## ## NGINX configuration for git.{sv,savannah}.{gnu,nongnu}.org ## # Redirect git.gnu.org to git.savannah.gnu.org server { server_name git.gnu.org; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /var/local/dehydrated/certs/git.savannah.gnu.org/fullchain.pem; ssl_certificate_key /var/local/dehydrated/certs/git.savannah.gnu.org/privkey.pem; include ssl_params.local; location = /.well-known { return 302 $request_uri/; } location /.well-known/ { autoindex on; root /var/local/dehydrated/www; } location / { return 302 $scheme://git.savannah.gnu.org$request_uri; } } # Redirect .sv.gnu.org to .savannah.gnu.org server { server_name git.sv.gnu.org; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /var/local/dehydrated/certs/git.savannah.gnu.org/fullchain.pem; ssl_certificate_key /var/local/dehydrated/certs/git.savannah.gnu.org/privkey.pem; include ssl_params.local; location = /.well-known { return 302 $request_uri/; } location /.well-known/ { autoindex on; root /var/local/dehydrated/www; } location / { return 302 $scheme://git.savannah.gnu.org$request_uri; } } # Redirect .sv.nongnu.org to .savannah.nongnu.org server { server_name git.sv.nongnu.org; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /var/local/dehydrated/certs/git.savannah.gnu.org/fullchain.pem; ssl_certificate_key /var/local/dehydrated/certs/git.savannah.gnu.org/privkey.pem; include ssl_params.local; location = /.well-known { return 302 $request_uri/; } location /.well-known/ { autoindex on; root /var/local/dehydrated/www; } location / { return 302 $scheme://git.savannah.nongnu.org$request_uri; } } # Serve web requests server { server_name git.savannah.gnu.org git.savannah.nongnu.org; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /var/local/dehydrated/certs/git.savannah.gnu.org/fullchain.pem; ssl_certificate_key /var/local/dehydrated/certs/git.savannah.gnu.org/privkey.pem; include ssl_params.local; location = /.well-known { return 302 $request_uri/; } location /.well-known/ { autoindex on; root /var/local/dehydrated/www; } client_body_timeout 10s; client_header_timeout 10s; root /opt/savannah/www/vcs/git; # # Direct access to git repositories # # Note that "location /r" matches /robots.txt too and causes # problems. Use "= /r" instead and set things up with the # needed directory redirect explicitly. location = /r { return 302 $request_uri/; } location /r/ { autoindex on; alias /srv/git/; } location = /git { return 302 $request_uri/; } location /git/ { autoindex on; root /srv; location ~ ^/git(/.*/(info/refs|git-upload-pack)$) { gzip off; include fastcgi_params; fastcgi_pass unix:/run/fcgiwrap.socket; fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; fastcgi_param PATH_INFO $1; fastcgi_param GIT_HTTP_EXPORT_ALL true; fastcgi_param GIT_PROJECT_ROOT /srv/git; client_max_body_size 0; # fastcgi_read_timeout increase needed by emacs repos, https://savannah.nongnu.org/support/?110322 fastcgi_read_timeout 300s; # default 60s } } # # GitWeb CGI # location /gitweb-disabled-list.html { # We'll reach here if the user tried to view "/gitweb/" # without CGI parameters - asking for the entire project list. # Gitweb is EXTREMELY inefficient in scanning all the repositories, # and this times out (and 'wastes' a FastCGI child). # Instead, show a start page. } location = /gitweb/static { return 302 $request_uri/; } location /gitweb/static/ { # Serve static files directly from /usr/share/gitweb/static root /usr/share/ ; expires 30d; } location = /gitweb { return 302 $scheme://$host$request_uri/; } location /gitweb/ { limit_req zone=one burst=15; gzip off; if ( $args = "" ) { # We will reach here if the user tried to view "/gitweb/" # without CGI parameters - asking for the entire project list. # Gitweb is EXTREMELY inefficient in scanning all the repositories, # and this times out (and 'wastes' a FastCGI child). # # If there are no CGI parameteres, rewrite to a static page. # (see below for the matching "location"). rewrite ^.* /gitweb-disabled-list.html last; } fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; include fastcgi_params; fastcgi_pass unix:/run/fcgiwrap.socket; } # # CGIT # location = /cgit-css { return 302 $request_uri/; } location /cgit-css/ { alias /usr/share/cgit/; expires 1d; } location = /cgit { return 302 $request_uri/; } location /cgit/ { location ~ /cgit/cgit\.(png|css)$ { root /usr/share/; expires 1d; } limit_req zone=one burst=15; gzip off; include fastcgi_params; fastcgi_param CGIT_CONFIG /etc/cgitrc; fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_split_path_info ^(/cgit)(/?.+)$; fastcgi_pass unix:/run/fcgiwrap.socket; # Downloading and Emacs project tar.z cgit dynamically # created file requires at least 3 minutes at 100% cpu # to create the xz compressed file. Using gz is much # better. gz has a slightly larger file than xz but # compresses in half the time using less cpu. Use gz # if possible. It completes in half the time. fastcgi_read_timeout 300s; } # 2017-jun-05,agn: # A Tiny CGI script, used to test whether fcgiwrap # is working or not. # see: # https://lists.gnu.org/archive/html/savannah-users/2017-06/msg00000.html # http://lists.gnu.org/archive/html/savannah-hackers-public/2017-06/msg00000.html location = /ping { gzip off; include fastcgi_params; fastcgi_pass unix:/run/fcgiwrap.socket; fastcgi_param SCRIPT_FILENAME /opt/savannah/cgi-bin/cgi-ping/ping.pl; } location = /cgi-bin { return 302 $request_uri/; } location /cgi-bin/ { root /usr/lib; include fcgiwrap_params.local; } location = /munin { return 302 $request_uri/; } location /munin/ { alias /var/cache/munin/www/; index index.html; } }