[packages/gitlab-ce] apache: update https section

Thu, 03 Nov 2016 15:09:13 -0700 

commit 3ed674bdae5da7de504f386ca73da69ebf9974bd
Author: Elan Ruusamäe <[email protected]>
Date:   Fri Nov 4 00:05:00 2016 +0200

    apache: update https section
    
    from
    
https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/apache/gitlab-ssl-apache24.conf

 apache.conf | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)
---
diff --git a/apache.conf b/apache.conf
index 81db17b..86bae89 100644
--- a/apache.conf
+++ b/apache.conf
@@ -8,11 +8,42 @@
 
 # Module dependencies
 #  mod_rewrite
+#  mod_ssl (https)
 #  mod_proxy
 #  mod_proxy_http
+#  mod_headers (https)
+
+# This section is only needed if you want to redirect http traffic to https.
+# You can live without it but clients will have to type in https:// to reach 
gitlab.
 <VirtualHost *:80>
        ServerName gitlab.example.org
-       ServerSignature Off
+
+       RewriteEngine on
+       RewriteCond %{HTTPS} !=on
+       RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+       ServerName gitlab.example.org
+
+<IfModule mod_ssl.c>
+       SSLEngine on
+       # strong encryption ciphers only
+       # see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+       SSLProtocol all -SSLv2
+       SSLHonorCipherOrder on
+       SSLCipherSuite 
"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+       Header add Strict-Transport-Security: 
"max-age=15768000;includeSubdomains"
+       SSLCompression Off
+       SSLCertificateFile /etc/httpd/ssl/server.crt
+       SSLCertificateKeyFile /etc/httpd/ssl/server.key
+       SSLCACertificateFile /etc/httpd/ssl/ca.crt
+
+       # When enabling these, ensure 'https' is set to 'true' in 
/etc/gitlab/gitlab.yml
+       RequestHeader set X_FORWARDED_PROTO 'https'
+       RequestHeader set X-Forwarded-Ssl on
+</IfModule>
+
        ProxyPreserveHost On
 
        # Ensure that encoded slashes are not decoded but left in their encoded 
state.
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/gitlab-ce.git/commitdiff/3ed674bdae5da7de504f386ca73da69ebf9974bd

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to