files and assets	r1	server {
		listen 443;
		server_name gist.myserver.com;
marcink docs: updated nginx example...	r636	access_log /var/log/nginx/gist.access.log log_custom;
marcink project: added all source files and assets	r1	error_log /var/log/nginx/gist.error.log;

		ssl on;
		ssl_certificate gist.rhodecode.myserver.com.crt;
		ssl_certificate_key gist.rhodecode.myserver.com.key;

		ssl_session_timeout 5m;

marcink docs: updated nginx example...	r636	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
marcink project: added all source files and assets	r1	ssl_prefer_server_ciphers on;
marcink docs: updated nginx example...	r636	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

marcink docs: updated nginx/apache configurations....	r1263	# strict http prevents from https -> http downgrade
marcink project: added all source files and assets	r1	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

		# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
marcink docs: updated nginx example...	r636	#ssl_dhparam /etc/nginx/ssl/dhparam.pem;
marcink project: added all source files and assets	r1
		rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
		rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
		}

marcink docs: updated nginx example...	r636
		## MAIN SSL enabled server
		server {
		listen 443 ssl;
		server_name rhodecode.myserver.com;

		access_log /var/log/nginx/rhodecode.access.log log_custom;
		error_log /var/log/nginx/rhodecode.error.log;
marcink project: added all source files and assets	r1
		ssl on;
		ssl_certificate rhodecode.myserver.com.crt;
		ssl_certificate_key rhodecode.myserver.com.key;

		ssl_session_timeout 5m;

marcink docs: updated nginx example...	r636	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
marcink project: added all source files and assets	r1	ssl_prefer_server_ciphers on;
marcink docs: updated nginx example...	r636	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
marcink project: added all source files and assets	r1
marcink docs: updated nginx example...	r636	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
		#ssl_dhparam /etc/nginx/ssl/dhparam.pem;
marcink project: added all source files and assets	r1
marcink docs: updated nginx example...	r636	include /etc/nginx/proxy.conf;

marcink docs: updated nginx/apache configurations....	r1263	## serve static files by Nginx, recommended for performance
marcink static: change static path to serve rhodecode static assets from...	r522	# location /_static/rhodecode {
dan docs: update example nginx/apache configs to use .rccontrol static path	r457	# alias /path/to/.rccontrol/enterprise-1/static;
dan config: update ini/config files to account for /_static path	r456	# }
marcink docs: updated apache/nginx configs	r120
marcink docs: updated nginx/apache configurations....	r1263	## channelstream websocket handling
marcink docs: added channelstream example	r477	location /_channelstream {
		rewrite /_channelstream/(.*) /$1 break;
marcink docs: updated nginx/apache configurations....	r1263
marcink docs: updated nginx example...	r636	proxy_pass http://127.0.0.1:9800;

marcink docs: added channelstream example	r477	proxy_connect_timeout 10;
		proxy_send_timeout 10m;
		proxy_read_timeout 10m;
marcink docs: updated nginx example...	r636	tcp_nodelay off;
marcink docs: added channelstream example	r477	proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
marcink docs: updated nginx example...	r636	proxy_set_header X-Url-Scheme $scheme;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
marcink docs: added channelstream example	r477	gzip off;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		}

marcink docs: updated apache/nginx configs	r120	location / {
		try_files $uri @rhode;
		}
marcink project: added all source files and assets	r1
marcink docs: added channelstream example	r477	location @rhode {
		proxy_pass http://rc;
		}
marcink docs: updated nginx example...	r636
		## custom 502 error page
		error_page 502 /502.html;
		location = /502.html {
		root /path/to/.rccontrol/enterprise-1/static;
		}
		}