Configure Apache for GitLab

roles/gitlab/tasks/main.yml

@@ -96,8 +96,9 @@
         - name: Create webroot
           file:
             path: "{{ gitlab_webroot }}"
+            src: "/var/gitlab/public"
             mode: "0755"
-            state: directory
+            state: link
         - name: Copy over virtual host configs
           template:
             src: apache2-vhost-ssl.conf

roles/gitlab/templates/apache2-vhost-ssl.conf

@@ -13,13 +13,7 @@ SSLStrictSNIVHostCheck off
 	SSLEngine on
 	SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
-	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url}}-fullchain.crt
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
-	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
-		SSLOptions +StdEnvVars
-	</FilesMatch>
-	<Directory /usr/lib/cgi-bin>
-		SSLOptions +StdEnvVars
-	</Directory>
 	ServerName {{ gitlab_url }}
 	DocumentRoot {{ gitlab_webroot }}
 	<Directory "{{ gitlab_webroot }}">
@@ -27,4 +21,19 @@ SSLStrictSNIVHostCheck off
 		AllowOverride All
 		Options MultiViews FollowSymlinks
 	</Directory>
+	<Location />
+		Require all granted
+		ProxyPassReverse http://127.0.0.1:8086
+		ProxyPassReverse http://git.9iron.club/
+	</Location>
+
+	# Forward all requets to GL except error docs and ACME challenges
+	RewriteEngine on
+	RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+	RewriteCond %{REQUEST_URI} ^/uploads/.*
+	RewriteCond %{REQUEST_URI} !\.well-known-acme-challenge
+	RewriteRule .* http://127.0.0.1:8086%{REQUEST_URI} [P,QSA,NE]
+
+	RequestHeader set X_FORWARDED_PROTO 'https'
+	RequestHeader set X-Forwarded-Ssl on
 </VirtualHost>