diff options
author | Dejavu Moe <[email protected]> | 2023-05-10 21:21:15 +0800 |
---|---|---|
committer | Dejavu Moe <[email protected]> | 2023-05-10 21:21:15 +0800 |
commit | 6450f72242e85e9c9c6493439ad44fe2834a822e (patch) | |
tree | e21d16a5a691c75cfe10586732804fcd318d301d | |
parent | d0c11881d929ec1582cad180fae34939022c8af8 (diff) | |
download | self-hosted-6450f72242e85e9c9c6493439ad44fe2834a822e.tar.gz self-hosted-6450f72242e85e9c9c6493439ad44fe2834a822e.zip |
add cgit
-rw-r--r-- | cgit/cgit.nginx | 71 | ||||
-rw-r--r-- | cgit/git-http-backend.conf | 7 |
2 files changed, 78 insertions, 0 deletions
diff --git a/cgit/cgit.nginx b/cgit/cgit.nginx new file mode 100644 index 0000000..a1f5308 --- /dev/null +++ b/cgit/cgit.nginx @@ -0,0 +1,71 @@ +server { + listen [::]:80; + listen 80; + server_name git.xvo.es; + return 301 https://$server_name$request_uri; +} + +server { + listen [::]:443 ssl http2; + listen 443 ssl http2; + server_name git.xvo.es; + + # SSL 证书 + ssl_certificate /etc/nginx/cert/git.xvo.es.pem; + ssl_certificate_key /etc/nginx/cert/git.xvo.es.key; + + # SSL 安全套件 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + + # 日志路径 + access_log /var/log/nginx/cgit-access.log; + error_log /var/log/nginx/cgit-error.log; + + root /var/www/cgit; + try_files $uri @cgit; + + location @cgit { + include fastcgi_params; + # cgit 的 CGI 脚本路径 + fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi; + fastcgi_param DOCUMENT_ROOT /usr/lib/git-core; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /home/git; + + if ($arg_service = git-receive-pack) { + rewrite (/.*) /git_write/$1 last; + } + + if ($uri ~ ^/.*/git-receive-pack$) { + rewrite (/.*) /git_write/$1 last; + } + + if ($arg_service = git-upload-pack) { + rewrite (/.*) /git_read/$1 last; + } + + if ($uri ~ ^/.*/git-upload-pack$) { + rewrite (/.*) /git_read/$1 last; + } + } + + location ~ /git_read/(.*) { + include git-http-backend.conf; + } + + location ~ /git_write/(.*) { + # HTTP 基本认证 + auth_basic "Require password to push to git.xvo.es:"; + auth_basic_user_file /etc/nginx/.htpasswd; + include git-http-backend.conf; + } +}
\ No newline at end of file diff --git a/cgit/git-http-backend.conf b/cgit/git-http-backend.conf new file mode 100644 index 0000000..d9aa350 --- /dev/null +++ b/cgit/git-http-backend.conf @@ -0,0 +1,7 @@ +fastcgi_pass unix:/var/run/fcgiwrap.socket; +include fastcgi_params; +fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; +fastcgi_param GIT_HTTP_EXPORT_ALL ""; +fastcgi_param GIT_PROJECT_ROOT /home/git; +fastcgi_param PATH_INFO $1; +fastcgi_param REMOTE_USER $remote_user;
\ No newline at end of file |