dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

r/gitea: Serve kickstarts over HTTP 

I want to use Gita as the canonical source for Anaconda kickstart
scripts.  There are certain situations, however, where they cannot be
accessed via HTTPS, such as on a Raspberry Pi without an RTC, since it
cannot validate the certificate without the correct time.  Thus, the
web server must not force an HTTPS redirect for these, but serve them
directly.
dynamic-inventory
Dustin 2024-12-27 10:43:25 -06:00
parent a00ffd10df
commit e51e933661
2 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/gitea/tasks/main.yml
View File

@ -79,6 +79,8 @@
dest: /etc/httpd/conf.d/gitea.conf dest: /etc/httpd/conf.d/gitea.conf
mode: u=rw,go=r mode: u=rw,go=r
notify: reload httpd notify: reload httpd
tags:
- apache
- name: ensure selinux allows apache to proxy for gitea - name: ensure selinux allows apache to proxy for gitea
seboolean: seboolean:
name=httpd_can_network_connect name=httpd_can_network_connect

34
roles/gitea/templates/gitea.httpd.conf.j2
View File

@ -1,7 +1,23 @@
# vim: set ft=apache : {#- vim: set ft=apache.jinja : -#}
RewriteEngine on # vim: set sw=4 ts=4 sts=4 et :
RewriteCond %{HTTPS} !on {% macro proxypass() -%}
RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L] ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:3000/ nocanon
ProxyPassReverse / http://localhost:3000/
AllowEncodedSlashes NoDecode
{%- endmacro -%}
<VirtualHost _default_:80>
ServerName {{ gitea_http_domain }}
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_FILENAME} !\.ks$
RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
{{ proxypass() | indent(4) }}
</VirtualHost>
<VirtualHost _default_:443> <VirtualHost _default_:443>
ServerName {{ gitea_http_domain }} ServerName {{ gitea_http_domain }}
@ -10,16 +26,8 @@ RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
SSLCertificateKeyFile {{ gitea_ssl_certificate_key }} SSLCertificateKeyFile {{ gitea_ssl_certificate_key }}
SSLCertificateChainFile {{ gitea_ssl_certificate }} SSLCertificateChainFile {{ gitea_ssl_certificate }}
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule /.* https://%{SERVER_NAME}$0
Header always set \ Header always set \
Strict-Transport-Security "max-age=63072000; includeSubDomains" Strict-Transport-Security "max-age=63072000; includeSubDomains"
ProxyPreserveHost On {{ proxypass() | indent(4) }}
ProxyRequests Off
ProxyPass / http://localhost:3000/ nocanon
ProxyPassReverse / http://localhost:3000/
AllowEncodedSlashes NoDecode
</VirtualHost> </VirtualHost>