blob: 4cf263ddf0834007a6bc2fe37821e874cd895be3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
## Running Gitblit behind Apache
Gitblit runs fine behind Apache.
Each Linux distribution may vary on the exact configuration of Apache 2.2.
Here is a sample configuration that works on Debian 7.0 (Wheezy), your distribution may be different.
### Make sure we have Apache's proxy modules
```
sudo su
cd /etc/apache2/mods-enabled
ln -s ../mods-available/proxy.load proxy.load
ln -s ../mods-available/proxy_balancer.load proxy_balancer.load
ln -s ../mods-available/proxy_http.load proxy_http.load
```
### Configuring Apache to use the proxy modules
Now we must configure Apache to use the proxy modules and the proxied connection from Apache to Gitblit GO or from Apache to your chosen servlet container. The following snippet is stored as `/etc/apache2/conf.d/gitblit`.
```
# Turn off support for true Proxy behaviour as we are acting as
# a transparent proxy
ProxyRequests Off
# Turn off VIA header as we know where the requests are proxied
ProxyVia Off
# Turn on Host header preservation so that the servlet container
# can write links with the correct host and rewriting can be avoided.
#
# This is important for all git push/pull/clone operations.
ProxyPreserveHost On
# Set the permissions for the proxy
<Proxy>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
# The proxy context path must match the Gitblit context path.
# For Gitblit GO, see server.contextPath in gitblit.properties.
#ProxyPass /gitblit http://localhost:8080/gitblit
#ProxyPassreverse /gitblit http://localhost:8080/gitblit
# If your httpd frontend is https but you are proxying http Gitblit WAR or GO
#Header edit Location ^http://([^/]+)/gitblit/ https://$1/gitblit/
# Additionally you will want to tell Gitblit the original scheme and port
#RequestHeader set X-Forwarded-Proto https
#RequestHeader set X-Forwarded-Port 443
# If you are using subdomain proxying then you will want to tell Gitblit the appropriate
# context path for your repository url.
# If you are not using subdomain proxying, then ignore this setting.
#RequestHeader set X-Forwarded-Context /
```
**Please** make sure to:
1. Review the security of these settings as appropriate for your deployment
2. Uncomment the *ProxyPass* setting
3. Correctly set the ports and context paths both in the *ProxyPass* definition and your Gitblit installation
4. Set *web.mountParameters=false* in `gitblit.properties` or `web.xml` this will use parameterized URLs.
Alternatively, you can respecify *web.forwardSlashCharacter*.
### Controlling Advertised Repository URLs
In some reverse-proxy configurations you may be running Gitblit using an http interface with an https reverse-proxy proxy. This will lead to Gitblit generating incorrect repository urls.
You can control the url that Gitblit generates by setting X-Forwarded headers in your proxy server.
*X-Forwarded-Proto*://servername(:*X-Forwarded-Port*)(/*X-Forwarded-Context*)
---X:MEDIAWIKI---
{| class="table table-bordered"
! Header
! Description
|-
| X-Forwarded-Port
| The port to use in generated repository http/https urls
|-
| X-Forwarded-Proto
| The protocol/scheme to use in generated repository http/https urls
|-
| X-Forwarded-Context
| The context to use in generated repository http/https urls
|}
---X:MEDIAWIKI---
|