221d4f6250
Correct typos, spelling mistakes, and grammatical errors. Change-Id: I80ec66de7b2228f9ff45a2f06faf576707195758
129 lines
2.9 KiB
Plaintext
129 lines
2.9 KiB
Plaintext
Gerrit Code Review - Reverse Proxy
|
|
==================================
|
|
|
|
Description
|
|
-----------
|
|
|
|
Gerrit can be configured to run behind a third-party web server.
|
|
This allows the other web server to bind to the privileged port 80
|
|
(or 443 for SSL), as well as offloads the SSL processing overhead
|
|
from Java to optimized native C code.
|
|
|
|
|
|
Gerrit Configuration
|
|
--------------------
|
|
|
|
Ensure `'$site_path'/etc/gerrit.config` has the property
|
|
link:config-gerrit.html#httpd.listenUrl[httpd.listenUrl] configured
|
|
to use 'proxy-http://' or 'proxy-https://' and a free port number.
|
|
This may have already been configured if proxy support was enabled
|
|
during 'init'.
|
|
|
|
----
|
|
[httpd]
|
|
listenUrl = proxy-http://127.0.0.1:8081/r/
|
|
----
|
|
|
|
|
|
Apache 2 Configuration
|
|
----------------------
|
|
|
|
To run Gerrit behind an Apache server using 'mod_proxy', enable the
|
|
necessary Apache2 modules:
|
|
|
|
----
|
|
a2enmod proxy_http
|
|
a2enmod ssl ; # optional, needed for HTTPS / SSL
|
|
----
|
|
|
|
Configure an Apache VirtualHost to proxy to the Gerrit daemon,
|
|
setting the 'ProxyPass' line to use the 'http://' URL configured
|
|
above. Ensure the path of ProxyPass and httpd.listenUrl match,
|
|
or links will redirect to incorrect locations.
|
|
|
|
----
|
|
<VirtualHost *>
|
|
ServerName review.example.com
|
|
|
|
ProxyRequests Off
|
|
ProxyVia Off
|
|
ProxyPreserveHost On
|
|
|
|
<Proxy *>
|
|
Order deny,allow
|
|
Allow from all
|
|
</Proxy>
|
|
|
|
ProxyPass /r/ http://127.0.0.1:8081/r/
|
|
</VirtualHost>
|
|
----
|
|
|
|
SSL
|
|
~~~
|
|
|
|
To enable Apache to perform the SSL processing, use 'proxy-https://'
|
|
in httpd.listenUrl within Gerrit's configuration file, and enable
|
|
the SSL engine in the Apache VirtualHost block:
|
|
|
|
----
|
|
<VirtualHost *:443>
|
|
SSLEngine on
|
|
SSLCertificateFile conf/server.crt
|
|
SSLCertificateKeyFile conf/server.key
|
|
|
|
... same as above ...
|
|
</VirtualHost>
|
|
----
|
|
|
|
See the Apache 'mod_ssl' documentation for more details on how to
|
|
configure SSL within the server, like controlling how strong of an
|
|
encryption algorithm is required.
|
|
|
|
|
|
Nginx Configuration
|
|
-------------------
|
|
|
|
To run Gerrit behind an Nginx server, use a server statement such
|
|
as this one:
|
|
|
|
----
|
|
server {
|
|
listen 80;
|
|
server_name review.example.com;
|
|
|
|
location /r/ {
|
|
proxy_pass http://127.0.0.1:8081;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header Host $host;
|
|
}
|
|
}
|
|
----
|
|
|
|
SSL
|
|
~~~
|
|
|
|
To enable Nginx to perform the SSL processing, use 'proxy-https://'
|
|
in httpd.listenUrl within Gerrit's configuration file, and enable
|
|
the SSL engine in the Nginx server statement:
|
|
|
|
----
|
|
server {
|
|
listen 443;
|
|
server_name review.example.com;
|
|
|
|
ssl on;
|
|
ssl_certificate conf/server.crt;
|
|
ssl_certificate_key conf/server.key;
|
|
|
|
... same as above ...
|
|
}
|
|
----
|
|
|
|
See the Nginx 'http ssl module' documentation for more details on
|
|
how to configure SSL within the server, like controlling how strong
|
|
of an encryption algorithm is required.
|
|
|
|
GERRIT
|
|
------
|
|
Part of link:index.html[Gerrit Code Review]
|