Skip to content
Snippets Groups Projects

[WIP] Substitute rewrite with proxypass.

Open [WIP] Substitute rewrite with proxypass.
63-gitlab-omnibus-ssl-apache24-conf-proxypass-vs-rewriterule into master
Open username-removed-293650 requested to merge 63-gitlab-omnibus-ssl-apache24-conf-proxypass-vs-rewriterule into master

This MR aims to substitute the rewrite rule with proxypass.

@mosmani how should the location block for root look like?

Closes #63

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • username-removed-293650
    username-removed-293650 @balameb ·
    Author

    @mosmani please see question on description and review.

  • username-removed-938690
    username-removed-938690 @mosmani ·

    @balameb here is the complete vhost, you dont need a location definition:

    ### set in gitlab.rb
# nginx
#external_url 'https://gitlab.example.com'
#nginx['enable'] = false
#
# workhorse
#gitlab_workhorse['listen_network'] = "tcp"
#gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
#web_server['external_users'] = ['www-data']
#
# rails app
#gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
#gitlab_rails['time_zone'] = 'Europe/Berlin'

<VirtualHost *:80>
    ServerName gitlab.example.com

    Redirect permanent "/" "https://gitlab.example.com/"
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName gitlab.example.com

    ProxyRequests Off
    SSLProxyEngine On
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode

    ProxyPass / http://127.0.0.1:8181/ keepalive=On connectiontimeout=10 retry=0
    ProxyPassReverse / http://127.0.0.1:8181/

    RequestHeader set X_FORWARDED_PROTO 'https'
    RequestHeader set X-Forwarded-Ssl on

    SSLEngine on
    SSLCertificateFile    /etc/apache2/ssl.crt/gitlab.example.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/gitlab.example.com.key

    ErrorLog  ${APACHE_LOG_DIR}/gitlab.example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/gitlab.example.com-access.log combined
</VirtualHost>
</IfModule>
    Edited by username-removed-938690
  • username-removed-293650
    username-removed-293650 @balameb ·
    Author

    @mosmani right but what about other options such as SSLProtocol all -SSLv2or the ErrorDocument options? Don't we want to include those as well?

  • username-removed-938690
    username-removed-938690 @mosmani ·

    When you start using mod_proxy with "/" then every other directive concerning conent (ErrorDocument) is useless because every request will be routed through the proxy to the backend.

    From my point of view every person who calls him "admin" should care about the SSL/TLS Security of his server in general and not only for one vhost thats why i didnt insert all SSL/TLS options in my generic vhost suggestion.

Please register or sign in to reply