summaryrefslogtreecommitdiff
path: root/per-service/git-servers/files/dev-private-review.linaro.org.conf
blob: 2f3fdd3b5973947d106078d4aa761bae66836f7d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Managed by ansible, do not edit.
ServerSignature Off
ServerTokens Prod

Suexec On
SuexecUserGroup {{ git_user }} {{ git_user }}

LDAPCacheEntries 2048
LDAPCacheTTL 36000
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 36000

<VirtualHost *:80>
    ServerName {{ gerrit_host }}
    ServerAdmin webmaster@linaro.org

    Redirect permanent / https://{{ gerrit_host }}
</VirtualHost>

<VirtualHost *:443>
    ServerName {{ gerrit_host }}
    ServerAlias zte-gerrit.linaro.org
    ServerAdmin webmaster@linaro.org

    SSLEngine On
    SSLProtocol All -SSLv2 -SSLv3
    SSLCompression Off
    SSLHonorCipherOrder On
    SSLOptions +StdEnvVars
    SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
    EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
    !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
    CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"

    SSLCertificateFile {{ssl_cert}}
    SSLCertificateKeyFile {{ssl_key}}
    SSLCACertificateFile {{ssl_ca}}

    CustomLog ${APACHE_LOG_DIR}/{{ gerrit_host }}-access.log combined
    ErrorLog ${APACHE_LOG_DIR}/{{ gerrit_host }}-error.log
    LogLevel warn

    DocumentRoot {{ apache_root }}/{{ gerrit_host }}

    DefineExternalGroup linaro-groups pipe /usr/local/bin/grpcheck.cgi
    <Location "/">

        AuthType Basic
        AuthName "{{ host_site_name }}"
        AuthBasicProvider ldap
        AuthLDAPUrl "ldaps://login.linaro.org/ou=accounts,dc=linaro,dc=org?mail,uid?sub"
        AuthLDAPBindDN "{{ ldap_bind }}"
        AuthLDAPBindPassword {{ ldap_bind_pwd }}
        AuthLDAPRemoteUserAttribute uid
        GroupExternal linaro-groups
        <RequireAll>
            Require valid-user
            Require external-group {{ security_groups }}
        </RequireAll>
    </Location>

    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
    <Proxy *>
        Require all granted
    </Proxy>
    AllowEncodedSlashes On
    ProxyPass / http://127.0.0.1:8080/ nocanon
</VirtualHost>