From 4bd4edbb46ec15969f7de6acc5b24dd60275d0bb Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Wed, 5 Dec 2018 01:13:52 +0100
Subject: [PATCH] Add git repo serving/browsing to web server.

---
 .../linkable_etc_files/web/etc/gitweb.conf    | 19 +++++
 .../web/etc/nginx/nginx.conf                  | 79 ++++++++++++-------
 all_new_2018/setup_web.sh                     |  3 +-
 3 files changed, 72 insertions(+), 29 deletions(-)
 create mode 100644 all_new_2018/linkable_etc_files/web/etc/gitweb.conf

diff --git a/all_new_2018/linkable_etc_files/web/etc/gitweb.conf b/all_new_2018/linkable_etc_files/web/etc/gitweb.conf
new file mode 100644
index 0000000..c89282b
--- /dev/null
+++ b/all_new_2018/linkable_etc_files/web/etc/gitweb.conf
@@ -0,0 +1,19 @@
+# path to git projects (<project>.git)
+$projectroot = "/var/www/public_repos";
+
+# directory to use for temp files
+# explicitely set by Debian so it's probably a good choice
+$git_temp = "/tmp";
+
+# git-diff-tree(1) options to use for generated patches
+# we don't want to to guess renames, so empty
+@diff_opts = ();
+
+# Base path for where to find the repos for cloning.
+@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone');
+
+# allow snapshots
+$feature{'snapshot'}{'default'} = ['zip', 'tgz'];
+
+# insert header for GDPR compliance
+$site_header = "/var/www/header.html"
diff --git a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
index c5cbe48..ec3e5f9 100644
--- a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
+++ b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
@@ -8,37 +8,60 @@ events {
 }
 
 http {
-        # define content-type headers
-        types {
-            text/html                             html htm shtml;
-            #text/css                              css;
-            #text/xml                              xml;
-            #text/plain                            txt sh rst md;
-            #application/xhtml+xml                 xhtml;
-            #application/pdf                       pdf;
-            #image/jpeg                            jpg jpeg;
-            #image/png                             png;
-        }
-        default_type application/octet_stream;
-        charset utf-8;
+    # define content-type headers
+    types {
+        text/html html htm shtml;
+        text/css  css;
+        text/xml xml;
+        text/plain txt sh rst md;
+        application/xhtml+xml xhtml;
+        application/pdf pdf;
+        image/jpeg jpg jpeg;
+        image/png png;
+    }
+    default_type application/octet_stream;
+    charset utf-8;
+
+    # logging deactivated due to GDPR
+    #access_log /var/log/nginx/access.log;
+    #error_log /var/log/nginx/error.log;
+
+    # HTTP server: only enforce HTTPS
+    server {
+        listen 80;
+        return 301 https://$host$request_uri;
+    }
 
-        # logging deactivated due to DSGVO
-	#access_log /var/log/nginx/access.log;
-	#error_log /var/log/nginx/error.log;
+    # HTTPS server
+    server {
+        listen 443 ssl;
+        server_name REPLACE_fqdn_ECALPER;
+        ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+        root /var/www/html/;
+        index index.html index.htm index.nginx-debian.html;
+
+        # serve /var/www/public_repos/* for HTTPS git cloning
+        location ~ /repos/clone(/.*) {
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+            fastcgi_param GIT_HTTP_EXPORT_ALL "";
+            fastcgi_param GIT_PROJECT_ROOT /var/www/public_repos;
+            fastcgi_param PATH_INFO $1;
+            fastcgi_pass unix:/var/run/fcgiwrap.socket;
+        }
 
-        # HTTP server: only enforce HTTPS
-        server {
-                listen 80;
-                return 301 https://$host$request_uri;
+        # gitweb static files
+        location /repos/static/ {
+            alias /usr/share/gitweb/static/;
         }
 
-	# HTTPS server
-        server {
-                listen 443 ssl;
-                server_name REPLACE_fqdn_ECALPER;
-                ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
-                ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
-                root /var/www/html/;
-		index index.html index.htm index.nginx-debian.html;
+        # gitweb; this needs packages fcgiwrap and gitweb
+        location /repos/ {
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME  /usr/share/gitweb/gitweb.cgi;
+            fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
+            fastcgi_pass unix:/var/run/fcgiwrap.socket;
         }
+    }
 }
diff --git a/all_new_2018/setup_web.sh b/all_new_2018/setup_web.sh
index 8aac7ef..55edd39 100644
--- a/all_new_2018/setup_web.sh
+++ b/all_new_2018/setup_web.sh
@@ -3,5 +3,6 @@ set -e
 
 ./hardlink_etc.sh web
 sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf
-apt -y -o Dpkg::Options::=--force-confold install nginx
+sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf
+apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap
 iptables-restore /etc/iptables/rules.v4
-- 
2.30.2