Skip to content
Snippets Groups Projects
Commit 1d68f39f authored by Christian Dresen's avatar Christian Dresen
Browse files

SSL Eistellungen berichtigt. Mattermost and Gitlab funktionieren jetzt

parent 1144684b
No related branches found
No related tags found
No related merge requests found
...@@ -467,19 +467,19 @@ gitlab_rails['gitlab_shell_ssh_port'] = 2222 ...@@ -467,19 +467,19 @@ gitlab_rails['gitlab_shell_ssh_port'] = 2222
# nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html # nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem # nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
# nginx['listen_addresses'] = ['*'] # nginx['listen_addresses'] = ['*']
# nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port nginx['listen_port'] = 80 # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
# nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl nginx['listen_https'] = false # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
# nginx['proxy_read_timeout'] = 300 # nginx['proxy_read_timeout'] = 300
# nginx['proxy_connect_timeout'] = 300 # nginx['proxy_connect_timeout'] = 300
# nginx['proxy_set_headers'] = { nginx['proxy_set_headers'] = {
# "Host" => "$http_host", "Host" => "$http_host",
# "X-Real-IP" => "$remote_addr", "X-Real-IP" => "$remote_addr",
# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
# "X-Forwarded-Proto" => "https", "X-Forwarded-Proto" => "https",
# "X-Forwarded-Ssl" => "on" "X-Forwarded-Ssl" => "on"
# } }
## Advanced settings ## Advanced settings
# nginx['dir'] = "/var/opt/gitlab/nginx" # nginx['dir'] = "/var/opt/gitlab/nginx"
...@@ -569,7 +569,7 @@ mattermost['enable'] = true ...@@ -569,7 +569,7 @@ mattermost['enable'] = true
# mattermost['home'] = '/var/opt/gitlab/mattermost' # mattermost['home'] = '/var/opt/gitlab/mattermost'
# mattermost['database_name'] = 'mattermost_production' # mattermost['database_name'] = 'mattermost_production'
# mattermost['service_use_ssl'] = false mattermost['service_use_ssl'] = true
mattermost['service_address'] = "0.0.0.0" mattermost['service_address'] = "0.0.0.0"
mattermost['service_port'] = "8065" mattermost['service_port'] = "8065"
...@@ -681,7 +681,7 @@ mattermost['gitlab_user_api_endpoint'] = "https://gitlab.warpzone.ms/api/v3/user ...@@ -681,7 +681,7 @@ mattermost['gitlab_user_api_endpoint'] = "https://gitlab.warpzone.ms/api/v3/user
# Mattermost NGINX # # Mattermost NGINX #
#################### ####################
# mattermost_nginx['enable'] = false mattermost_nginx['enable'] = false
# mattermost_nginx['client_max_body_size'] = '250m' # mattermost_nginx['client_max_body_size'] = '250m'
# mattermost_nginx['redirect_http_to_https'] = false # mattermost_nginx['redirect_http_to_https'] = false
# mattermost_nginx['redirect_http_to_https_port'] = 80 # mattermost_nginx['redirect_http_to_https_port'] = 80
...@@ -693,9 +693,9 @@ mattermost['gitlab_user_api_endpoint'] = "https://gitlab.warpzone.ms/api/v3/user ...@@ -693,9 +693,9 @@ mattermost['gitlab_user_api_endpoint'] = "https://gitlab.warpzone.ms/api/v3/user
# mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html # mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
# mattermost_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html # mattermost_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
# mattermost_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem # mattermost_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
#mattermost_nginx['listen_addresses'] = ['*'] # mattermost_nginx['listen_addresses'] = ['*']
#mattermost_nginx['listen_port'] = 42002 # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port # mattermost_nginx['listen_port'] = 42002 # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
# mattermost_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl # mattermost_nginx['listen_https'] = false # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" # mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# mattermost_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" # mattermost_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
......
...@@ -2,23 +2,23 @@ server { ...@@ -2,23 +2,23 @@ server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name gitlab.warpzone.ms; server_name gitlab.warpzone.ms;
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
server { server {
listen 443 ssl spdy; listen 443 ssl spdy;
listen [::]:443 ssl spdy; listen [::]:443 ssl spdy;
ssl_certificate /etc/ssl/fullchain.pem; ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/key.pem; ssl_certificate_key /etc/ssl/key.pem;
ssl_session_cache shared:SSL:5m; ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m; ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS"; ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
server_name gitlab.warpzone.ms; server_name gitlab.warpzone.ms;
root /var/www/html; root /dev/null;
index index.html; index index.html;
location / { location / {
......
...@@ -17,8 +17,8 @@ server { ...@@ -17,8 +17,8 @@ server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name mattermost.warpzone.ms; server_name mattermost.warpzone.ms;
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
server { server {
listen 443 ssl spdy; listen 443 ssl spdy;
...@@ -45,8 +45,7 @@ server { ...@@ -45,8 +45,7 @@ server {
proxy_read_timeout 300; proxy_read_timeout 300;
proxy_connect_timeout 300; proxy_connect_timeout 300;
proxy_redirect off; proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment