2020-04-26 04:10:08 -05:00 · 2020-04-26 04:10:08 -05:00 · 16e27e1b80
commit 16e27e1b80
parent a9dd6b65ec
2 changed files with 18 additions and 8 deletions
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@ -96,8 +96,9 @@
        - name: Create webroot
          file:
            path: "{{ gitlab_webroot }}"
+            src: "/var/gitlab/public"
            mode: "0755"
-            state: directory
+            state: link
        - name: Copy over virtual host configs
          template:
            src: apache2-vhost-ssl.conf
--- a/roles/gitlab/templates/apache2-vhost-ssl.conf
+++ b/roles/gitlab/templates/apache2-vhost-ssl.conf
@ -13,13 +13,7 @@ SSLStrictSNIVHostCheck off
 	SSLEngine on
 	SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
-	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url}}-fullchain.crt
-	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
-		SSLOptions +StdEnvVars
-	</FilesMatch>
-	<Directory /usr/lib/cgi-bin>
-		SSLOptions +StdEnvVars
-	</Directory>
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
 	ServerName {{ gitlab_url }}
 	DocumentRoot {{ gitlab_webroot }}
 	<Directory "{{ gitlab_webroot }}">
@ -27,4 +21,19 @@ SSLStrictSNIVHostCheck off
 		AllowOverride All
 		Options MultiViews FollowSymlinks
 	</Directory>
+	<Location />
+		Require all granted
+		ProxyPassReverse http://127.0.0.1:8086
+		ProxyPassReverse http://git.9iron.club/
+	</Location>
+
+	# Forward all requets to GL except error docs and ACME challenges
+	RewriteEngine on
+	RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+	RewriteCond %{REQUEST_URI} ^/uploads/.*
+	RewriteCond %{REQUEST_URI} !\.well-known-acme-challenge
+	RewriteRule .* http://127.0.0.1:8086%{REQUEST_URI} [P,QSA,NE]
+
+	RequestHeader set X_FORWARDED_PROTO 'https'
+	RequestHeader set X-Forwarded-Ssl on
 </VirtualHost>