summaryrefslogtreecommitdiffstats
path: root/roles/git/files/etc/nginx/sites-available
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-05-31 18:02:27 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:53:59 +0200
commite63885bcc0d46bfe58a32fcfc1d02daae8735929 (patch)
tree09ecd98acbedd958b23ae6570c956666639f312b /roles/git/files/etc/nginx/sites-available
parent18fb13fb6bdbf85fddfdaf05bd5fb3ab1db3b9dd (diff)
Git (gitolite + git-http-backend + gitweb) configuration
By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details.
Diffstat (limited to 'roles/git/files/etc/nginx/sites-available')
-rw-r--r--roles/git/files/etc/nginx/sites-available/git78
-rw-r--r--roles/git/files/etc/nginx/sites-available/gitweb48
2 files changed, 126 insertions, 0 deletions
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git
new file mode 100644
index 0000000..9510620
--- /dev/null
+++ b/roles/git/files/etc/nginx/sites-available/git
@@ -0,0 +1,78 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name git.fripost.org;
+
+ access_log /var/log/nginx/git.access.log;
+ error_log /var/log/nginx/git.error.log info;
+
+ # Bypass the CGI to return static files stored on disk. Try first repo with
+ # a trailing '.git', then without.
+ location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" {
+ root /var/lib/gitolite/repositories;
+ try_files /$1.git/objects/$2 /$1/objects/$2 =404;
+ }
+
+ # Disallow push over HTTP(S)
+ location ~* ^/[^/]+/git-receive-pack$ {
+ return 403;
+ }
+
+ location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ {
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+ fastcgi_param GIT_HTTP_EXPORT_ALL 1;
+ fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
+ include fastcgi/params;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ gzip off;
+ }
+
+ # Redirect to gitweb otherwise
+ location ~ ^/([^/]+/?)?$ {
+ return 302 $scheme://gitweb.fripost.org/$1;
+ }
+}
+
+
+server {
+ listen 443;
+ listen [::]:443;
+
+ server_name git.fripost.org;
+
+ include ssl/config;
+ ssl_certificate /etc/nginx/ssl/git.fripost.org.pem;
+ ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key;
+
+ access_log /var/log/nginx/git.access.log;
+ error_log /var/log/nginx/git.error.log info;
+
+ # Bypass the CGI to return static files stored on disk. Try first repo with
+ # a trailing '.git', then without.
+ location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" {
+ root /var/lib/gitolite/repositories;
+ try_files /$1.git/objects/$2 /$1/objects/$2 =404;
+ }
+
+ # Disallow push over HTTP(S)
+ location ~* ^/[^/]+/git-receive-pack$ {
+ return 403;
+ }
+
+ location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ {
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+ fastcgi_param GIT_HTTP_EXPORT_ALL 1;
+ fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
+ include fastcgi/params;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ gzip off;
+ }
+
+ # Redirect to gitweb otherwise
+ location ~ ^/([^/]+/?)?$ {
+ return 302 $scheme://gitweb.fripost.org/$1;
+ }
+}
diff --git a/roles/git/files/etc/nginx/sites-available/gitweb b/roles/git/files/etc/nginx/sites-available/gitweb
new file mode 100644
index 0000000..3814145
--- /dev/null
+++ b/roles/git/files/etc/nginx/sites-available/gitweb
@@ -0,0 +1,48 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name gitweb.fripost.org;
+
+ access_log /var/log/nginx/gitweb.access.log;
+ error_log /var/log/nginx/gitweb.error.log info;
+
+ location ^~ /static/ {
+ alias /usr/share/gitweb/static/;
+ }
+
+ try_files $uri @fcgi;
+ location @fcgi {
+ root /var/lib/gitolite/repositories;
+ include fastcgi/params;
+ fastcgi_pass unix:/run/gitweb.socket;
+ gzip off;
+ }
+}
+
+
+server {
+ listen 443;
+ listen [::]:443;
+
+ server_name gitweb.fripost.org;
+
+ include ssl/config;
+ ssl_certificate /etc/nginx/ssl/git.fripost.org.pem;
+ ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key;
+
+ access_log /var/log/nginx/gitweb.access.log;
+ error_log /var/log/nginx/gitweb.error.log info;
+
+ location ^~ /static/ {
+ alias /usr/share/gitweb/static/;
+ }
+
+ try_files $uri @fcgi;
+ location @fcgi {
+ root /var/lib/gitolite/repositories;
+ include fastcgi/params;
+ fastcgi_pass unix:/run/gitweb.socket;
+ gzip off;
+ }
+}