opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/gitea/templates/gitea.vhost.j2
Jeremy Stanley 9cabc58a1a Use the apache-ua-filter role on Gitea servers 
The user agent filter has been turned into a reusable Ansible role
containing a macro definition. Add that role and replace the
hard-coded copy of the user agent filter here with that
UserAgentFilter macro.

Change-Id: Ic24a38c93f0f68fab9ef1168de91ffad477fe13c
2020-10-16 17:45:19 +00:00

33 lines
1013 B
Django/Jinja
Raw Blame History

Listen 3081
<VirtualHost *:3081>
ServerName {{ inventory_hostname }}
ServerAdmin infra-root@opendev.org
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/gitea-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/gitea-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
SSLProxyEngine on
Use UserAgentFilter
ProxyPass / https://{{ gitea_reverse_proxy_hostname }}:3000/ retry=0
ProxyPassReverse / https://{{ gitea_reverse_proxy_hostname }}:3000/
</VirtualHost>
View Git Blame Copy Permalink