47db7ea292
It turns out that specifying the ciphers we want to use leads to breakage. So instead we'll explicitly tell Apache which ciphers we don't want to use. Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
89 lines
2.8 KiB
Plaintext
89 lines
2.8 KiB
Plaintext
<VirtualHost <%= scope.lookupvar("gerrit::vhost_name") %>:80>
|
|
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
|
|
|
|
Redirect / https://<%= scope.lookupvar("gerrit::vhost_name") %>/
|
|
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost <%= scope.lookupvar("gerrit::vhost_name") %>:443>
|
|
ServerName <%= scope.lookupvar("gerrit::vhost_name") %>
|
|
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
|
|
AllowEncodedSlashes NoDecode
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
|
|
SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %>
|
|
<% if scope.lookupvar("gerrit::ssl_chain_file") != "" %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("gerrit::ssl_chain_file") %>
|
|
<% end %>
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
<Directory /usr/lib/cgi-bin>
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
RewriteEngine on
|
|
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::vhost_name") %>
|
|
RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %>
|
|
<% if scope.lookupvar("gerrit::replicate_local") -%>
|
|
RewriteCond %{REQUEST_URI} !^/p/
|
|
<% end -%>
|
|
<% if scope.lookupvar("gerrit::contactstore") == true -%>
|
|
RewriteCond %{REQUEST_URI} !^/fakestore$
|
|
<% end -%>
|
|
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>
|
|
RewriteCond %{REQUEST_URI} !^/robots.txt$
|
|
<% end -%>
|
|
RewriteRule ^/(.*)$ http://localhost:8081/$1 [NE,P]
|
|
|
|
ProxyPassReverse / http://localhost:8081/
|
|
|
|
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>
|
|
Alias /robots.txt /home/gerrit2/review_site/static/robots.txt
|
|
<% end -%>
|
|
|
|
<% if scope.lookupvar("gerrit::replicate_local") -%>
|
|
SetEnv GIT_PROJECT_ROOT <%= scope.lookupvar("gerrit::replicate_path") %>
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
|
|
AliasMatch ^/p/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ <%= scope.lookupvar("gerrit::replicate_path") %>/$1
|
|
AliasMatch ^/p/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ <%= scope.lookupvar("gerrit::replicate_path") %>/$1
|
|
ScriptAlias /p/ /usr/lib/git-core/git-http-backend/
|
|
<% end -%>
|
|
|
|
<% if scope.lookupvar("gerrit::contactstore") == true -%>
|
|
ScriptAlias /fakestore /home/gerrit2/review_site/lib/fakestore.cgi
|
|
<% end -%>
|
|
|
|
<Directory /home/gerrit2/review_site/git/>
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory>
|
|
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|