diff options
author | Shawn Pearce <sop@google.com> | 2013-06-07 16:32:21 -0700 |
---|---|---|
committer | Shawn Pearce <sop@google.com> | 2013-06-08 18:52:32 -0700 |
commit | f81f5142eb7b1b8c62bd95ca72b8bf3f76d5dc8d (patch) | |
tree | 01917e64339c1383823c24cfb2bc1a6ae1afb5b2 /Documentation | |
parent | cbea27a46602a9a47bce98c53078730da3cbad19 (diff) | |
parent | 65f112881996356dcf34e36cf497e33f20df93d5 (diff) |
Merge branch 'stable-2.6' into stable-2.7
* stable-2.6:
Check that patch set is current before doing a rebase
Add trailing period on "This reverts commit ..." line
Documentation: Reverse Proxy Configuration
Fix: push bypass review cannot close change from UI
Fix: 'change_key' of current patchset pushed by 'refs/changes' is still old one.
Update the release notes for 2.6
Conflicts:
gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveCommits.java
Change-Id: Ie26334c433bc23c8ec47440bbd14c54e6ca8a782
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/config-reverseproxy.txt | 54 |
1 files changed, 37 insertions, 17 deletions
diff --git a/Documentation/config-reverseproxy.txt b/Documentation/config-reverseproxy.txt index 0857442fa3..064fe2e548 100644 --- a/Documentation/config-reverseproxy.txt +++ b/Documentation/config-reverseproxy.txt @@ -28,37 +28,40 @@ during 'init'. Apache 2 Configuration ---------------------- -To run Gerrit behind an Apache server we cannot use 'mod_proxy' -directly, as Gerrit relies on getting unmodified escaped forward -slashes. Depending on the setting of 'AllowEncodedSlashes', -'mod_proxy' would either decode encoded slashes, or encode them once -again. Hence, we resort to using 'mod_rewrite'. To enable the +To run Gerrit behind an Apache server using 'mod_proxy', enable the necessary Apache2 modules: ---- - a2enmod rewrite + a2enmod proxy_http a2enmod ssl ; # optional, needed for HTTPS / SSL ---- -Configure an Apache VirtualHost to proxy to the Gerrit daemon, setting -the 'RewriteRule' line to use the 'http://' URL configured above. -Ensure the path of 'RewriteRule' (the part before '$1') and -httpd.listenUrl match, or links will redirect to incorrect locations. - -Note that this configuration allows to pass encoded characters to the -virtual host, which is potentially dangerous. Be sure to read up on -this topic and that you understand the risks. +Configure an Apache VirtualHost to proxy to the Gerrit daemon, +setting the 'ProxyPass' line to use the 'http://' URL configured +above. Ensure the path of ProxyPass and httpd.listenUrl match, +or links will redirect to incorrect locations. ---- <VirtualHost *> ServerName review.example.com - AllowEncodedSlashes NoDecode - RewriteEngine On - RewriteRule ^/r/(.*) http://localhost:8081/r/$1 [NE,P] + ProxyRequests Off + ProxyVia Off + ProxyPreserveHost On + + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + + AllowEncodedSlashes On + ProxyPass /r/ http://127.0.0.1:8081/r/ nocanon </VirtualHost> ---- +The two options 'AllowEncodedSlashes On' and 'ProxyPass .. nocanon' are required +since Gerrit 2.6. + SSL ~~~ @@ -80,6 +83,15 @@ See the Apache 'mod_ssl' documentation for more details on how to configure SSL within the server, like controlling how strong of an encryption algorithm is required. +Troubleshooting +~~~~~~~~~~~~~~~ + +If you are encountering 'Page Not Found' errors when opening the change +screen, your Apache proxy is very likely decoding the passed URL. +Make sure to either use 'AllowEncodedSlashes On' together with +'ProxyPass .. nodecode' or alternatively a 'mod_rewrite' configuration with +'AllowEncodedSlashes NoDecode' set. + Nginx Configuration ------------------- @@ -124,6 +136,14 @@ See the Nginx 'http ssl module' documentation for more details on how to configure SSL within the server, like controlling how strong of an encryption algorithm is required. +Troubleshooting +~~~~~~~~~~~~~~~ + +If you are encountering 'Page Not Found' errors when opening the change +screen, your Nginx proxy is very likely decoding the passed URL. +Make sure to use a 'proxy_pass' URL without any path (esp. no trailing +'/' after the 'host:port'). + GERRIT ------ Part of link:index.html[Gerrit Code Review] |