diff options
Diffstat (limited to 'roles/git/files/etc/nginx')
-rw-r--r-- | roles/git/files/etc/nginx/sites-available/git | 74 | ||||
-rw-r--r-- | roles/git/files/etc/nginx/sites-available/gitweb | 48 |
2 files changed, 44 insertions, 78 deletions
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git index 9510620..75c1512 100644 --- a/roles/git/files/etc/nginx/sites-available/git +++ b/roles/git/files/etc/nginx/sites-available/git @@ -7,31 +7,38 @@ server { access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; + location ^~ /static/ { + alias /usr/share/cgit/; + expires 30d; + } + # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. - location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { root /var/lib/gitolite/repositories; try_files /$1.git/objects/$2 /$1/objects/$2 =404; + expires 30d; + # TODO honor git-daemon-export-ok } - # Disallow push over HTTP(S) - location ~* ^/[^/]+/git-receive-pack$ { - return 403; - } + # disallow push over HTTP/HTTPS + location ~* "^/[^/]+/git-receive-pack$" { return 403; } - location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { - fastcgi_param PATH_INFO $uri; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL 1; - fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/var/run/fcgiwrap.socket; + location ~* "^/[^/]+/(?:HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" { gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + uwsgi_pass unix:/run/uwsgi/app/git-http-backend/socket; } - # Redirect to gitweb otherwise - location ~ ^/([^/]+/?)?$ { - return 302 $scheme://gitweb.fripost.org/$1; + + # send all other URLs to cgit + location / { + gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/app/cgit/socket; } } @@ -49,30 +56,37 @@ server { access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; + location ^~ /static/ { + alias /usr/share/cgit/; + expires 30d; + } + # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. - location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { root /var/lib/gitolite/repositories; try_files /$1.git/objects/$2 /$1/objects/$2 =404; + expires 30d; + # TODO honor git-daemon-export-ok } - # Disallow push over HTTP(S) - location ~* ^/[^/]+/git-receive-pack$ { - return 403; - } + # disallow push over HTTP/HTTPS + location ~* "^/[^/]+/git-receive-pack$" { return 403; } - location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { - fastcgi_param PATH_INFO $uri; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL 1; - fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/var/run/fcgiwrap.socket; + location ~* "^/[^/]+/(?:HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" { gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + uwsgi_pass unix:/run/uwsgi/app/git-http-backend/socket; } - # Redirect to gitweb otherwise - location ~ ^/([^/]+/?)?$ { - return 302 $scheme://gitweb.fripost.org/$1; + + # send all other URLs to cgit + location / { + gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/app/cgit/socket; } } diff --git a/roles/git/files/etc/nginx/sites-available/gitweb b/roles/git/files/etc/nginx/sites-available/gitweb deleted file mode 100644 index 3814145..0000000 --- a/roles/git/files/etc/nginx/sites-available/gitweb +++ /dev/null @@ -1,48 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name gitweb.fripost.org; - - access_log /var/log/nginx/gitweb.access.log; - error_log /var/log/nginx/gitweb.error.log info; - - location ^~ /static/ { - alias /usr/share/gitweb/static/; - } - - try_files $uri @fcgi; - location @fcgi { - root /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/run/gitweb.socket; - gzip off; - } -} - - -server { - listen 443; - listen [::]:443; - - server_name gitweb.fripost.org; - - include ssl/config; - ssl_certificate /etc/nginx/ssl/git.fripost.org.pem; - ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key; - - access_log /var/log/nginx/gitweb.access.log; - error_log /var/log/nginx/gitweb.error.log info; - - location ^~ /static/ { - alias /usr/share/gitweb/static/; - } - - try_files $uri @fcgi; - location @fcgi { - root /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/run/gitweb.socket; - gzip off; - } -} |