server.document-root = "/var/www/htdocs"

server.port = 80

server.username = "git"
server.groupname = "git"

server.modules = (
    "mod_access",
    "mod_alias",
    "mod_compress",
    "mod_redirect",
    "mod_rewrite",
    "mod_cgi",
    "mod_auth",
    "mod_setenv",
)

$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
{% if TROVE_SSL_CA_FILE is defined %}  ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem"
{% endif %}
  ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
  ssl.use-sslv2 = "disable"
  ssl.use-sslv3 = "disable"
}

index-file.names = ("index.html")

cgi.assign = ("gitano-command.cgi" => "/usr/bin/lua5.1",
        "gitano-smart-http.cgi" => "/usr/bin/lua5.1",
        "cgit.cgi" => ""
)
cgi.execute-x-only = "enable"

mimetype.assign = (
  ".html" => "text/html",
  ".txt" => "text/plain",
  ".jpg" => "image/jpeg",
  ".png" => "image/png",
  ".css" => "text/css"
)

$HTTP["url"] =~ "^/releases(/|$)" {
        server.dir-listing = "enable"
}

$HTTP["url"] =~ ".*/gitano-command.cgi$" {
        setenv.add-environment = (
                "HOME" => "/home/git",
                "GITANO_ROOT" => "/home/git/repos"
        )

        $HTTP["scheme"] == "https" {
                # gitano-command.cgi controls access over HTTP[S] according to
                # the REMOTE_USER variable set by mod_auth and passed through
                # the environment. If the web server doesn't set REMOTE_USER,
                # then Gitano will treat the request as anonymous and deny
                # access appropriately.
                include "git-auth.conf"
        }
}

$HTTP["url"] =~ "^/git/.*$" {
        alias.url += ( "/git" => "/var/www/htdocs/gitano-smart-http.cgi" )

        cgi.assign = ("" => "")
        setenv.add-environment = (
                "GIT_HTTP_EXPORT_ALL" => "",
                "GIT_PROJECT_ROOT" => "/home/git/repos",
                "HOME" => "/home/git",
                "GITANO_ROOT" => "/home/git/repos"
        )

        $HTTP["scheme"] == "https" {
                # gitano-smart-http.cgi controls access over HTTP[S] according to
                # the REMOTE_USER variable set by mod_auth and passed through
                # the environment. If the web server doesn't set REMOTE_USER,
                # then Gitano will treat the request as anonymous and deny
                # access appropriately.
                include "git-auth.conf"
        }
}

# Avoid needlessly long cgit URLs. This must correspond with the
# 'virtual-root' setting in /etc/cgitrc.
url.rewrite-if-not-file = (
    "^/cgit/(.*)$" => "/cgi-bin/cgit.cgi/$1",
)

# Allow /baserock and /delta, but redirect them to the proper /cgit/ path.
# Troves can contain arbitrary project names, so we can't do this for all
# projects, we just special-case the ones for git.baserock.org.
$HTTP["url"] =~ "^/(baserock|delta)(/.*)?$" {
    url.redirect = ( "^/(.*)" => "/cgit/$1" )
}