Running Gitblit behind Apache
Gitblit runs fine behind Apache. You may use either mod_proxy (GO or WAR) or mod_proxy_ajp (GO).
Each Linux distribution may vary on the exact configuration of Apache 2.2.
Here is a sample configuration that works on Debian 7.0 (Wheezy), your distribution may be different.
- First we need to make sure we have Apache's proxy modules available.
---FIXED---
sudo su
cd /etc/apache2/mods-enabled
ln -s ../mods-available/proxy.load proxy.load
ln -s ../mods-available/proxy_balancer.load proxy_balancer.load
ln -s ../mods-available/proxy_http.load proxy_http.load
ln -s ../mods-available/proxy_ajp.load proxy_ajp.load
---FIXED---
Then we need to make sure we are configuring Apache to use the proxy modules and to setup the proxied connection from Apache to Gitblit GO or from Apache to your chosen servlet container. The following snippet is stored as /etc/apache2/conf.d/gitblit
.
---FIXED---
Turn off support for true Proxy behaviour as we are acting as
a transparent proxy
ProxyRequests Off
Turn off VIA header as we know where the requests are proxied
ProxyVia Off
Turn on Host header preservation so that the servlet container
can write links with the correct host and rewriting can be avoided.
#
This is important for all git push/pull/clone operations.
ProxyPreserveHost On
Set the permissions for the proxy
AddDefaultCharset off
Order deny,allow
Allow from all
The proxy context path must match the Gitblit context path.
For Gitblit GO, see server.contextPath in gitblit.properties.
If your httpd frontend is https but you are proxying http Gitblit WAR or GO
Additionally you will want to tell Gitblit the original scheme and port
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
If you are using subdomain proxying then you will want to tell Gitblit the appropriate
context path for your repository url.
If you are not using subdomain proxying, then ignore this setting.
RequestHeader set X-Forwarded-Context /
---FIXED---
Please make sure to:
1. Review the security of these settings as appropriate for your deployment
2. Uncomment the ProxyPass setting for whichever connection you prefer (http/ajp)
3. Correctly set the ports and context paths both in the ProxyPass definition and your Gitblit installation
If you are using Gitblit GO you can easily configure the AJP connector by specifying a non-zero AJP port.
Please remember that on Linux/UNIX, ports < 1024 require root permissions to open.
4. Set web.mountParameters=false in gitblit.properties
or web.xml
this will use parameterized URLs.
Alternatively, you can respecify web.forwardSlashCharacter.