diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml
index 27614bd..3b628b9 100644
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@@ -96,8 +96,9 @@
- name: Create webroot
file:
path: "{{ gitlab_webroot }}"
+ src: "/var/gitlab/public"
mode: "0755"
- state: directory
+ state: link
- name: Copy over virtual host configs
template:
src: apache2-vhost-ssl.conf
diff --git a/roles/gitlab/templates/apache2-vhost-ssl.conf b/roles/gitlab/templates/apache2-vhost-ssl.conf
index 07fb143..879b1b3 100644
--- a/roles/gitlab/templates/apache2-vhost-ssl.conf
+++ b/roles/gitlab/templates/apache2-vhost-ssl.conf
@@ -13,13 +13,7 @@ SSLStrictSNIVHostCheck off
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
- SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url}}-fullchain.crt
- \
- SSLOptions +StdEnvVars
-
-
- SSLOptions +StdEnvVars
-
+ SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
ServerName {{ gitlab_url }}
DocumentRoot {{ gitlab_webroot }}
@@ -27,4 +21,19 @@ SSLStrictSNIVHostCheck off
AllowOverride All
Options MultiViews FollowSymlinks
+
+ Require all granted
+ ProxyPassReverse http://127.0.0.1:8086
+ ProxyPassReverse http://git.9iron.club/
+
+
+ # Forward all requets to GL except error docs and ACME challenges
+ RewriteEngine on
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteCond %{REQUEST_URI} !\.well-known-acme-challenge
+ RewriteRule .* http://127.0.0.1:8086%{REQUEST_URI} [P,QSA,NE]
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on