c3c680a19c
Gerrit, as of 2.12, no longer implements the Contact Store subfeature for their contributor agreement implementation. OpenStack's Gerrit deployment no longer relies on this, and it's likely they were the only actual consumer to start with so probably safe to clean up at this point. Change-Id: I50572d436b9d59a6184576adb5c27a3fc0fbec04 Depends-On: I8c39a6bf43f5b12db3e8aab18bedbf7e1a0f0b7e Story: #2001094 Task: #4869
102 lines
2.9 KiB
Plaintext
102 lines
2.9 KiB
Plaintext
<VirtualHost *:80>
|
|
ServerName <%= scope.lookupvar("gerrit::vhost_name") %>
|
|
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
|
|
|
|
Redirect / https://<%= scope.lookupvar("gerrit::vhost_name") %>/
|
|
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName <%= scope.lookupvar("gerrit::vhost_name") %>
|
|
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
|
|
AllowEncodedSlashes On
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
|
|
SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %>
|
|
<% if scope.lookupvar("gerrit::ssl_chain_file") != "" %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("gerrit::ssl_chain_file") %>
|
|
<% end %>
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
<Directory /usr/lib/cgi-bin>
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
RewriteEngine on
|
|
<% if scope.lookupvar("gerrit::redirect_to_canonicalweburl") -%>
|
|
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::vhost_name") %>
|
|
RewriteCond %{REQUEST_URI} !^/server-status$
|
|
RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %>
|
|
<% end -%>
|
|
|
|
ProxyRequests off
|
|
ProxyVia off
|
|
ProxyPreserveHost on
|
|
ProxyStatus On
|
|
|
|
<% if scope.lookupvar("gerrit::replicate_local") -%>
|
|
ProxyPassMatch ^/p/ !
|
|
<% end -%>
|
|
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>
|
|
ProxyPassMatch ^/robots.txt$ !
|
|
<% end -%>
|
|
ProxyPassMatch ^/server-status !
|
|
ProxyPass / http://localhost:8081/ nocanon
|
|
ProxyPassReverse / http://localhost:8081/
|
|
|
|
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>
|
|
Alias /robots.txt /home/gerrit2/review_site/static/robots.txt
|
|
<% end -%>
|
|
|
|
<% if scope.lookupvar("gerrit::replicate_local") -%>
|
|
SetEnv GIT_PROJECT_ROOT <%= scope.lookupvar("gerrit::replicate_path") %>
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
|
|
AliasMatch ^/p/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ <%= scope.lookupvar("gerrit::replicate_path") %>/$1
|
|
AliasMatch ^/p/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ <%= scope.lookupvar("gerrit::replicate_path") %>/$1
|
|
ScriptAlias /p/ /usr/lib/git-core/git-http-backend/
|
|
<% end -%>
|
|
|
|
<Directory /home/gerrit2/review_site/git/>
|
|
Require all granted
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory>
|
|
<Directory /usr/lib/git-core>
|
|
Require all granted
|
|
Allow from all
|
|
Satisfy Any
|
|
</Directory>
|
|
<Directory /home/gerrit2/review_site/static/>
|
|
Require all granted
|
|
Allow from all
|
|
Satisfy Any
|
|
</Directory>
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|