49 lines
1.5 KiB
Django/Jinja
49 lines
1.5 KiB
Django/Jinja
Listen 3081
|
|
|
|
<VirtualHost *:3081>
|
|
ServerName {{ inventory_hostname }}
|
|
ServerAdmin infra-root@opendev.org
|
|
DocumentRoot /var/www/opendev.org
|
|
|
|
<Directory /var/www/opendev.org/>
|
|
Require all granted
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory>
|
|
|
|
AllowEncodedSlashes On
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gitea-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
LogFormat "%h:%{remote}p %A:%{proxy-source-port}n %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combinedport
|
|
CustomLog ${APACHE_LOG_DIR}/gitea-ssl-access.log combinedport
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
|
|
|
|
SSLProxyEngine on
|
|
|
|
<Location /.well-known/matrix/client>
|
|
Header set Access-Control-Allow-Origin "*"
|
|
</Location>
|
|
|
|
Use UserAgentFilter
|
|
# Disable x-forwarded- headers because gitea logging can't
|
|
# parse them properly
|
|
ProxyAddHeaders Off
|
|
ProxyPass /.well-known/ !
|
|
ProxyPass / https://{{ inventory_hostname }}:3000/ retry=0
|
|
ProxyPassReverse / https://{{ inventory_hostname }}:3000/
|
|
|
|
|
|
</VirtualHost>
|