33 lines
1013 B
Django/Jinja
33 lines
1013 B
Django/Jinja
Listen 3081
|
|
|
|
<VirtualHost *:3081>
|
|
ServerName {{ inventory_hostname }}
|
|
ServerAdmin infra-root@opendev.org
|
|
|
|
AllowEncodedSlashes On
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/gitea-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/gitea-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
|
|
|
|
SSLProxyEngine on
|
|
|
|
Use UserAgentFilter
|
|
|
|
ProxyPass / https://{{ gitea_reverse_proxy_hostname }}:3000/ retry=0
|
|
ProxyPassReverse / https://{{ gitea_reverse_proxy_hostname }}:3000/
|
|
|
|
</VirtualHost>
|