##// END OF EJS Templates
u » pc » rhodecode-enterprise-ce-fork-pc
RSS

Fork of rhodecode-enterprise-ce

integrations: refactor/cleanup + features, fixes #4181...
integrations: refactor/cleanup + features, fixes #4181 * added scopes on integrations, scopes are: - repo only - repogroup children only - root repos only - global (any repo) * integrations schemas now have separate section for the settings (eg. slack) and options (eg. scope/enabled) * added descriptions to integration types * added icons to integration types * added 'create new' integration page * added scope of integration to integrations list * added breadcrumbs for each repo/repogroup/global integrations pages * added sorting to integrations list * added pagination to integrations list * added icons to integrations list * added type filter to integrations list * added message to integrations list if none we found * added extra permissions check on integrations views * db migration from 56 => 57 - adds child_repos_only field * added tests for integrations triggered on events * added tests for integrations schemas * added tests for integrations views for repo/repogroup/admin
marcink - - Load All Authors

File last commit:

r1:854a839a default
r731:7a6d3636 default
Show More
sec-x-frame.rst
56 lines | 1.8 KiB | text/x-rst | RstLexer
/ docs / admin / sec-x-frame.rst
History | Annotation | Raw |Copy content |Copy permalink

Securing HTTPS Connections

  • To secure your |RCE| instance against Cross Frame Scripting exploits, you should configure your webserver x-frame-options setting.
  • To configure your instance for HTTP Strict Transport Security, you need to configure the Strict-Transport-Security setting.

Nginx

In your nginx configuration, add the following lines in the correct files. For more detailed information see the :ref:`nginx-ws-ref` section.

# Add this line to the nginx.conf file
add_header X-Frame-Options SAMEORIGIN;

# This line needs to be added inside your virtual hosts block/file
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

Apache

In your :file:`apache2.conf` file, add the following line. For more detailed information see the :ref:`apache-ws-ref` section.

# Add this to your virtual hosts file
Header always append X-Frame-Options SAMEORIGIN

# Add this line in your virtual hosts file
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

|RCE| Configuration

|RCE| can also be configured to force strict https connections and Strict Transport Security. To set this, configure the following options to true in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.

## force https in RhodeCode, fixes https redirects, assumes it's always https
force_https = false

## use Strict-Transport-Security headers
use_htsts = false