Dzahn has submitted this change and it was merged.
Change subject: remove HTTPS config from gitblit template
......................................................................
remove HTTPS config from gitblit template
gitblit - remove the entire *:443 part from
the Apache config template, because it is actually
behind misc. varnish, so Apache should not handle
SSL anymore and only speak HTTP to misc. varnish
i didn't notice at first because the config is here
and wanted to make changes such as I092634cba9f8b
but when i saw in DNS it points ot misc-web-lb they seemed
useless and I abandoned in favor of this
Change-Id: I50eb8fb493425d86269dcc28b44801d8a3b7bdb2
---
M modules/gitblit/templates/git.wikimedia.org.erb
1 file changed, 5 insertions(+), 41 deletions(-)
Approvals:
Filippo Giunchedi: Looks good to me, but someone else must approve
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/gitblit/templates/git.wikimedia.org.erb
b/modules/gitblit/templates/git.wikimedia.org.erb
index bc72209..d03eeb6 100644
--- a/modules/gitblit/templates/git.wikimedia.org.erb
+++ b/modules/gitblit/templates/git.wikimedia.org.erb
@@ -8,51 +8,15 @@
LogFormat "%h %l %u %t \"%r\" %>s %O T=%Ts \"%{Referer}i\" \"%{User-Agent}i\""
combined_time
NameVirtualHost *:80
+
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName <%= @host %>
- DocumentRoot /var/www
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
- <Directory /var/www/>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- </Directory>
-
- ErrorLog /var/log/apache2/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog /var/log/apache2/access.log combined_time
- ServerSignature Off
-
- RewriteEngine on
- RewriteCond %{SERVER_PORT} !^443$
- RewriteRule ^/(.*)$ https://<%= @host %>/$1 [L,R,NE]
-</VirtualHost>
-
-NameVirtualHost *:443
-<VirtualHost *:443>
- ServerAdmin [email protected]
- ServerName <%= @host %>
-
- SSLEngine on
- SSLProtocol -ALL +SSLv3 +TLSv1
- SSLCipherSuite
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
- SSLHonorCipherOrder on
- SSLCertificateFile /etc/ssl/certs/<%= @ssl_cert %>.pem
- SSLCertificateChainFile /etc/ssl/certs/<%= @ssl_cert %>.chained.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_cert_key %>.key
-
- RequestHeader set X-Forwarded-Proto https
- RequestHeader set X-Forwarded-Port 443
+ # gitblit supposed to generate https URLs
+ # we are behind varnish
+ RequestHeader set X-Forwarded-Proto https
+ RequestHeader set X-Forwarded-Port 443
# Misbehaving bots
SetEnvIf User-Agent 80legs bad_browser
--
To view, visit https://gerrit.wikimedia.org/r/154973
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I50eb8fb493425d86269dcc28b44801d8a3b7bdb2
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Chad <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Matanya <[email protected]>
Gerrit-Reviewer: Ori.livneh <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
