[packages/gitlab-ce] apache: update https section
glen
glen at pld-linux.org
Thu Nov 3 23:08:14 CET 2016
commit 3ed674bdae5da7de504f386ca73da69ebf9974bd
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Fri Nov 4 00:05:00 2016 +0200
apache: update https section
from
https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/apache/gitlab-ssl-apache24.conf
apache.conf | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
---
diff --git a/apache.conf b/apache.conf
index 81db17b..86bae89 100644
--- a/apache.conf
+++ b/apache.conf
@@ -8,11 +8,42 @@
# Module dependencies
# mod_rewrite
+# mod_ssl (https)
# mod_proxy
# mod_proxy_http
+# mod_headers (https)
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
<VirtualHost *:80>
ServerName gitlab.example.org
- ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName gitlab.example.org
+
+<IfModule mod_ssl.c>
+ SSLEngine on
+ # strong encryption ciphers only
+ # see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+ SSLProtocol all -SSLv2
+ SSLHonorCipherOrder on
+ SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ SSLCompression Off
+ SSLCertificateFile /etc/httpd/ssl/server.crt
+ SSLCertificateKeyFile /etc/httpd/ssl/server.key
+ SSLCACertificateFile /etc/httpd/ssl/ca.crt
+
+ # When enabling these, ensure 'https' is set to 'true' in /etc/gitlab/gitlab.yml
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+</IfModule>
+
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/gitlab-ce.git/commitdiff/3ed674bdae5da7de504f386ca73da69ebf9974bd
More information about the pld-cvs-commit
mailing list