##// END OF EJS Templates
merge: merged default into stable
merge: merged default into stable

File last commit:

r1:854a839a default
r16:170c5398 merge v4.0.1 stable
Show More
apache-conf-examples.rst
114 lines | 4.1 KiB | text/x-rst | RstLexer
/ docs / admin / apache-conf-examples.rst

Apache Configuration Examples

Use the following example to securely configure your Apache HTTP virtual hosts file.

<VirtualHost *:80>
    ServerName hg.myserver.com
    ServerAlias hg.myserver.com

    <Proxy *>
      Order allow,deny
      Allow from all
    </Proxy>

    # important !
    # Directive to properly generate url (clone url) for pylons

    ProxyPreserveHost On

    #rhodecode instance
    ProxyPass / http://127.0.0.1:5000/
    ProxyPassReverse / http://127.0.0.1:5000/

    # Set strict HTTPS
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

    # Set x-frame options
    Header always append X-Frame-Options SAMEORIGIN

    # To enable https use line below
    # SetEnvIf X-Url-Scheme https HTTPS=1

    # Secure your Diffie-hellmann deployment
    SSLProtocol             all -SSLv2 -SSLv3
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"

</VirtualHost>

Use the following example to configure Apache for a multi-node setup. The timeout setting should be increased if you experience timeouts when working with large |repos|.

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 600

<VirtualHost *:80>

        ProxyRequests off

        #important !
        #Directive to properly generate url (clone url) for pylons
        ProxyPreserveHost On

        ServerName your.rce.com
        ServerAlias your.rce.com

        <Proxy balancer://mycluster>
                # WebHead1
                BalancerMember http://10.58.1.171:10002 route=1
                # WebHead2
                BalancerMember http://10.58.1.172:10001 route=2

                # Security "technically we aren't blocking
                # anyone but this the place to make those
                # chages
                Order Deny,Allow
                Deny from none
                Allow from all

                # Load Balancer Settings
                # We will be configuring a simple Round
                # Robin style load balancer. This means
                # that all webheads take an equal share of
                # of the load.
                ProxySet stickysession=ROUTEID

        </Proxy>

        # balancer-manager
        # This tool is built into the mod_proxy_balancer
        # module and will allow you to do some simple
        # modifications to the balanced group via a gui
        # web interface.
        <Location /balancer-manager>
                SetHandler balancer-manager

                # recommend locking this one down to your
                # your office
               Order deny,allow
                Allow from all
        </Location>

        # Point of Balance
        # This setting will allow to explicitly name the
        # the location in the site that we want to be
        # balanced, in this example we will balance "/"
        # or everything in the site.
        ProxyPass /balancer-manager !
        ProxyPass / balancer://mycluster/

        ProxyPassReverse / balancer://mycluster/

</VirtualHost>