forked from openSUSE/open-build-service
-
Notifications
You must be signed in to change notification settings - Fork 0
/
obs-apache24.conf
109 lines (81 loc) · 2.9 KB
/
obs-apache24.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
Listen 82
# May needed on old distributions or after an update from them.
#Listen 443
# Passenger defaults
PassengerSpawnMethod "smart"
PassengerMaxPoolSize 20
#RailsEnv "development"
# allow long request urls and being part of headers
LimitRequestLine 20000
LimitRequestFieldsize 20000
# Just the overview page
<VirtualHost *:80>
# just give an overview about this OBS instance via static web page
DocumentRoot "/srv/www/obs/overview"
<Directory /srv/www/obs/overview>
Options Indexes
Allow from all
Require all granted
</Directory>
</VirtualHost>
# Build Results
<VirtualHost *:82>
# The resulting repositories
DocumentRoot "/srv/obs/repos"
<Directory /srv/obs/repos>
Options Indexes FollowSymLinks
Allow from all
Require all granted
</Directory>
</VirtualHost>
# OBS WEBUI & API
<VirtualHost *:443>
ServerName api
# General setup for the virtual host
DocumentRoot "/srv/www/obs/api/public"
ErrorLog /srv/www/obs/api/log/apache_error.log
TransferLog /srv/www/obs/api/log/apache_access.log
PassengerMinInstances 2
PassengerPreStart https://api
SSLEngine on
# SSL protocols
# Supporting TLS only is adequate nowadays
SSLProtocol all -SSLv2 -SSLv3
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# We disable weak ciphers by default.
# See the mod_ssl documentation or "openssl ciphers -v" for a
# complete list.
SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
SSLCertificateFile /srv/obs/certs/server.crt
SSLCertificateKeyFile /srv/obs/certs/server.key
<Directory /srv/www/obs/api/public>
AllowOverride all
Options -MultiViews
# This requires mod_xforward loaded in apache
# Enable the usage via options.yml
# This will decrease the load due to long running requests a lot (unloading from rails stack)
XForward on
Allow from all
# Required since Apache >= 2.4:
Require all granted
</Directory>
SetEnvIf User-Agent ".*MSIE [1-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request.log ssl_combined
# from http://guides.rubyonrails.org/asset_pipeline.html
<LocationMatch "^/assets/.*$">
Header unset ETag
FileETag None
# RFC says only cache for 1 year
ExpiresActive On
ExpiresDefault "access plus 1 year"
</LocationMatch>
SetEnvIf User-Agent ".*MSIE [1-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
## Older firefox versions needs this, otherwise it wont cache anything over SSL.
Header append Cache-Control "public"
CustomLog /var/log/apache2/ssl_request.log ssl_combined
</VirtualHost>