Show More
apache-conf-example.rst
90 lines
| 3.3 KiB
| text/x-rst
|
RstLexer
Apache Configuration Example
Use the following example to configure Apache as a your web server. Below config if for an Apache Reverse Proxy configuration.
Note
Apache requires the following modules to be enabled. Below is an example how to enable them on Ubuntu Server
$ sudo a2enmod proxy $ sudo a2enmod proxy_http $ sudo a2enmod proxy_balancer $ sudo a2enmod headers $ sudo a2enmod ssl $ sudo a2enmod rewrite # requires Apache 2.4+, required to handle websockets/channelstream $ sudo a2enmod proxy_wstunnel
## HTTP to HTTPS rewrite <VirtualHost *:80> ServerName rhodecode.myserver.com DocumentRoot /var/www/html Redirect permanent / https://rhodecode.myserver.com/ </VirtualHost> ## MAIN SSL enabled server <VirtualHost *:443> ServerName rhodecode.myserver.com ServerAlias rhodecode.myserver.com ## serve static files by Apache, recommended for performance #Alias /_static /home/ubuntu/.rccontrol/community-1/static RequestHeader set X-Forwarded-Proto "https" ## channelstream websocket handling ProxyPass /_channelstream ws://localhost:9800 ProxyPassReverse /_channelstream ws://localhost:9800 <Proxy *> Order allow,deny Allow from all </Proxy> # Directive to properly generate url (clone url) for RhodeCode ProxyPreserveHost On # Url to running RhodeCode instance. This is shown as `- URL:` when # running rccontrol status. ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On ProxyPassReverse / http://127.0.0.1:10002/ # Increase headers for large Mercurial headers LimitRequestLine 16380 # strict http prevents from https -> http downgrade Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" # Set x-frame options Header always append X-Frame-Options SAMEORIGIN # To enable https use line below # SetEnvIf X-Url-Scheme https HTTPS=1 # SSL setup SSLEngine On SSLCertificateFile /etc/apache2/ssl/rhodecode.myserver.pem SSLCertificateKeyFile /etc/apache2/ssl/rhodecode.myserver.key SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits #SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem" </VirtualHost>