ansible/roles/gitlab/templates/apache2-vhost-ssl.conf
2020-04-26 04:10:08 -05:00

40 lines
1.2 KiB
ApacheConf

# Configuration for {{ gitlab_url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ gitlab_url }}
Redirect permanent / https://{{ gitlab_url }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
ServerName {{ gitlab_url }}
DocumentRoot {{ gitlab_webroot }}
<Directory "{{ gitlab_webroot }}">
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
</Directory>
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8086
ProxyPassReverse http://git.9iron.club/
</Location>
# Forward all requets to GL except error docs and ACME challenges
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteCond %{REQUEST_URI} !\.well-known-acme-challenge
RewriteRule .* http://127.0.0.1:8086%{REQUEST_URI} [P,QSA,NE]
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
</VirtualHost>