--- /dev/null
+# path to git projects (<project>.git)
+$projectroot = "/var/www/public_repos";
+
+# directory to use for temp files
+# explicitely set by Debian so it's probably a good choice
+$git_temp = "/tmp";
+
+# git-diff-tree(1) options to use for generated patches
+# we don't want to to guess renames, so empty
+@diff_opts = ();
+
+# Base path for where to find the repos for cloning.
+@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone');
+
+# allow snapshots
+$feature{'snapshot'}{'default'} = ['zip', 'tgz'];
+
+# insert header for GDPR compliance
+$site_header = "/var/www/header.html"
}
http {
- # define content-type headers
- types {
- text/html html htm shtml;
- #text/css css;
- #text/xml xml;
- #text/plain txt sh rst md;
- #application/xhtml+xml xhtml;
- #application/pdf pdf;
- #image/jpeg jpg jpeg;
- #image/png png;
- }
- default_type application/octet_stream;
- charset utf-8;
+ # define content-type headers
+ types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ text/plain txt sh rst md;
+ application/xhtml+xml xhtml;
+ application/pdf pdf;
+ image/jpeg jpg jpeg;
+ image/png png;
+ }
+ default_type application/octet_stream;
+ charset utf-8;
+
+ # logging deactivated due to GDPR
+ #access_log /var/log/nginx/access.log;
+ #error_log /var/log/nginx/error.log;
+
+ # HTTP server: only enforce HTTPS
+ server {
+ listen 80;
+ return 301 https://$host$request_uri;
+ }
- # logging deactivated due to DSGVO
- #access_log /var/log/nginx/access.log;
- #error_log /var/log/nginx/error.log;
+ # HTTPS server
+ server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www/html/;
+ index index.html index.htm index.nginx-debian.html;
+
+ # serve /var/www/public_repos/* for HTTPS git cloning
+ location ~ /repos/clone(/.*) {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /var/www/public_repos;
+ fastcgi_param PATH_INFO $1;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ }
- # HTTP server: only enforce HTTPS
- server {
- listen 80;
- return 301 https://$host$request_uri;
+ # gitweb static files
+ location /repos/static/ {
+ alias /usr/share/gitweb/static/;
}
- # HTTPS server
- server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/html/;
- index index.html index.htm index.nginx-debian.html;
+ # gitweb; this needs packages fcgiwrap and gitweb
+ location /repos/ {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
+ fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
+ }
}
projects / config / commitdiff