From 1d403296099b28b45a60b1f6b87eb649a63430fe Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Wed, 10 Jun 2020 22:40:34 +0000 Subject: fix(monorepo-gerrit): Configure nginx reverse proxy correctly Configures the reverse-proxy as per Gerrit's documentation at https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html --- ops/nixos/camden/default.nix | 2 ++ ops/nixos/modules/monorepo-gerrit.nix | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'ops/nixos') diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix index 41f4b318ae9c..c14a5c8f7553 100644 --- a/ops/nixos/camden/default.nix +++ b/ops/nixos/camden/default.nix @@ -411,6 +411,8 @@ in lib.fix(self: { extraConfig = '' location / { proxy_pass http://localhost:4778; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; } ''; }; diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix index 6721b1c5fd15..52a96990c975 100644 --- a/ops/nixos/modules/monorepo-gerrit.nix +++ b/ops/nixos/modules/monorepo-gerrit.nix @@ -1,7 +1,8 @@ # Gerrit configuration for the TVL monorepo { pkgs, config, lib, ... }: -{ +let cfg = config.services.gerrit; +in { services.gerrit = { enable = true; listenAddress = "[::]:4778"; # 4778 - grrt @@ -10,7 +11,11 @@ core.packedGitLimit = "100m"; log.jsonLogging = true; log.textLogging = false; - # TODO: gitweb config + + # Configures gerrit for being reverse-proxied by nginx as per + # https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html + gerrit.canonicalWebUrl = "https://cl.tvl.fyi"; + httpd.listenUrl = "proxy-https://${cfg.listenAddress}"; # Configures integration with the locally running OpenLDAP auth.type = "LDAP"; @@ -21,7 +26,6 @@ accountFullName = "cn"; accountEmailAddress = "mail"; groupBase = "ou=groups,dc=tvl,dc=fyi"; - gerrit.canonicalWebUrl = "https://cl.tvl.fyi"; # TODO(tazjin): Assuming this is what we'll be doing ... groupMemberPattern = "(&(objectClass=group)(member=\${dn}))"; -- cgit 1.4.1