4a0964066e
This fixes directly linked changes redirecting to an incorrect port. Example: https://review.opendev.org/712697 => Location: https://review.opendev.org:80/c/openstack/nova/+/712697/ https://bugs.chromium.org/p/gerrit/issues/detail?id=13701 Change-Id: I750c9048b85f119b309ab676b930a201d81f9099
91 lines
2.5 KiB
Django/Jinja
91 lines
2.5 KiB
Django/Jinja
<VirtualHost *:80>
|
|
ServerName {{ gerrit_vhost_name }}
|
|
ServerAdmin webmaster@openstack.org
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
|
|
|
|
Redirect / https://{{ gerrit_vhost_name }}/
|
|
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName {{ gerrit_vhost_name }}
|
|
ServerAdmin webmaster@openstack.org
|
|
|
|
AllowEncodedSlashes On
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/{{ gerrit_vhost_name }}/{{ gerrit_vhost_name }}.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ gerrit_vhost_name }}/{{ gerrit_vhost_name }}.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/{{ gerrit_vhost_name }}/ca.cer
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
<Directory /usr/lib/cgi-bin>
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
RewriteEngine on
|
|
|
|
ProxyRequests off
|
|
ProxyVia off
|
|
ProxyPreserveHost on
|
|
ProxyStatus On
|
|
|
|
# Uncomment to show a temporary maintenance message
|
|
#ProxyPassMatch ^/maintenance.html$ !
|
|
#Alias /maintenance.html /home/gerrit2/review_site/static/maintenance.html
|
|
#RewriteCond %{REQUEST_URI} !^/maintenance.html$
|
|
#RewriteRule ^/(.*) /maintenance.html [last,redirect=temporary]
|
|
|
|
ProxyPassMatch ^/robots.txt$ !
|
|
ProxyPassMatch ^/server-status !
|
|
# Comment out these two lines if the maintenance message above is in use
|
|
ProxyPass / http://localhost:8081/ nocanon
|
|
ProxyPassReverse / http://localhost:8081/
|
|
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
|
|
|
Alias /robots.txt /home/gerrit2/review_site/static/robots.txt
|
|
|
|
<Directory /home/gerrit2/review_site/git/>
|
|
Require all granted
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory>
|
|
<Directory /usr/lib/git-core>
|
|
Require all granted
|
|
Allow from all
|
|
Satisfy Any
|
|
</Directory>
|
|
<Directory /home/gerrit2/review_site/static/>
|
|
Require all granted
|
|
Allow from all
|
|
Satisfy Any
|
|
</Directory>
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|