# git.sr.ht nginx config -rw-r--r-- 2.4 KiB View raw 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
server {
	listen 80;
	listen [::]:80;
	server_name git.srht.augendre.info;
	client_max_body_size 100M;

	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src *; script-src 'self'" always;

	gzip on;
	gzip_types text/css text/html;

	location / {
		proxy_pass http://127.0.0.1:5001;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
	}

	location /static {
		root /usr/lib/python3.8/site-packages/gitsrht;
		expires 30d;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /authorize {
		proxy_pass http://127.0.0.1:5001;
		proxy_pass_request_body off;
		proxy_set_header Content-Length "";
		proxy_set_header X-Original-URI $request_uri;
	}

	location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ {
		auth_request /authorize;
		root /var/lib/git;
		fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
		fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
		fastcgi_param PATH_INFO $uri;
		fastcgi_param GIT_PROJECT_ROOT $document_root;
		fastcgi_read_timeout 500s;
		include fastcgi_params;
		gzip off;
	}

	location /query {
		proxy_pass http://127.0.0.1:5101;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
		if ($request_method = 'OPTIONS') {
			add_header 'Access-Control-Allow-Origin' '*';
			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
			add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
			add_header 'Access-Control-Max-Age' 1728000;
			add_header 'Content-Type' 'text/plain; charset=utf-8';
			add_header 'Content-Length' 0;
			return 204;
		}

	        add_header 'Access-Control-Allow-Origin' '*';
        	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        	add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        	add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
	}

	location = /robots.txt {
		root /var/www;
	}
}