System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

90 lines
2.4 KiB

  1. <VirtualHost *:80>
  2. ServerName {{ gerrit_vhost_name }}
  3. ServerAdmin webmaster@openstack.org
  4. ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
  5. LogLevel warn
  6. CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
  7. Redirect / https://{{ gerrit_vhost_name }}/
  8. </VirtualHost>
  9. <IfModule mod_ssl.c>
  10. <VirtualHost *:443>
  11. ServerName {{ gerrit_vhost_name }}
  12. ServerAdmin webmaster@openstack.org
  13. AllowEncodedSlashes On
  14. ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
  15. LogLevel warn
  16. CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
  17. SSLEngine on
  18. SSLProtocol All -SSLv2 -SSLv3
  19. # Note: this list should ensure ciphers that provide forward secrecy
  20. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
  21. SSLHonorCipherOrder on
  22. SSLCertificateFile /etc/letsencrypt-certs/{{ gerrit_vhost_name }}/{{ gerrit_vhost_name }}.cer
  23. SSLCertificateKeyFile /etc/letsencrypt-certs/{{ gerrit_vhost_name }}/{{ gerrit_vhost_name }}.key
  24. SSLCertificateChainFile /etc/letsencrypt-certs/{{ gerrit_vhost_name }}/ca.cer
  25. <FilesMatch "\.(cgi|shtml|phtml|php)$">
  26. SSLOptions +StdEnvVars
  27. </FilesMatch>
  28. <Directory /usr/lib/cgi-bin>
  29. SSLOptions +StdEnvVars
  30. </Directory>
  31. BrowserMatch "MSIE [2-6]" \
  32. nokeepalive ssl-unclean-shutdown \
  33. downgrade-1.0 force-response-1.0
  34. # MSIE 7 and newer should be able to use keepalive
  35. BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  36. RewriteEngine on
  37. ProxyRequests off
  38. ProxyVia off
  39. ProxyPreserveHost on
  40. ProxyStatus On
  41. # TODO remove this when upgrading to Gerrit 2.16. /p/ is used
  42. # for project dashboards.
  43. ProxyPassMatch ^/p/ !
  44. ProxyPassMatch ^/robots.txt$ !
  45. ProxyPassMatch ^/server-status !
  46. ProxyPass / http://localhost:8081/ nocanon
  47. ProxyPassReverse / http://localhost:8081/
  48. Alias /robots.txt /home/gerrit2/review_site/static/robots.txt
  49. # TODO remove this when upgrading to Gerrit 2.16. /p/ is used
  50. # for project dashboards.
  51. RewriteRule "^/p/.*" "-" [F,L]
  52. <Directory /home/gerrit2/review_site/git/>
  53. Require all granted
  54. Order allow,deny
  55. Allow from all
  56. </Directory>
  57. <Directory /usr/lib/git-core>
  58. Require all granted
  59. Allow from all
  60. Satisfy Any
  61. </Directory>
  62. <Directory /home/gerrit2/review_site/static/>
  63. Require all granted
  64. Allow from all
  65. Satisfy Any
  66. </Directory>
  67. </VirtualHost>
  68. </IfModule>