a2enmod proxy_http a2enmod ssl ; # optional, needed for HTTPS / SSL
Gerrit can be configured to run behind an Apache server using mod_proxy. This allows Apache to bind to the privileged ports 80 (or 443 for SSL), as well as offloads the SSL processing overhead from Java to optimized native C code.
Enable the necessary Apache2 modules:
a2enmod proxy_http a2enmod ssl ; # optional, needed for HTTPS / SSL
Ensure $site_path/etc/gerrit.config has the property httpd.listenUrl configured to use proxy-http:// or proxy-https:// and a free port number. This may have already been configured if proxy support was enabled during init.
[httpd]
listenUrl = proxy-http://127.0.0.1:8081/r/
Configure an Apache VirtualHost to proxy to the Gerrit daemon, setting the ProxyPass line to use the http:// URL configured above. Ensure the path of ProxyPass and httpd.listenUrl match, or links will redirect to incorrect locations.
<VirtualHost *>
ServerName review.example.com
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /r/ http://127.0.0.1:8081/r/
</VirtualHost>
To enable Apache to perform the SSL processing, use proxy-https:// in httpd.listenUrl within Gerrit's configuration file, and enable the SSL engine in the Apache VirtualHost block:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key
... same as above ...
</VirtualHost>
See the Apache mod_ssl documentation for more details on how to configure SSL within the server, like controlling how strong of an encryption algorithm is required.
Part of Gerrit Code Review