# system integration
user www-data;
worker_processes auto;
pid /run/nginx.pid;

# is expected even if empty
events {
}

http {
    # define content-type headers
    types {
        text/html html htm shtml;
        text/css css;
        text/xml xml;
        text/plain txt sh rst md;
        application/xhtml+xml xhtml;
        application/pdf pdf;
        image/jpeg jpg jpeg;
        image/png png;
    }
    default_type application/octet_stream;
    charset utf-8;

    # logging deactivated due to GDPR
    #access_log /var/log/nginx/access.log;
    #error_log /var/log/nginx/error.log;

    # HTTP server: only enforce HTTPS
    server {
        listen 80;
        return 301 https://$host$request_uri;
    }

    # HTTPS server
    server {
        listen 443 ssl;
        server_name REPLACE_fqdn_ECALPER;
        ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
        root /var/www/html/;
        index index.html index.htm index.nginx-debian.html;

        # serve /var/www/public_repos/* for HTTPS git cloning
        location ~ /repos/clone(/.*) {
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
            fastcgi_param GIT_HTTP_EXPORT_ALL "";
            fastcgi_param GIT_PROJECT_ROOT /var/public_repos;
            fastcgi_param PATH_INFO $1;
            fastcgi_pass unix:/var/run/fcgiwrap.socket;
        }

        # gitweb static files
        location /repos/static/ {
            alias /usr/share/gitweb/static/;
        }

        # gitweb; this needs packages fcgiwrap and gitweb
        location /repos/ {
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
            fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
            fastcgi_pass unix:/var/run/fcgiwrap.socket;
        }
    }
}