# Configuration for {{ gitlab_url }} # vim:ft=apache: # Accept connections from non-SNI clients SSLStrictSNIVHostCheck off # Website configuration <VirtualHost *:80> ServerName {{ gitlab_url }} Redirect permanent / https://{{ gitlab_url }} </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt ServerName {{ gitlab_url }} DocumentRoot {{ gitlab_webroot }} <Directory "{{ gitlab_webroot }}"> Require all granted AllowOverride All Options MultiViews FollowSymlinks </Directory> <Location /> Require all granted ProxyPassReverse http://127.0.0.1:8086 ProxyPassReverse http://git.9iron.club/ </Location> # Forward all requets to GL except error docs and ACME challenges RewriteEngine on RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_URI} ^/uploads/.* RewriteCond %{REQUEST_URI} !\.well-known-acme-challenge RewriteRule .* http://127.0.0.1:8086%{REQUEST_URI} [P,QSA,NE] RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on </VirtualHost>