blob: 0672ca7dbb31de44b2cc34318ef14da738385e0c [file] [log] [blame]
Gerrit Code Review - Apache 2 Reverse Proxy
Gerrit can be configured to run behind an Apache server using
'mod_proxy'. This allows Apache to bind to the privileged ports 80
(or 443 for SSL), as well as offloads the SSL processing overhead
from Java to optimized native C code.
Enable the necessary Apache2 modules:
a2enmod proxy_http
a2enmod ssl ; # optional, needed for HTTPS / SSL
Ensure `'$site_path'/etc/gerrit.config` has the property
link:config-gerrit.html#httpd.listenUrl[httpd.listenUrl] configured
to use 'proxy-http://' or 'proxy-https://' and a free port number.
This may have already been configured if proxy support was enabled
during 'init'.
listenUrl = proxy-
Configure an Apache VirtualHost to proxy to the Gerrit daemon,
setting the 'ProxyPass' line to use the 'http://' URL configured
above. Ensure the path of ProxyPass and httpd.listenUrl match,
or links will redirect to incorrect locations.
<VirtualHost *>
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
ProxyPass /r/
To enable Apache to perform the SSL processing, use 'proxy-https://'
in httpd.listenUrl within Gerrit's configuration file, and enable
the SSL engine in the Apache VirtualHost block:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key
... same as above ...
See the Apache 'mod_ssl' documentation for more details on how to
configure SSL within the server, like controlling how strong of an
encryption algorithm is required.
Part of link:index.html[Gerrit Code Review]