Mercurial > self-hosted
comparison CGIT/cgit.nginx @ 3:8e515a52c7a9
add:Cgit File
| author | Pluto <meokcin@gmail.com> |
|---|---|
| date | Tue, 03 Sep 2024 17:14:28 +0800 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 2:c8c80b5286b1 | 3:8e515a52c7a9 |
|---|---|
| 1 server { | |
| 2 listen [::]:80; | |
| 3 listen 80; | |
| 4 server_name git.yourdomain.com; | |
| 5 return 301 https://$server_name$request_uri; | |
| 6 } | |
| 7 | |
| 8 server { | |
| 9 listen [::]:443 ssl http2; | |
| 10 listen 443 ssl http2; | |
| 11 server_name git.yourdomain.com; | |
| 12 | |
| 13 # SSL Certificate Path | |
| 14 ssl_certificate /etc/nginx/cert/git.yourdomain.com.pem; | |
| 15 ssl_certificate_key /etc/nginx/cert/git.yourdomain.com.key; | |
| 16 | |
| 17 # SSL Security | |
| 18 ssl_protocols TLSv1.2 TLSv1.3; | |
| 19 ssl_prefer_server_ciphers on; | |
| 20 ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; | |
| 21 | |
| 22 ssl_session_timeout 1d; | |
| 23 ssl_session_cache shared:SSL:10m; | |
| 24 | |
| 25 # Site Log path | |
| 26 access_log /var/log/nginx/cgit-access.log; | |
| 27 error_log /var/log/nginx/cgit-error.log; | |
| 28 | |
| 29 root /var/www/cgit; | |
| 30 try_files $uri @cgit; | |
| 31 client_max_body_size 10m; | |
| 32 | |
| 33 location @cgit { | |
| 34 include fastcgi_params; | |
| 35 # cgit's CGI script path | |
| 36 fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi; | |
| 37 fastcgi_param DOCUMENT_ROOT /usr/lib/git-core; | |
| 38 fastcgi_pass unix:/var/run/fcgiwrap.socket; | |
| 39 fastcgi_param PATH_INFO $uri; | |
| 40 fastcgi_param QUERY_STRING $args; | |
| 41 fastcgi_param HTTP_HOST $server_name; | |
| 42 fastcgi_param GIT_HTTP_EXPORT_ALL ""; | |
| 43 fastcgi_param GIT_PROJECT_ROOT /home/git; | |
| 44 | |
| 45 if ($arg_service = git-receive-pack) { | |
| 46 rewrite (/.*) /git_write/$1 last; | |
| 47 } | |
| 48 | |
| 49 if ($uri ~ ^/.*/git-receive-pack$) { | |
| 50 rewrite (/.*) /git_write/$1 last; | |
| 51 } | |
| 52 | |
| 53 if ($arg_service = git-upload-pack) { | |
| 54 rewrite (/.*) /git_read/$1 last; | |
| 55 } | |
| 56 | |
| 57 if ($uri ~ ^/.*/git-upload-pack$) { | |
| 58 rewrite (/.*) /git_read/$1 last; | |
| 59 } | |
| 60 } | |
| 61 | |
| 62 location ~ /git_read/(.*) { | |
| 63 include git-http-backend.conf; | |
| 64 } | |
| 65 | |
| 66 location ~ /git_write/(.*) { | |
| 67 # HTTP Basic Authentication | |
| 68 auth_basic "Authentication Required To Push"; | |
| 69 auth_basic_user_file /etc/nginx/.htpasswd; | |
| 70 include git-http-backend.conf; | |
| 71 } | |
| 72 } |
