diff options
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/cloud/git.org | 47 | ||||
| -rw-r--r-- | guides/cloud/vps.org | 58 |
2 files changed, 54 insertions, 51 deletions
diff --git a/guides/cloud/git.org b/guides/cloud/git.org deleted file mode 100644 index 11ec021..0000000 --- a/guides/cloud/git.org +++ /dev/null @@ -1,47 +0,0 @@ -Necessary configurations for running cgit behind nginx on Debian. -* nginx -In =/etc/nginx/sites-available/git.domain.tld=: -#+begin_src -server { - listen 80; - listen [::]:80; - - server_name git.domain.tld; - - root /usr/share/cgit; - try_files $uri @cgit; - - location @cgit { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:/run/fcgiwrap.socket; - } -} -#+end_src -* cgit -In =/etc/cgitrc=: -#+begin_src conf -css=/cgit.css -logo=/cgit.png -virtual-root=/ - -scan-path=/srv/git -#+end_src -* git -#+begin_src sh -$ sudo echo $(which git-shell) >> /etc/shells -$ sudo adduser git --disabled-password --shell $(which git-shell) -# Add SSH keys to ~git/.ssh/authorized_keys, prefixed with: -# "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " -$ sudo addgroup git-data -$ sudo adduser git git-data -$ sudo adduser www-data git-data -$ sudo mkdir /srv/git -$ sudo chown git:git-data /srv/git -$ sudo chmod g+s /srv/git -# For each repo: -$ sudo -u git git init --bare /srv/git/$repo -#+end_src diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org index 1224a17..511c443 100644 --- a/guides/cloud/vps.org +++ b/guides/cloud/vps.org @@ -52,12 +52,12 @@ server { listen 80; listen [::]:80; - root /var/www/$FQDN/html; - index index.html; - server_name $FQDN www.$FQDN; access_log /var/log/nginx/$FQDN.access.log; + root /var/www/$FQDN/html; + index index.html; + location / { try_files $uri $uri/ =404; } @@ -112,4 +112,54 @@ $ sudo chown git:git /srv/git $ sudo -u git git init --bare --shared=group /srv/git/${repo} #+end_src -*** TODO Web mirror +*** Web mirror +With =/etc/nginx/sites-available/git.$FQDN=: +#+begin_src conf +server { + listen 80; + listen [::]:80; + + server_name git.$FQQN; + access_log /var/log/nginx/git.$FQQN.access.log; + + root /usr/share/cgit; + try_files $uri @cgit; + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/run/fcgiwrap.socket; + } +} +#+end_src + +And =/etc/cgitrc/=: +#+begin_src conf +css=/cgit.css +logo=/cgit.png + +virtual-root=/ +clone-prefix=http://git.$FQDN +clone-url=http://git.$FQDN/$CGIT_REPO_URL + +enable-git-config=1 +enable-http-clone=1 +enable-index-owner=0 +scan-path=/srv/git +#+end_src + +In each repository: +- fill in =description=, +- fill =[cgit]= section in =config= (=hide=, =owner=). + +Do: +#+begin_src sh +$ sudo apt install cgit fcgiwrap +$ ( cd /etc/sites-enabled/ && ln -s ../sites-avaiable/git.$FQDN . ) +$ sudo systemctl restart nginx +# Make fail2ban notice the new log file. +$ sudo systemctl restart fail2ban +#+end_src |