diff options
| author |  steering7253 | 2026-04-29 19:12:54 -0600 |
|---|---|---|
| committer | steering7253 | 2026-04-29 19:12:54 -0600 |
| commit | 121b82decc698f87c3e929b0b3008dc3d965992a (patch) | |
| tree | 1bf18bee8747bf4333975ea6b480b01e11beb5b1 | |
| parent | new onion (diff) | |
tildefy and add CSP
| -rw-r--r-- | fastcgi-git-http-backend.conf | 2 | ||||
| -rw-r--r-- | nginx.conf | 24 | ||||
| -rw-r--r-- | server.conf | 30 |
3 files changed, 25 insertions, 31 deletions
diff --git a/fastcgi-git-http-backend.conf b/fastcgi-git-http-backend.conf index 8db9f40..16c4ee9 100644 --- a/fastcgi-git-http-backend.conf +++ b/fastcgi-git-http-backend.conf @@ -1,6 +1,6 @@ #fastcgi_index index.php; -fastcgi_param GIT_PROJECT_ROOT /home/; +fastcgi_param GIT_PROJECT_ROOT /opt/cgit-space/users; fastcgi_param GIT_HTTP_EXPORT_ALL 1; fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; @@ -104,16 +104,16 @@ http { include server.conf; } - server { - listen unix:/var/run/tor/dn42.sock; - server_name dn422hid5ejv7p67nw3nvn3uoqhxrr57hsagg2yxwsn72vuxwgi5veyd.onion; - - location / { - proxy_pass https://dn42.wiki; - proxy_set_header Host dn42.wiki; - proxy_set_header X-Real-IP $remote_addr; - proxy_ssl_server_name on; - #proxy_set_header X-Forwarded-For $remote_addr; - } - } +# server { +# listen unix:/var/run/tor/dn42.sock; +# server_name dn422hid5ejv7p67nw3nvn3uoqhxrr57hsagg2yxwsn72vuxwgi5veyd.onion; +# +# location / { +# proxy_pass https://dn42.wiki; +# proxy_set_header Host dn42.wiki; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_ssl_server_name on; +# #proxy_set_header X-Forwarded-For $remote_addr; +# } +# } } diff --git a/server.conf b/server.conf index de6ab08..aa75869 100644 --- a/server.conf +++ b/server.conf @@ -5,39 +5,33 @@ location /.well-known/ { root /var/www/localhost/htdocs; } -location ~ "^/([^/]+)/(.+/objects/[0-9a-f]{2}/[0-9a-f]{38})$" { - alias /home/$1/$2; +location ~ "^/(~[^/]+)/(.+/objects/[0-9a-f]{2}/[0-9a-f]{38})$" { + root /opt/cgit-space/users; add_header Handler "git object" always; } -location ~ "^/[^/]+/.*\.git/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack)$" { +location ~ "^/~[^/]+/.*\.git/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack)$" { fastcgi_pass 127.0.0.1:1733; include fastcgi-git-http-backend.conf; add_header Handler "git-http-backend" always; } -location ~ /.+/ { +location ~ ^/~.+/ { + add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' 'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='; style-src $http_host/extra-cgit.css $http_host/cgit/ 'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='"; + fastcgi_pass 127.0.0.1:1733; include fastcgi-cgit.conf; add_header Handler "cgit" always; } -location = / { - try_files /dev/null @index; -} -location = /index.html { - try_files /dev/null @index; -} -location @index { + +location / { root /home/cgitspace/www/public; - fastcgi_index index.html; try_files $uri $uri/ =404; - fastcgi_pass unix:/run/php-fpm/cgit.sock; - include fastcgi_params; } -location / { - if (-d /home/$uri) { - return 301 $uri/; - } +location ~ ^/[^/]+\.html($|/) { root /home/cgitspace/www/public; try_files $uri $uri/ =404; + fastcgi_index index.html; + fastcgi_pass unix:/run/php-fpm/cgit.sock; + include fastcgi_params; } location ^~ /cgit/ { alias /usr/share/webapps/cgit/9999-r9999/htdocs/; |