Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-02-06 22:59:12 +01:00
Code Issues Packages Projects Releases Activity

Enhance configuration for reverse proxies

Browse Source
This commit is contained in:
Rene Pfeuffer
2024-02-23 19:57:56 +01:00
parent a61f840b0e
commit 46a129ed8c
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/en/administration/reverse-proxies.md
View File

@@ -5,9 +5,17 @@ displayToc: true
---
SCM-Manager can run behind any reverse proxy, but a few rules must be respected.
The reverse proxy should not encode slashes and the `X-Forwarded-For` and `X-Forwarded-Host` headers must be send to SCM-Manager.
If the proxy uses a different protocol as the SCM-Manager e.g. https on proxy and http on scm-manager, the `X-Forwarded-Proto` header must be send too.
If `XSRF protection` is enabled on the SCM-Manager server, the cookie has to be `HttpOnly=false` and must not be modified.
The reverse proxy should not encode slashes and the `X-Forwarded-For` and `X-Forwarded-Host` headers must be sent to
SCM-Manager.
If the proxy uses a different protocol as the SCM-Manager e.g. https on proxy and http on scm-manager, the
`X-Forwarded-Proto` header must be send too.
If `XSRF protection` is enabled on the SCM-Manager server, the cookie has to be `HttpOnly=false` and must not be
modified.
For SCM-Manager to work properly, the configuration `forwardHeadersEnabled` has to be set to `true` in the `config.yml`.
To avoid timeouts due to caching in the reverse proxies, you also might want to increase the `idleTimeout` to a higher
value, depending on the size of your repositories (you might want to start with `300000`, that would be five minutes).
See the section about reverse proxies in [SCM-Server onfiguration](scm-server.md) for more information.
## nginx

5
docs/en/administration/scm-server.md
View File

@@ -237,10 +237,15 @@ These HTTP headers are being appended to the requests which are redirected by yo
this option set, your SCM-Server may run into connection issues. This option is disabled by default, because without a
reverse proxy it could cause security issues.
Many reverse proxies will also cache response streams. This can lead to timeouts, especially when working with large
repositories. To avoid this, you might want to increase the `idleTimeout` to a higher value, depending on the size of
your repositories (you might want to start with `300000`, that would be five minutes).
**Example**
```yaml
forwardHeadersEnabled: true
idleTimeout: 300000
```
## Webapp