[packages/gitlab-ce] apache: update https section

glen glen at pld-linux.org
Thu Nov 3 23:08:14 CET 2016


commit 3ed674bdae5da7de504f386ca73da69ebf9974bd
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Fri Nov 4 00:05:00 2016 +0200

    apache: update https section
    
    from
    https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/apache/gitlab-ssl-apache24.conf

 apache.conf | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)
---
diff --git a/apache.conf b/apache.conf
index 81db17b..86bae89 100644
--- a/apache.conf
+++ b/apache.conf
@@ -8,11 +8,42 @@
 
 # Module dependencies
 #  mod_rewrite
+#  mod_ssl (https)
 #  mod_proxy
 #  mod_proxy_http
+#  mod_headers (https)
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach gitlab.
 <VirtualHost *:80>
 	ServerName gitlab.example.org
-	ServerSignature Off
+
+	RewriteEngine on
+	RewriteCond %{HTTPS} !=on
+	RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName gitlab.example.org
+
+<IfModule mod_ssl.c>
+	SSLEngine on
+	# strong encryption ciphers only
+	# see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+	SSLProtocol all -SSLv2
+	SSLHonorCipherOrder on
+	SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+	Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+	SSLCompression Off
+	SSLCertificateFile /etc/httpd/ssl/server.crt
+	SSLCertificateKeyFile /etc/httpd/ssl/server.key
+	SSLCACertificateFile /etc/httpd/ssl/ca.crt
+
+	# When enabling these, ensure 'https' is set to 'true' in /etc/gitlab/gitlab.yml
+	RequestHeader set X_FORWARDED_PROTO 'https'
+	RequestHeader set X-Forwarded-Ssl on
+</IfModule>
+
 	ProxyPreserveHost On
 
 	# Ensure that encoded slashes are not decoded but left in their encoded state.
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/gitlab-ce.git/commitdiff/3ed674bdae5da7de504f386ca73da69ebf9974bd



More information about the pld-cvs-commit mailing list