blob: 4d3a710dd5e653d0723f4cf1fea6d35263973d38 (
about) (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
http2 on;
access_log /var/log/nginx/access.log i2pd;
location /.well-known/ {
root /var/www/localhost/htdocs;
}
location ~ "^/(~[^/]+)/(.+/objects/[0-9a-f]{2}/[0-9a-f]{38})$" {
root /opt/cgit-space/users;
add_header Handler "git object" always;
}
location ~ "^/~[^/]+/.*\.git/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack)$" {
fastcgi_pass 127.0.0.1:1733;
include fastcgi-git-http-backend.conf;
add_header Handler "git-http-backend" always;
}
location ~ ^/~[^/]+$ {
if (-d /opt/cgit-space/users$uri) {
return 301 $uri/;
}
}
location ~ ^/(~[^/]+)/ {
if (!-d /opt/cgit-space/users/$1) {
return 404;
}
#<select name='h' onchange='this.form.submit();'>
set $CSPjs_brsw "'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='"; #branch switcher
#from /usr/lib64/cgit/filters/html-converters/md2html
set $CSPcss_markdown "'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='"; #md2html
#python -c 'import pygments.formatters, hashlib, sys; sys.stdout.buffer.write(hashlib.sha256(pygments.formatters.HtmlFormatter(style="pastie", nobackground=True).get_style_defs(".highlight").encode("utf8")).digest())' | base64
set $CSPcss_syntax "'sha256-x5EoeM7mmuP1LWxpf/pgB2Zb9MMQAVtw5Xj3jN5U8i0='"; #syntax
#https://cgit.space/~steering/autopeer.git/commit/authorized_keys.sh?id=38fca7692e900589338eade8b5667a483575f5af diffstat
#set $CSPcss_width100 "'sha256-ZFTJlMhW3m2AbQ2U0YbZDdYHJvYjPBCcHckJcyDt25o='";
#set $CSPcss_width0 "'sha256-kTVTGy3RZGpMQ8RgkbpHLRIkw2MsbWtg4jjmZzyM9uI='";
add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' $CSPjs_brsw; style-src $http_host/extra-cgit.css $http_host/cgit/ 'unsafe-hashes' $CSPcss_markdown $CSPcss_syntax";# $CSPcss_width100 $CSPcss_width0";
fastcgi_pass 127.0.0.1:1733;
include fastcgi-cgit.conf;
add_header Handler "cgit" always;
}
location / {
root /home/cgitspace/www/public;
try_files $uri $uri/ =404;
}
location ~ ^/[^/]+\.html($|/) {
root /home/cgitspace/www/public;
try_files $uri $uri/ =404;
fastcgi_index index.html;
fastcgi_pass unix:/run/php-fpm/cgit.sock;
include fastcgi_params;
}
location ^~ /cgit/ {
alias /usr/share/webapps/cgit/9999-r9999/htdocs/;
add_header Handler "cgit-static" always;
}
location = /basic_status {
stub_status;
access_log off;
allow 127.0.0.1;
allow ::1;
allow 10.0.0.0/24;
allow 172.20.210.4;
deny all;
}
|
