opendev/puppet-gerrit
Code Issues Proposed changes

Update Gerrit proxy configuration.

Browse Source 
Replace the apache reverse proxy configs with the recommended
settings from the gerrit documentation[1].

Explicit use of ProxyPassMatch <URL> ! is used to handle cases
where we do not want to proxy through to gerrit (such as for
'^/p/') where an offload is expected/desired.

Using RewriteRule was causing the double slashes in Gerrit url
(i.e. https://review-dev.openstack.org//#/q/status:open).
Removing it fixes this issue. Similarly, the gerrit.token query
parameter was being dropped when the RewriteRule was used. More
explanation can be found in gerrit upstream bug[2].

[1] https://gerrit-review.googlesource.com/Documentation/
    config-reverseproxy.html#_apache_2_configuration
[2] https://code.google.com/p/gerrit/issues/detail?id=3365

Change-Id: Ied8ce7a0389253c10225a8bf3671f09a879bb061
Co-Authored-By: Khai Do <zaro0508@gmail.com>
This commit is contained in:
Morgan Fainberg
2015-12-01 15:33:05 -05:00
parent 6566506041
commit 350e51a503
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
templates/gerrit.vhost.erb
View File

@@ -16,7 +16,7 @@
<VirtualHost *:443> <VirtualHost *:443>
ServerName <%= scope.lookupvar("gerrit::vhost_name") %> ServerName <%= scope.lookupvar("gerrit::vhost_name") %>
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %> ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
AllowEncodedSlashes NoDecode AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
@@ -51,17 +51,21 @@
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::vhost_name") %> RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::vhost_name") %>
RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %> RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %>
<% end -%> <% end -%>
ProxyRequests off
ProxyVia off
ProxyPreserveHost on
<% if scope.lookupvar("gerrit::replicate_local") -%> <% if scope.lookupvar("gerrit::replicate_local") -%>
RewriteCond %{REQUEST_URI} !^/p/ ProxyPassMatch ^/p/ !
<% end -%> <% end -%>
<% if scope.lookupvar("gerrit::contactstore") == true -%> <% if scope.lookupvar("gerrit::contactstore") == true -%>
RewriteCond %{REQUEST_URI} !^/fakestore$ ProxyPassMatch ^/fakestore$ !
<% end -%> <% end -%>
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%> <% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>
RewriteCond %{REQUEST_URI} !^/robots.txt$ ProxyPassMatch ^/robots.txt$ !
<% end -%> <% end -%>
RewriteRule ^/(.*)$ http://localhost:8081/$1 [NE,P] ProxyPass / http://localhost:8081/ nocanon
ProxyPassReverse / http://localhost:8081/ ProxyPassReverse / http://localhost:8081/
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%> <% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>