##// END OF EJS Templates
u » pc » rhodecode-enterprise-ce-fork-pc
RSS

Fork of rhodecode-enterprise-ce

docs: updated nginx example...
marcink -
r636:546e87c2 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -5,6 +5,11 b' Use the following example to configure N'
5 5
6 6 .. code-block:: nginx
7 7
8 log_format log_custom '$remote_addr - $remote_user [$time_local] '
9 '"$request" $status $body_bytes_sent '
10 '"$http_referer" "$http_user_agent" '
11 '$request_time $upstream_response_time $pipe';
12
8 13 upstream rc {
9 14
10 15 server 127.0.0.1:10002;
@@ -14,12 +19,12 b' Use the following example to configure N'
14 19 # server 127.0.0.1:10004;
15 20 }
16 21
17 ## gist alias
22 ## gist alias server, for serving nicer GIST urls
18 23
19 24 server {
20 25 listen 443;
21 26 server_name gist.myserver.com;
22 access_log /var/log/nginx/gist.access.log;
27 access_log /var/log/nginx/gist.access.log log_custom;
23 28 error_log /var/log/nginx/gist.error.log;
24 29
25 30 ssl on;
@@ -28,23 +33,36 b' Use the following example to configure N'
28 33
29 34 ssl_session_timeout 5m;
30 35
31 ssl_protocols SSLv3 TLSv1;
32 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
36 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
33 37 ssl_prefer_server_ciphers on;
38 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
39
34 40 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
35 41
36 42 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
37 ssl_dhparam /etc/nginx/ssl/dhparam.pem;
43 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
38 44
39 45 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
40 46 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
41 47 }
42 48
49 ## HTTP to HTTPS rewrite
43 50 server {
44 listen 443;
51 listen 80;
45 52 server_name rhodecode.myserver.com;
46 access_log /var/log/nginx/rhodecode.access.log;
47 error_log /var/log/nginx/rhodecode.error.log;
53
54 if ($http_host = rhodecode.myserver.com) {
55 rewrite (.*) https://rhodecode.myserver.com$1 permanent;
56 }
57 }
58
59 ## MAIN SSL enabled server
60 server {
61 listen 443 ssl;
62 server_name rhodecode.myserver.com;
63
64 access_log /var/log/nginx/rhodecode.access.log log_custom;
65 error_log /var/log/nginx/rhodecode.error.log;
48 66
49 67 ssl on;
50 68 ssl_certificate rhodecode.myserver.com.crt;
@@ -52,13 +70,16 b' Use the following example to configure N'
52 70
53 71 ssl_session_timeout 5m;
54 72
55 ssl_protocols SSLv3 TLSv1;
56 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
73 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
57 74 ssl_prefer_server_ciphers on;
75 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
58 76
59 include /etc/nginx/proxy.conf;
77 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
78 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
60 79
61 ## uncomment to serve static files by nginx
80 include /etc/nginx/proxy.conf;
81
82 ## serve static files by nginx, recommended
62 83 # location /_static/rhodecode {
63 84 # alias /path/to/.rccontrol/enterprise-1/static;
64 85 # }
@@ -66,16 +87,17 b' Use the following example to configure N'
66 87 ## channel stream live components
67 88 location /_channelstream {
68 89 rewrite /_channelstream/(.*) /$1 break;
90 proxy_pass http://127.0.0.1:9800;
91
69 92 proxy_connect_timeout 10;
70 93 proxy_send_timeout 10m;
71 94 proxy_read_timeout 10m;
72 tcp_nodelay off;
73 proxy_pass http://127.0.0.1:9800;
95 tcp_nodelay off;
74 96 proxy_set_header Host $host;
75 97 proxy_set_header X-Real-IP $remote_addr;
76 proxy_set_header X-Url-Scheme $scheme;
77 proxy_set_header X-Forwarded-Proto $scheme;
78 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
98 proxy_set_header X-Url-Scheme $scheme;
99 proxy_set_header X-Forwarded-Proto $scheme;
100 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
79 101 gzip off;
80 102 proxy_http_version 1.1;
81 103 proxy_set_header Upgrade $http_upgrade;
@@ -89,4 +111,10 b' Use the following example to configure N'
89 111 location @rhode {
90 112 proxy_pass http://rc;
91 113 }
92 }
114
115 ## custom 502 error page
116 error_page 502 /502.html;
117 location = /502.html {
118 root /path/to/.rccontrol/enterprise-1/static;
119 }
120 } No newline at end of file
General Comments 0
You need to be logged in to leave comments. Login now