From 3977aa76a88de3ba34c3ce788a4e79c5740412a6 Mon Sep 17 00:00:00 2001 From: Jakub Czajka Date: Thu, 23 Nov 2023 22:04:53 +0100 Subject: [PATCH] [git] Serve files with nginx. --- git/git_private.conf | 61 ++++++++++++++++++++++++++++++++++++++++++++ git/git_public.conf | 58 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 git/git_private.conf create mode 100644 git/git_public.conf diff --git a/git/git_private.conf b/git/git_private.conf new file mode 100644 index 0000000..3e8fdf1 --- /dev/null +++ b/git/git_private.conf @@ -0,0 +1,61 @@ +# Copyright (c) 2023 Jakub Czajka +# License: GPL-3.0 or later. + +server { + server_name git.${private_domain}; + + listen [::]:443 ssl http2; + listen 443 ssl http2; + + ssl_certificate ${private_ssl_cert_dir}/fullchain.pem; + ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem; + + ssl_client_certificate ${ca_dir}/ca.pem; + ssl_verify_client on; + + # static repo files for cloning over https + location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ { + root ${git_home_dir}; + } + + # requests that need to go to git-http-backend + location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { + root ${git_home_dir}; + + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + + fastcgi_param PATH_INFO ${dollar}uri; + fastcgi_param GIT_PROJECT_ROOT ${git_home_dir}; + fastcgi_param REMOTE_USER ${dollar}remote_user; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + } + + location /index.cgi { + gzip off; + + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + + fastcgi_param GITWEB_CONFIG /etc/git/private.conf; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/index.cgi; + } + + location / { + root /usr/share/gitweb; + index index.cgi; + } +} + +server { + server_name git.${private_domain}; + + listen [::]:80; + listen 80; + + if (${dollar}host = git.${private_domain}) { + return 301 https://${dollar}host${dollar}request_uri; + } + + return 404; +} diff --git a/git/git_public.conf b/git/git_public.conf new file mode 100644 index 0000000..f4413e2 --- /dev/null +++ b/git/git_public.conf @@ -0,0 +1,58 @@ +# Copyright (c) 2023 Jakub Czajka +# License: GPL-3.0 or later. + +server { + server_name git.${public_domain}; + + listen [::]:443 ssl http2; + listen 443 ssl http2; + + ssl_certificate ${public_ssl_cert_dir}/fullchain.pem; + ssl_certificate_key ${public_ssl_cert_dir}/privkey.pem; + + # static repo files for cloning over https + location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ { + root ${git_home_dir}; + } + + # requests that need to go to git-http-backend + location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { + root ${git_home_dir}; + + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + + fastcgi_param PATH_INFO ${dollar}uri; + fastcgi_param GIT_PROJECT_ROOT ${git_home_dir}; + fastcgi_param REMOTE_USER ${dollar}remote_user; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + } + + location /index.cgi { + gzip off; + + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + + fastcgi_param GITWEB_CONFIG /etc/git/public.conf; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/index.cgi; + } + + location / { + root /usr/share/gitweb; + index index.cgi; + } +} + +server { + server_name git.${public_domain}; + + listen [::]:80; + listen 80; + + if (${dollar}host = git.${public_domain}) { + return 301 https://${dollar}host${dollar}request_uri; + } + + return 404; +} -- 2.39.5