diff --git a/playbooks/roles/gitea/README.rst b/playbooks/roles/gitea/README.rst index 74e10b4eac..30718c4195 100644 --- a/playbooks/roles/gitea/README.rst +++ b/playbooks/roles/gitea/README.rst @@ -1 +1,16 @@ Install, configure, and run Gitea. + +**Role Variables** + +.. zuul:rolevar:: gitea_reverse_proxy + :default: False + + Create an Apache reverse proxy listening on port 3081. This can be + useful for OSI layer 7 filtering; e.g. matching bad User-Agent + fields. + +.. zuul:rolevar:: gitea_reverse_proxy_hostname + :default: inventory_hostname + + The name of the hostname to reverse proxy to. Only necessary for + testing where we do not have a certificate for the hostname. diff --git a/playbooks/roles/gitea/defaults/main.yaml b/playbooks/roles/gitea/defaults/main.yaml index f001486a4c..aade2dce60 100644 --- a/playbooks/roles/gitea/defaults/main.yaml +++ b/playbooks/roles/gitea/defaults/main.yaml @@ -1,2 +1,3 @@ gitea_no_log: true gitea_reverse_proxy: false +gitea_reverse_proxy_hostname: '{{ inventory_hostname }}' diff --git a/playbooks/roles/gitea/templates/gitea.vhost.j2 b/playbooks/roles/gitea/templates/gitea.vhost.j2 index f700f71069..7c0edb7605 100644 --- a/playbooks/roles/gitea/templates/gitea.vhost.j2 +++ b/playbooks/roles/gitea/templates/gitea.vhost.j2 @@ -69,7 +69,7 @@ Listen 3081 RewriteCond %{HTTP_USER_AGENT} "=Mozilla/4.0 (compatible; MSIE 6.0; ) Opera/UCWEB7.0.2.37/28/999" RewriteRule . - [R=403,L] - ProxyPass / https://localhost:3000/ retry=0 - ProxyPassReverse / https://localhost:3000/ + ProxyPass / https://{{ gitea_reverse_proxy_hostname }}:3000/ retry=0 + ProxyPassReverse / https://{{ gitea_reverse_proxy_hostname }}:3000/ diff --git a/playbooks/zuul/templates/group_vars/gitea.yaml.j2 b/playbooks/zuul/templates/group_vars/gitea.yaml.j2 index a2876a7e6f..02ddc66600 100644 --- a/playbooks/zuul/templates/group_vars/gitea.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/gitea.yaml.j2 @@ -8,5 +8,6 @@ gitea_root_password: BUbBcpToMwR05ZCB gitea_no_log: false gitea_gerrit_password: yVpMWIUIvT7f6NwA gitea_reverse_proxy: true +gitea_reverse_proxy_hostname: localhost iptables_extra_public_tcp_ports: - 3081