From a502d96a860456ec5e8c96761db70f7cabb74751 Mon Sep 17 00:00:00 2001 From: Paul Martin <paul@paulsputer.com> Date: Sat, 30 Apr 2016 04:19:14 -0400 Subject: [PATCH] Merge pull request #1073 from gitblit/1062-DocEditorUpdates --- src/site/setup_proxy.mkd | 50 +++++++++++++++++++++++++++++++++++++------------- 1 files changed, 37 insertions(+), 13 deletions(-) diff --git a/src/site/setup_proxy.mkd b/src/site/setup_proxy.mkd index 6e600f6..4cf263d 100644 --- a/src/site/setup_proxy.mkd +++ b/src/site/setup_proxy.mkd @@ -1,21 +1,24 @@ ## Running Gitblit behind Apache -Gitblit runs fine behind Apache. You may use either *mod_proxy* (GO or WAR) or *mod_proxy_ajp* (GO). +Gitblit runs fine behind Apache. Each Linux distribution may vary on the exact configuration of Apache 2.2. Here is a sample configuration that works on Debian 7.0 (Wheezy), your distribution may be different. -1. First we need to make sure we have Apache's proxy modules available. ----FIXED--- +### Make sure we have Apache's proxy modules + +``` sudo su cd /etc/apache2/mods-enabled ln -s ../mods-available/proxy.load proxy.load ln -s ../mods-available/proxy_balancer.load proxy_balancer.load ln -s ../mods-available/proxy_http.load proxy_http.load -ln -s ../mods-available/proxy_ajp.load proxy_ajp.load ----FIXED--- -2. Then we need to make sure we are configuring Apache to use the proxy modules and to setup the proxied connection from Apache to Gitblit GO or from Apache to your chosen servlet container. The following snippet is stored as `/etc/apache2/conf.d/gitblit`. ----FIXED--- +``` +### Configuring Apache to use the proxy modules + +Now we must configure Apache to use the proxy modules and the proxied connection from Apache to Gitblit GO or from Apache to your chosen servlet container. The following snippet is stored as `/etc/apache2/conf.d/gitblit`. + +``` # Turn off support for true Proxy behaviour as we are acting as # a transparent proxy ProxyRequests Off @@ -43,7 +46,7 @@ #ProxyPassreverse /gitblit http://localhost:8080/gitblit # If your httpd frontend is https but you are proxying http Gitblit WAR or GO -#Header edit Location ^http://([^⁄]+)/gitblit/ https://$1/gitblit/ +#Header edit Location ^http://([^/]+)/gitblit/ https://$1/gitblit/ # Additionally you will want to tell Gitblit the original scheme and port #RequestHeader set X-Forwarded-Proto https @@ -53,15 +56,36 @@ # context path for your repository url. # If you are not using subdomain proxying, then ignore this setting. #RequestHeader set X-Forwarded-Context / +``` -#ProxyPass /gitblit ajp://localhost:8009/gitblit ----FIXED--- **Please** make sure to: 1. Review the security of these settings as appropriate for your deployment - 2. Uncomment the *ProxyPass* setting for whichever connection you prefer (http/ajp) + 2. Uncomment the *ProxyPass* setting 3. Correctly set the ports and context paths both in the *ProxyPass* definition and your Gitblit installation - If you are using Gitblit GO you can easily configure the AJP connector by specifying a non-zero AJP port. - Please remember that on Linux/UNIX, ports < 1024 require root permissions to open. 4. Set *web.mountParameters=false* in `gitblit.properties` or `web.xml` this will use parameterized URLs. Alternatively, you can respecify *web.forwardSlashCharacter*. +### Controlling Advertised Repository URLs + +In some reverse-proxy configurations you may be running Gitblit using an http interface with an https reverse-proxy proxy. This will lead to Gitblit generating incorrect repository urls. + +You can control the url that Gitblit generates by setting X-Forwarded headers in your proxy server. + +*X-Forwarded-Proto*://servername(:*X-Forwarded-Port*)(/*X-Forwarded-Context*) + +---X:MEDIAWIKI--- +{| class="table table-bordered" +! Header +! Description +|- +| X-Forwarded-Port +| The port to use in generated repository http/https urls +|- +| X-Forwarded-Proto +| The protocol/scheme to use in generated repository http/https urls +|- +| X-Forwarded-Context +| The context to use in generated repository http/https urls +|} +---X:MEDIAWIKI--- + -- Gitblit v1.9.1