I went through this documentation and modified the Apache config to reflect it (I inherited the server from a previous admin and it was missing some parts of that example).
The config now looks like this:
<VirtualHost host.example.com:443>
ServerName host.example.com
ServerAlias host.example.com
## serve static files by Apache, recommended for performance
ProxyPass /_static !
Alias /_static /home/rhodecode/.rccontrol/community-1/static
<Directory /home/rhodecode/.rccontrol/community-1/static/>
AllowOverride none
Require all granted
</Directory>
RequestHeader set X-Forwarded-Proto "https"
## channelstream websocket handling
ProxyPass /_channelstream ws://localhost:9800
ProxyPassReverse /_channelstream ws://localhost:9800
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# Directive to properly generate url (clone url) for RhodeCode
ProxyPreserveHost On
SetEnv proxy-sendchunked 1
# Url to running RhodeCode instance. This is shown as `- URL:` when
# running rccontrol status.
ProxyPass / http://127.0.0.1:10002/ timeout=7200 Keepalive=On
ProxyPassReverse / http://127.0.0.1:10002/
# strict http prevents from https -> http downgrade
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
# Set x-frame options
Header always append X-Frame-Options SAMEORIGIN
# To enable https use line below
SetEnvIf X-Url-Scheme https HTTPS=1
# SSL setup
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/rhodecode/rc-voltaire.crt
SSLCertificateKeyFile /etc/apache2/ssl/rhodecode/rc-voltaire.key
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM
SSLHonorCipherOrder on
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLSessionTickets Off
ErrorDocument 502 /home/rhodecode/.rccontrol/community-1/static/502.html
</VirtualHost>
Sadly, it doesn’t make any difference. The cloning still times out after exactly 5 minutes.