Documentation/config-reverseproxy.txt - gerrit - Git at Google

 Gerrit Code Review - Reverse Proxy
 ==================================

 Description
 -----------

 Gerrit can be configured to run behind a third-party web server.
 This allows the other web server to bind to the privileged ports 80
 (or 443 for SSL), as well as offloads the SSL processing overhead
 from Java to optimized native C code.


 Gerrit Configuration
 --------------------

 Ensure `'$site_path'/etc/gerrit.config` has the property
 link:config-gerrit.html#httpd.listenUrl[httpd.listenUrl] configured
 to use 'proxy-http://' or 'proxy-https://' and a free port number.
 This may have already been configured if proxy support was enabled
 during 'init'.

 ----
   [httpd]
   	listenUrl = proxy-http://127.0.0.1:8081/r/
 ----


 Apache 2 Configuration
 ----------------------

 To run Gerrit behind an Apache server using 'mod_proxy', enable the
 necessary Apache2 modules:

 ----
   a2enmod proxy_http
   a2enmod ssl          ; # optional, needed for HTTPS / SSL
 ----

 Configure an Apache VirtualHost to proxy to the Gerrit daemon,
 setting the 'ProxyPass' line to use the 'http://' URL configured
 above.  Ensure the path of ProxyPass and httpd.listenUrl match,
 or links will redirect to incorrect locations.

 ----
 	<VirtualHost *>
 	  ServerName review.example.com

 	  ProxyRequests Off
 	  ProxyVia Off
 	  ProxyPreserveHost On

 	  <Proxy *>
 		Order deny,allow
 		Allow from all
 	  </Proxy>

 	  ProxyPass /r/ http://127.0.0.1:8081/r/
 	</VirtualHost>
 ----

 SSL
 ~~~

 To enable Apache to perform the SSL processing, use 'proxy-https://'
 in httpd.listenUrl within Gerrit's configuration file, and enable
 the SSL engine in the Apache VirtualHost block:

 ----
 	<VirtualHost *:443>
 	  SSLEngine on
 	  SSLCertificateFile    conf/server.crt
 	  SSLCertificateKeyFile conf/server.key

 	  ... same as above ...
 	</VirtualHost>
 ----

 See the Apache 'mod_ssl' documentation for more details on how to
 configure SSL within the server, like controlling how strong of an
 encryption algorithm is required.


 Nginx Configuration
 -------------------

 To run Gerrit behind an Nginx server, use a server statement such
 as this one:

 ----
 	server {
 	  listen 80;
 	  server_name review.example.com;

 	  location /r/ {
 	    proxy_pass        http://127.0.0.1:8081;
 	    proxy_set_header  X-Forwarded-For $remote_addr;
 	    proxy_set_header  Host $host;
 	  }
 	}
 ----

 SSL
 ~~~

 To enable Nginx to perform the SSL processing, use 'proxy-https://'
 in httpd.listenUrl within Gerrit's configuration file, and enable
 the SSL engine in the Nginx server statement:

 ----
 	server {
 	  listen 443;
 	  server_name review.example.com;

 	  ssl  on;
 	  ssl_certificate      conf/server.crt;
 	  ssl_certificate_key  conf/server.key;

 	  ... same as above ...
 	}
 ----

 See the Nginx 'http ssl module' documentation for more details on
 how to configure SSL within the server, like controlling how strong
 of an encryption algorithm is required.

 GERRIT
 ------
 Part of link:index.html[Gerrit Code Review]
	Gerrit Code Review - Reverse Proxy
	==================================

	Description
	-----------

	Gerrit can be configured to run behind a third-party web server.
	This allows the other web server to bind to the privileged ports 80
	(or 443 for SSL), as well as offloads the SSL processing overhead
	from Java to optimized native C code.


	Gerrit Configuration
	--------------------

	Ensure `'$site_path'/etc/gerrit.config` has the property
	link:config-gerrit.html#httpd.listenUrl[httpd.listenUrl] configured
	to use 'proxy-http://' or 'proxy-https://' and a free port number.
	This may have already been configured if proxy support was enabled
	during 'init'.

	----
	[httpd]
	listenUrl = proxy-http://127.0.0.1:8081/r/
	----


	Apache 2 Configuration
	----------------------

	To run Gerrit behind an Apache server using 'mod_proxy', enable the
	necessary Apache2 modules:

	----
	a2enmod proxy_http
	a2enmod ssl ; # optional, needed for HTTPS / SSL
	----

	Configure an Apache VirtualHost to proxy to the Gerrit daemon,
	setting the 'ProxyPass' line to use the 'http://' URL configured
	above. Ensure the path of ProxyPass and httpd.listenUrl match,
	or links will redirect to incorrect locations.

	----
	<VirtualHost *>
	ServerName review.example.com

	ProxyRequests Off
	ProxyVia Off
	ProxyPreserveHost On

	<Proxy *>
	Order deny,allow
	Allow from all
	</Proxy>

	ProxyPass /r/ http://127.0.0.1:8081/r/
	</VirtualHost>
	----

	SSL
	~~~

	To enable Apache to perform the SSL processing, use 'proxy-https://'
	in httpd.listenUrl within Gerrit's configuration file, and enable
	the SSL engine in the Apache VirtualHost block:

	----
	<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile conf/server.crt
	SSLCertificateKeyFile conf/server.key

	... same as above ...
	</VirtualHost>
	----

	See the Apache 'mod_ssl' documentation for more details on how to
	configure SSL within the server, like controlling how strong of an
	encryption algorithm is required.


	Nginx Configuration
	-------------------

	To run Gerrit behind an Nginx server, use a server statement such
	as this one:

	----
	server {
	listen 80;
	server_name review.example.com;

	location /r/ {
	proxy_pass http://127.0.0.1:8081;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header Host $host;
	}
	}
	----

	SSL
	~~~

	To enable Nginx to perform the SSL processing, use 'proxy-https://'
	in httpd.listenUrl within Gerrit's configuration file, and enable
	the SSL engine in the Nginx server statement:

	----
	server {
	listen 443;
	server_name review.example.com;

	ssl on;
	ssl_certificate conf/server.crt;
	ssl_certificate_key conf/server.key;

	... same as above ...
	}
	----

	See the Nginx 'http ssl module' documentation for more details on
	how to configure SSL within the server, like controlling how strong
	of an encryption algorithm is required.

	GERRIT
	------
	Part of link:index.html[Gerrit Code Review]