b386dbd631
The Apache 3081 proxy allows us to do layer 7 filtering on incoming requests. However, it was returning 502 errors because it proxies to https://localhost and the certificate doesn't match (see SSLProxyCheckPeerName directive). However, we can't use the full hostname in the gate because our self-signed certificate doesn't cover that. Add a variable and proxy to localhost in the gate, and the full hostname in production. This avoids us having to turn off SSLProxyCheckPeerName. Change-Id: Ie12178a692f81781b848beb231f9035ececa3fd8
17 lines
476 B
ReStructuredText
17 lines
476 B
ReStructuredText
Install, configure, and run Gitea.
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: gitea_reverse_proxy
|
|
:default: False
|
|
|
|
Create an Apache reverse proxy listening on port 3081. This can be
|
|
useful for OSI layer 7 filtering; e.g. matching bad User-Agent
|
|
fields.
|
|
|
|
.. zuul:rolevar:: gitea_reverse_proxy_hostname
|
|
:default: inventory_hostname
|
|
|
|
The name of the hostname to reverse proxy to. Only necessary for
|
|
testing where we do not have a certificate for the hostname.
|