server { listen [::]:80; listen 80; server_name git.yourdomain.com; return 301 https://$server_name$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name git.yourdomain.com; # SSL Certificate Path ssl_certificate /etc/nginx/cert/git.yourdomain.com.pem; ssl_certificate_key /etc/nginx/cert/git.yourdomain.com.key; # SSL Security ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; # Site Log path access_log /var/log/nginx/cgit-access.log; error_log /var/log/nginx/cgit-error.log; root /var/www/cgit; try_files $uri @cgit; client_max_body_size 10m; location @cgit { include fastcgi_params; # cgit's CGI script path fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi; fastcgi_param DOCUMENT_ROOT /usr/lib/git-core; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT /home/git; if ($arg_service = git-receive-pack) { rewrite (/.*) /git_write/$1 last; } if ($uri ~ ^/.*/git-receive-pack$) { rewrite (/.*) /git_write/$1 last; } if ($arg_service = git-upload-pack) { rewrite (/.*) /git_read/$1 last; } if ($uri ~ ^/.*/git-upload-pack$) { rewrite (/.*) /git_read/$1 last; } } location ~ /git_read/(.*) { include git-http-backend.conf; } location ~ /git_write/(.*) { # HTTP Basic Authentication auth_basic "Authentication Required To Push"; auth_basic_user_file /etc/nginx/.htpasswd; include git-http-backend.conf; } }