summaryrefslogtreecommitdiffstats
path: root/var/jail/www/usr/local/etc
diff options
context:
space:
mode:
authorJoeServ <bousset.rudy@gmail.com>2023-02-27 15:41:41 +0100
committerJoeServ <bousset.rudy@gmail.com>2023-02-27 15:41:41 +0100
commit9208846b5747abcd08792605511a1dd1ab457ccf (patch)
tree4a4ca4dc60f12272c864a230f2f18519fd607ecf /var/jail/www/usr/local/etc
parentupdate (diff)
downloadjoe-conf-9208846b5747abcd08792605511a1dd1ab457ccf.tar.gz
joe-conf-9208846b5747abcd08792605511a1dd1ab457ccf.tar.bz2
joe-conf-9208846b5747abcd08792605511a1dd1ab457ccf.tar.xz
joe-conf-9208846b5747abcd08792605511a1dd1ab457ccf.tar.zst
joe-conf-9208846b5747abcd08792605511a1dd1ab457ccf.zip
Jail rework
Diffstat (limited to 'var/jail/www/usr/local/etc')
-rw-r--r--var/jail/www/usr/local/etc/cgitrc83
-rw-r--r--var/jail/www/usr/local/etc/nginx/nginx.conf144
2 files changed, 227 insertions, 0 deletions
diff --git a/var/jail/www/usr/local/etc/cgitrc b/var/jail/www/usr/local/etc/cgitrc
new file mode 100644
index 0000000..cb8da04
--- /dev/null
+++ b/var/jail/www/usr/local/etc/cgitrc
@@ -0,0 +1,83 @@
+#
+# cgit config
+#
+
+css=/css/cgit.css
+logo=/img/cgit.png
+favicon=/img/favicon.ico
+
+# if you do not want that webcrawler (like google) index your site
+robots=index, nofollow
+
+# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
+virtual-root=/
+
+root-title=GitJoe
+root-desc=where the good code belongs
+root-readme=/var/www/gitjoe/about.html
+footer=/var/www/gitjoe/footer.html
+
+clone-url=git://gitjoe.xyz/$CGIT_REPO_URL
+
+enable-blame=0
+enable-commit-graph=1
+enable-filter-overrides=1
+enable-follow-links=1
+enable-git-config=0
+enable-http-clone=0
+enable-http-serving=0
+enable-index-links=0
+enable-index-owner=0
+enable-log-filecount=1
+enable-log-linecount=1
+enable-remote-branches=1
+enable-subject-links=1
+enable-tree-linenumbers=1
+
+branch-sort=age
+repository-sort=name
+local-time=0
+strict-export=git-daemon-export-ok
+remove-suffix=1
+side-by-side-diffs=0
+section-sort=1
+section-from-path=1
+
+cache-size=0
+
+about-filter=/usr/local/lib/cgit/filters/about-formatting-edited.sh
+source-filter=/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
+
+snapshots=tar.zst tar.gz tar.bz2 tar.xz zip
+max-stats=year
+
+readme=:README.md
+readme=:readme.md
+readme=:README.org
+readme=:readme.org
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.org
+readme=:install.org
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
+
+scan-path=/var/mnt/git
diff --git a/var/jail/www/usr/local/etc/nginx/nginx.conf b/var/jail/www/usr/local/etc/nginx/nginx.conf
new file mode 100644
index 0000000..869ff4d
--- /dev/null
+++ b/var/jail/www/usr/local/etc/nginx/nginx.conf
@@ -0,0 +1,144 @@
+worker_processes 1;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+ gzip on;
+ gzip_vary on;
+ gzip_min_length 1k;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_buffers 4 16k;
+ gzip_http_version 1.1;
+ gzip_comp_level 2;
+ gzip_types text/plain application/x-javascript application/javascript text/css application/xml application/json;
+
+ map $sent_http_content_type $expires {
+ default off;
+ text/css 15m;
+ application/javascript 15m;
+ ~image/ 15m;
+ }
+
+# JOZAN
+
+ server{
+ server_name jozan.org;
+ root /var/www/joe;
+ index index.html;
+ expires $expires;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ location ~ /\.ht {
+ deny all;
+ }
+ location ~ \.cgi$ {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root/asm-example.cgi;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+ }
+ error_page 403 /403.html;
+ location = /403.html {
+ root /var/www/joe/err;
+ }
+ error_page 404 /404.html;
+ location = /404.html {
+ root /var/www/joe/err;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/local/www/nginx-dist;
+ }
+
+ listen 443 ssl; # managed by Certbot
+ ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+ include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+}
+
+# GITJOE
+
+ server {
+ server_name gitjoe.xyz;
+ root /var/www/gitjoe;
+ try_files $uri @cgit;
+ index cgit.cgi;
+
+ location @cgit {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param CGIT_CONFIG /usr/local/etc/cgitrc;
+ fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+
+ gzip off;
+ rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/local/www/nginx-dist;
+ }
+
+ listen 443 ssl;
+
+ ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+}
+
+# REDIRECT 80 to 443
+
+server{
+ if ($host = jozan.org) {
+ return 301 https://$host$request_uri;
+ }
+
+
+ if ($host = www.jozanofastora.xyz) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+
+ if ($host = jozanofastora.xyz) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+
+ if ($host = www.jozan.org) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+ if ($host = gitjoe.xyz) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+ server_name jozan.org www.jozan.org jozanofastora.xyz www.jozanofastora.xyz gitjoe.xyz;
+ listen 80;
+ return 404;
+}
+
+# REDIRECT 443 to JOZAN 443
+
+server{
+ listen 443 ssl;
+ server_name www.jozan.org jozanofastora.xyz www.jozanofastora.xyz;
+ return 301 $scheme://jozan.org$request_uri;
+ ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+ include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+}