Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Improve apache virtual host configuration #50

Closed
wants to merge 2 commits into from

5 participants

@drmonty

Allow downloading attachments from gitlab.
Configure ProxyPass, to allow access to gitlab from anywhere.

DocumentRoot should lead to public-folder of gitlab.

@drmonty drmonty Improve apache virtual host configuration
Allow downloading attachments from gitlab.
Configure ProxyPass, to allow access to gitlab from anywhere.

DocumentRoot should lead to public-folder of gitlab.
00ab3de
@drmonty drmonty referenced this pull request in gitlabhq/gitlabhq
Closed

Cannot download static files #2365

@saschagrunert

Great. Really really great.

@riyad

+1

@riyad riyad referenced this pull request in gitlabhq/gitlabhq
Closed

Can't download issue's attachments #2657

@axilleas
Collaborator

r+ but I think document root should match the one in the official installation guide, that is /home/git/gitlab/public.

@adaugherity adaugherity commented on the diff
apache/gitlab
@@ -8,12 +8,21 @@
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
+ ProxyPass /uploads !

I also added ProxyPass /error ! after this line to fix the display of HTTP errors coming from apache. Without this, apache tries to load its error page from e.g. /error/HTTP_BAD_GATEWAY.html.var but that gets proxied to unicorn, which then shows a 404 instead of the actual error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@adaugherity

+1; I added a note to the diff about also excluding /error from the proxy so apache HTTP errors are handled properly rather than ending up at unicorn's 404 page.

@drmonty drmonty added /error to ProxyPass and setted DocumentRoot
to documented public-directory of gitlab.
c6c22b4
@drmonty

Thanks @adaugherity and @axilleas , updated the commit with your enhancements.

@axilleas axilleas referenced this pull request from a commit
@axilleas axilleas Enhance existing apache config. Implement #50 and #79
Beware that adding `ProxyPass /uploads !` would be a security issue,
since uploads are publicly available without any authentification by default.

See: gitlabhq/gitlabhq#348 (comment)
fabeb6a
@axilleas
Collaborator

Thank you, implemented manually in above commit, as I am working on a new directory structure.

@axilleas axilleas closed this
@axilleas axilleas referenced this pull request
Merged

[WIP] New repository structure #111

12 of 14 tasks complete
@axilleas axilleas referenced this pull request from a commit
@axilleas axilleas Enhance existing apache config. Implement #50, #79, #93. Fix #10
Beware that adding `ProxyPass /uploads !` would be a security issue,
since uploads are publicly available without any authentification by default.

See: gitlabhq/gitlabhq#348 (comment)
be95bd4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 23, 2013
  1. @drmonty

    Improve apache virtual host configuration

    drmonty authored
    Allow downloading attachments from gitlab.
    Configure ProxyPass, to allow access to gitlab from anywhere.
    
    DocumentRoot should lead to public-folder of gitlab.
Commits on Mar 6, 2013
  1. @drmonty

    added /error to ProxyPass and setted DocumentRoot

    drmonty authored
    to documented public-directory of gitlab.
This page is out of date. Refresh to see the latest.
Showing with 20 additions and 0 deletions.
  1. +20 −0 apache/gitlab
View
20 apache/gitlab
@@ -8,12 +8,22 @@
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
+ ProxyPass /uploads !

I also added ProxyPass /error ! after this line to fix the display of HTTP errors coming from apache. Without this, apache tries to load its error page from e.g. /error/HTTP_BAD_GATEWAY.html.var but that gets proxied to unicorn, which then shows a 404 instead of the actual error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ ProxyPass /error !
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
ProxyPreserveHost On
CustomLog /var/log/apache2/gitlab/access.log combined
ErrorLog /var/log/apache2/gitlab/error.log
+
+ # Modify path to your need (needed for downloading attachments)
+ DocumentRoot /home/git/gitlab/public
+
+ <Location />
+ Order allow,deny
+ Allow from all
+ </Location>
</VirtualHost>
<VirtualHost *:443>
ServerName gitlab.example.com
@@ -24,10 +34,20 @@
SSLCertificateKeyFile /etc/apache2/ssl/server.key
#SSLCertificateChainFile /etc/apache2/ssl/cacert.pem
+ ProxyPass /uploads !
+ ProxyPass /error !
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
ProxyPreserveHost On
CustomLog /var/log/apache2/gitlab/access.log combined
ErrorLog /var/log/apache2/gitlab/error.log
+
+ # Modify path to your need (needed for downloading attachments)
+ DocumentRoot /home/git/gitlab/public
+
+ <Location />
+ Order allow,deny
+ Allow from all
+ </Location>
</VirtualHost>
Something went wrong with that request. Please try again.