Add git repo serving/browsing to web server.

[config] / all_new_2018 / linkable_etc_files / web / etc / nginx / nginx.conf

diff --git a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
index c5cbe48431f38f77ed05d353b05bd0197dcaea6b..ec3e5f99443d0c83fd653ca6e1a68a4771299f2c 100644 (file)
--- a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
+++ b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
@@ -8,37 +8,60 @@ events {
 }
 
 http {
-        # define content-type headers
-        types {
-            text/html                             html htm shtml;
-            #text/css                              css;
-            #text/xml                              xml;
-            #text/plain                            txt sh rst md;
-            #application/xhtml+xml                 xhtml;
-            #application/pdf                       pdf;
-            #image/jpeg                            jpg jpeg;
-            #image/png                             png;
-        }
-        default_type application/octet_stream;
-        charset utf-8;
+    # define content-type headers
+    types {
+        text/html html htm shtml;
+        text/css  css;
+        text/xml xml;
+        text/plain txt sh rst md;
+        application/xhtml+xml xhtml;
+        application/pdf pdf;
+        image/jpeg jpg jpeg;
+        image/png png;
+    }
+    default_type application/octet_stream;
+    charset utf-8;
+
+    # logging deactivated due to GDPR
+    #access_log /var/log/nginx/access.log;
+    #error_log /var/log/nginx/error.log;
+
+    # HTTP server: only enforce HTTPS
+    server {
+        listen 80;
+        return 301 https://$host$request_uri;
+    }
 
-        # logging deactivated due to DSGVO
-       #access_log /var/log/nginx/access.log;
-       #error_log /var/log/nginx/error.log;
+    # HTTPS server
+    server {
+        listen 443 ssl;
+        server_name REPLACE_fqdn_ECALPER;
+        ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+        root /var/www/html/;
+        index index.html index.htm index.nginx-debian.html;
+
+        # serve /var/www/public_repos/* for HTTPS git cloning
+        location ~ /repos/clone(/.*) {
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+            fastcgi_param GIT_HTTP_EXPORT_ALL "";
+            fastcgi_param GIT_PROJECT_ROOT /var/www/public_repos;
+            fastcgi_param PATH_INFO $1;
+            fastcgi_pass unix:/var/run/fcgiwrap.socket;
+        }
 
-        # HTTP server: only enforce HTTPS
-        server {
-                listen 80;
-                return 301 https://$host$request_uri;
+        # gitweb static files
+        location /repos/static/ {
+            alias /usr/share/gitweb/static/;
         }
 
-       # HTTPS server
-        server {
-                listen 443 ssl;
-                server_name REPLACE_fqdn_ECALPER;
-                ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
-                ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
-                root /var/www/html/;
-               index index.html index.htm index.nginx-debian.html;
+        # gitweb; this needs packages fcgiwrap and gitweb
+        location /repos/ {
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME  /usr/share/gitweb/gitweb.cgi;
+            fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
+            fastcgi_pass unix:/var/run/fcgiwrap.socket;
         }
+    }
 }