From: Christian Heller Date: Tue, 17 Mar 2020 00:11:18 +0000 (+0100) Subject: GitWeb / git server setup. X-Git-Url: https://plomlompom.com/repos/te"st.html?a=commitdiff_plain;h=17489120d557d9af614693ff6ee60a904ede4629;p=config GitWeb / git server setup. --- diff --git a/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx b/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx deleted file mode 100644 index a1e57d0..0000000 --- a/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www/html/; - index index.html index.htm index.nginx-debian.html; -} diff --git a/buster/etc_files/website/etc/gitweb.conf b/buster/etc_files/website/etc/gitweb.conf new file mode 100644 index 0000000..c6d6f29 --- /dev/null +++ b/buster/etc_files/website/etc/gitweb.conf @@ -0,0 +1,19 @@ +# path to git projects (.git) +$projectroot = "/var/repos"; + +# directory to use for temp files +# explicitely set by Debian so it's probably a good choice +$git_temp = "/tmp"; + +# git-diff-tree(1) options to use for generated patches +# we don't want to to guess renames, so empty +@diff_opts = (); + +# Base path for where to find the repos for cloning. +@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); + +# allow snapshots +$feature{'snapshot'}{'default'} = ['zip', 'tgz']; + +# insert header for GDPR compliance +#$site_header = "/var/www/header.html" diff --git a/buster/etc_files/website/etc/nginx/sites-available/website.nginx b/buster/etc_files/website/etc/nginx/sites-available/website.nginx new file mode 100644 index 0000000..05c9a4b --- /dev/null +++ b/buster/etc_files/website/etc/nginx/sites-available/website.nginx @@ -0,0 +1,31 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; + + # serve /var/repos/* for HTTPS git cloning + location ~ /repos/clone(/.*) { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + # fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /var/repos; + fastcgi_param PATH_INFO $1; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # gitweb static files + location /repos/static/ { + alias /usr/share/gitweb/static/; + } + + # gitweb; this needs packages fcgiwrap and gitweb + location /repos/ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } +} diff --git a/buster/setup_scripts/setup_web_static.sh b/buster/setup_scripts/setup_web_static.sh deleted file mode 100755 index 4c17398..0000000 --- a/buster/setup_scripts/setup_web_static.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -set -e -set -x -# Heavily inspired by - -if [ "$#" -ne 1 ]; then - echo 'Need domain name as argument.' - false -fi -domain="$1" - -# Install configs, set up firewall. -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh web -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web web_static -nft -f /etc/nftables.conf - -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - -# Prepare NGINX config for Pleroma. -sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/static.nginx -ln -s /etc/nginx/sites-available/static.nginx /etc/nginx/sites-enabled/static.nginx - -service nginx restart diff --git a/buster/setup_scripts/setup_website.sh b/buster/setup_scripts/setup_website.sh new file mode 100755 index 0000000..a9909fb --- /dev/null +++ b/buster/setup_scripts/setup_website.sh @@ -0,0 +1,36 @@ +#!/bin/sh +set -e +set -x +# Heavily inspired by + +if [ "$#" -ne 2 ]; then + echo 'Need domain name and mail as argument.' + false +fi +domain="$1" +mail="$2" + +# Install configs, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Set up repos dir. +mkdir /var/repos +chown plom:plom /var/repos +# To use this dir, "git clone --mirror" repo source paths into it as user plom. +# As user plom, touch git-daemon-export-ok files into it to make the repo +# publically available. + +# Prepare NGINX and GitWeb config. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx +ln -s /etc/nginx/sites-available/static.nginx /etc/nginx/sites-enabled/website.nginx + +service nginx restart