[git] Serve files with nginx.

diff --git a/git/git_private.conf b/git/git_private.conf
new file mode 100644 (file)
index 0000000..3e8fdf1
--- /dev/null
+++ b/git/git_private.conf
@@ -0,0 +1,61 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+    server_name  git.${private_domain};
+
+    listen       [::]:443 ssl http2;
+    listen       443 ssl http2;
+
+    ssl_certificate ${private_ssl_cert_dir}/fullchain.pem;
+    ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem;
+
+    ssl_client_certificate ${ca_dir}/ca.pem;
+    ssl_verify_client on;
+
+    # static repo files for cloning over https
+    location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
+        root ${git_home_dir};
+    }
+
+    # requests that need to go to git-http-backend
+    location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
+        root ${git_home_dir};
+
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+
+        fastcgi_param PATH_INFO        ${dollar}uri;
+        fastcgi_param GIT_PROJECT_ROOT ${git_home_dir};
+        fastcgi_param REMOTE_USER      ${dollar}remote_user;
+        fastcgi_param SCRIPT_FILENAME  /usr/lib/git-core/git-http-backend;
+    }
+
+    location /index.cgi {
+        gzip          off;
+
+        include       fastcgi_params;
+        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+
+        fastcgi_param GITWEB_CONFIG   /etc/git/private.conf;
+        fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/index.cgi;
+    }
+
+    location / {
+        root  /usr/share/gitweb;
+        index index.cgi;
+    }
+}
+
+server {
+    server_name  git.${private_domain};
+
+    listen       [::]:80;
+    listen       80;
+
+    if (${dollar}host = git.${private_domain}) {
+        return 301 https://${dollar}host${dollar}request_uri;
+    }
+
+    return 404;
+}

diff --git a/git/git_public.conf b/git/git_public.conf
new file mode 100644 (file)
index 0000000..f4413e2
--- /dev/null
+++ b/git/git_public.conf
@@ -0,0 +1,58 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+    server_name  git.${public_domain};
+
+    listen       [::]:443 ssl http2;
+    listen       443 ssl http2;
+
+    ssl_certificate ${public_ssl_cert_dir}/fullchain.pem;
+    ssl_certificate_key ${public_ssl_cert_dir}/privkey.pem;
+
+    # static repo files for cloning over https
+    location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
+        root ${git_home_dir};
+    }
+
+    # requests that need to go to git-http-backend
+    location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
+        root ${git_home_dir};
+
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+
+        fastcgi_param PATH_INFO        ${dollar}uri;
+        fastcgi_param GIT_PROJECT_ROOT ${git_home_dir};
+        fastcgi_param REMOTE_USER      ${dollar}remote_user;
+        fastcgi_param SCRIPT_FILENAME  /usr/lib/git-core/git-http-backend;
+    }
+
+    location /index.cgi {
+        gzip          off;
+
+        include       fastcgi_params;
+        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+
+        fastcgi_param GITWEB_CONFIG   /etc/git/public.conf;
+        fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/index.cgi;
+    }
+
+    location / {
+        root  /usr/share/gitweb;
+        index index.cgi;
+    }
+}
+
+server {
+    server_name  git.${public_domain};
+
+    listen       [::]:80;
+    listen       80;
+
+    if (${dollar}host = git.${public_domain}) {
+        return 301 https://${dollar}host${dollar}request_uri;
+    }
+
+    return 404;
+}