Skip to content

Commit fabeb6a

Browse files
axilleasaxilleas
committed
Enhance existing apache config. Implement #50 and #79
Beware that adding `ProxyPass /uploads !` would be a security issue, since uploads are publicly available without any authentification by default. See: https://github.com/gitlabhq/gitlabhq/issues/348#issuecomment-21682402
1 parent 04eb186 commit fabeb6a

File tree

1 file changed

+29
-6
lines changed

1 file changed

+29
-6
lines changed

web-server/apache/gitlab

Lines changed: 29 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,59 @@
1-
# require apache module mod_proxy and mod_proxy_http
1+
# Requires apache modules: mod_proxy and mod_proxy_http
2+
# In Debian based distros enable with: sudo a2enmod mod_proxy mod_proxy_http
3+
# Change ServerName to your fqdn
4+
25
<VirtualHost *:80>
36
ServerName gitlab.example.com
47
#ServerAlias git.example.com
58

6-
# Uncomment if you want redirect from HTTP to HTTPS
9+
# Uncomment the following 3 lines if you want to redirect HTTP to HTTPS
10+
711
#RewriteEngine on
812
#RewriteCond %{SERVER_PORT} ^80$
913
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
1014

15+
ProxyPass /uploads !
16+
ProxyPass /error !
1117
ProxyPass / http://127.0.0.1:3000/
1218
ProxyPassReverse / http://127.0.0.1:3000/
1319
ProxyPreserveHost On
1420

1521
CustomLog /var/log/apache2/gitlab/access.log combined
1622
ErrorLog /var/log/apache2/gitlab/error.log
23+
24+
# Modify path to your needs (needed for downloading attachments)
25+
DocumentRoot /home/git/gitlab/public
26+
27+
<Location />
28+
Order allow,deny
29+
Allow from all
30+
</Location>
31+
1732
</VirtualHost>
33+
1834
<VirtualHost *:443>
1935
ServerName gitlab.example.com
2036
ServerAdmin gitlab@example.com
2137

2238
SSLEngine On
2339
SSLCertificateFile /etc/apache2/ssl/server.crt
2440
SSLCertificateKeyFile /etc/apache2/ssl/server.key
25-
#SSLCertificateChainFile /etc/apache2/ssl/cacert.pem
26-
27-
# Uncomment the following line to prevent redirects to http on https only vhosts
28-
#RequestHeader set X-Forwarded-Proto "https"
2941

42+
ProxyPass /uploads !
43+
ProxyPass /error !
3044
ProxyPass / http://127.0.0.1:3000/
3145
ProxyPassReverse / http://127.0.0.1:3000/
3246
ProxyPreserveHost On
3347

3448
CustomLog /var/log/apache2/gitlab/access.log combined
3549
ErrorLog /var/log/apache2/gitlab/error.log
50+
51+
# Modify path to your needs (needed for downloading attachments)
52+
DocumentRoot /home/git/gitlab/public
53+
54+
<Location />
55+
Order allow,deny
56+
Allow from all
57+
</Location>
58+
3659
</VirtualHost>

0 commit comments

Comments
 (0)