1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
server.document-root = "/var/www/htdocs"
server.port = 80
server.username = "git"
server.groupname = "git"
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite",
"mod_cgi",
"mod_auth",
"mod_setenv",
)
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
{% if TROVE_SSL_CA_FILE is defined %} ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem"
{% endif %}
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
index-file.names = ("index.html")
cgi.assign = ("gitano-command.cgi" => "/usr/bin/lua5.1",
"gitano-smart-http.cgi" => "/usr/bin/lua5.1",
"cgit.cgi" => ""
)
cgi.execute-x-only = "enable"
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".jpg" => "image/jpeg",
".png" => "image/png",
".css" => "text/css"
)
$HTTP["url"] =~ "^/releases(/|$)" {
server.dir-listing = "enable"
}
$HTTP["url"] =~ ".*/gitano-command.cgi$" {
setenv.add-environment = (
"HOME" => "/home/git",
"GITANO_ROOT" => "/home/git/repos"
)
$HTTP["scheme"] == "https" {
# gitano-command.cgi controls access over HTTP[S] according to
# the REMOTE_USER variable set by mod_auth and passed through
# the environment. If the web server doesn't set REMOTE_USER,
# then Gitano will treat the request as anonymous and deny
# access appropriately.
include "git-auth.conf"
}
}
$HTTP["url"] =~ "^/git/.*$" {
alias.url += ( "/git" => "/var/www/htdocs/gitano-smart-http.cgi" )
cgi.assign = ("" => "")
setenv.add-environment = (
"GIT_HTTP_EXPORT_ALL" => "",
"GIT_PROJECT_ROOT" => "/home/git/repos",
"HOME" => "/home/git",
"GITANO_ROOT" => "/home/git/repos"
)
$HTTP["scheme"] == "https" {
# gitano-smart-http.cgi controls access over HTTP[S] according to
# the REMOTE_USER variable set by mod_auth and passed through
# the environment. If the web server doesn't set REMOTE_USER,
# then Gitano will treat the request as anonymous and deny
# access appropriately.
include "git-auth.conf"
}
}
# Avoid needlessly long cgit URLs. This must correspond with the
# 'virtual-root' setting in /etc/cgitrc.
url.rewrite-if-not-file = (
"^/cgit/(.*)$" => "/cgi-bin/cgit.cgi/$1",
)
# Allow /baserock and /delta, but redirect them to the proper /cgit/ path.
# Troves can contain arbitrary project names, so we can't do this for all
# projects, we just special-case the ones for git.baserock.org.
$HTTP["url"] =~ "^/(baserock|delta)(/.*)?$" {
url.redirect = ( "^/(.*)" => "/cgit/$1" )
}
|
