From 16e27e1b803dd180909c1e2e91be8ef48f8dc31b Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 26 Apr 2020 04:10:08 -0500 Subject: [PATCH] Configure Apache for GitLab --- roles/gitlab/tasks/main.yml | 3 ++- roles/gitlab/templates/apache2-vhost-ssl.conf | 23 +++++++++++++------ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml index 27614bd..3b628b9 100644 --- a/roles/gitlab/tasks/main.yml +++ b/roles/gitlab/tasks/main.yml @@ -96,8 +96,9 @@ - name: Create webroot file: path: "{{ gitlab_webroot }}" + src: "/var/gitlab/public" mode: "0755" - state: directory + state: link - name: Copy over virtual host configs template: src: apache2-vhost-ssl.conf diff --git a/roles/gitlab/templates/apache2-vhost-ssl.conf b/roles/gitlab/templates/apache2-vhost-ssl.conf index 07fb143..879b1b3 100644 --- a/roles/gitlab/templates/apache2-vhost-ssl.conf +++ b/roles/gitlab/templates/apache2-vhost-ssl.conf @@ -13,13 +13,7 @@ SSLStrictSNIVHostCheck off SSLEngine on SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key - SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url}}-fullchain.crt - \ - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - + SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt ServerName {{ gitlab_url }} DocumentRoot {{ gitlab_webroot }} @@ -27,4 +21,19 @@ SSLStrictSNIVHostCheck off AllowOverride All Options MultiViews FollowSymlinks + + Require all granted + ProxyPassReverse http://127.0.0.1:8086 + ProxyPassReverse http://git.9iron.club/ + + + # Forward all requets to GL except error docs and ACME challenges + RewriteEngine on + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] + RewriteCond %{REQUEST_URI} ^/uploads/.* + RewriteCond %{REQUEST_URI} !\.well-known-acme-challenge + RewriteRule .* http://127.0.0.1:8086%{REQUEST_URI} [P,QSA,NE] + + RequestHeader set X_FORWARDED_PROTO 'https' + RequestHeader set X-Forwarded-Ssl on