opendev/system-config
Code Issues Proposed changes
aaf3a8954c
system-config/modules/cgit/templates/git.vhost.erb
Clark Boylan e347a71153 Use only TLSv1 and greater to depoodle 
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
2014-10-14 17:07:06 -07:00

71 lines
2.3 KiB
Plaintext
Raw Blame History

<VirtualHost *:<%= scope.lookupvar("cgit::http_port") %>>
ServerName <%= scope.lookupvar("cgit::vhost_name") %>
ServerAdmin <%= scope.lookupvar("cgit::serveradmin") %>
<% if @serveraliases.is_a? Array -%>
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
<% elsif @serveraliases != '' -%>
<%= " ServerAlias #{@serveraliases}" -%>
<% end -%>
Alias /cgit-data /usr/share/cgit
ScriptAlias /cgit /var/www/cgi-bin/cgit
Alias /static <%= scope.lookupvar("cgit::staticfiles") %>
RewriteEngine On
RewriteRule ^/$ /cgit [R]
SetEnv GIT_PROJECT_ROOT /var/lib/git/
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
ScriptAlias / /usr/libexec/git-core/git-http-backend/
ErrorLog /var/log/httpd/git-error.log
LogLevel warn
CustomLog /var/log/httpd/git-access.log combined
</VirtualHost>
<VirtualHost *:<%= scope.lookupvar("cgit::https_port") %>>
ServerName <%= scope.lookupvar("cgit::vhost_name") %>
ServerAdmin <%= scope.lookupvar("cgit::serveradmin") %>
<% if @serveraliases.is_a? Array -%>
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
<% elsif @serveraliases != '' -%>
<%= " ServerAlias #{@serveraliases}" -%>
<% end -%>
Alias /cgit-data /usr/share/cgit
ScriptAlias /cgit /var/www/cgi-bin/cgit
Alias /static <%= scope.lookupvar("cgit::staticfiles") %>
RewriteEngine On
RewriteRule ^/$ /cgit [R]
SetEnv GIT_PROJECT_ROOT /var/lib/git/
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
ScriptAlias / /usr/libexec/git-core/git-http-backend/
ErrorLog /var/log/httpd/git-error.log
LogLevel warn
CustomLog /var/log/httpd/git-access.log combined
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCertificateFile <%= scope.lookupvar("cgit::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("cgit::ssl_key_file") %>
<% if scope.lookupvar("cgit::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("cgit::ssl_chain_file") %>
<% end %>
</VirtualHost>
View Git Blame Copy Permalink