From 3c7e573772c1b13df0d6c2a6bfaec8b08d97ebc7 Mon Sep 17 00:00:00 2001 From: Joe Date: Sun, 1 May 2022 12:39:38 +0000 Subject: Now everything is working fine --- usr/local/etc/cgitrc | 8 +-- usr/local/etc/gmid.conf | 24 +++++++ usr/local/etc/nginx/nginx.conf | 150 +++++++++++------------------------------ 3 files changed, 67 insertions(+), 115 deletions(-) create mode 100644 usr/local/etc/gmid.conf diff --git a/usr/local/etc/cgitrc b/usr/local/etc/cgitrc index e1ab198..c74366d 100644 --- a/usr/local/etc/cgitrc +++ b/usr/local/etc/cgitrc @@ -14,8 +14,8 @@ virtual-root=/ root-title=GitJoe root-desc=where the good code belongs -root-readme=/usr/local/www/cgit/about.html -footer=/usr/local/www/cgit/footer.html +root-readme=/usr/local/www/gitjoe/about.html +footer=/usr/local/www/gitjoe/footer.html clone-url=git://gitjoe.xyz/$CGIT_REPO_URL @@ -50,8 +50,6 @@ source-filter=/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh snapshots=tar.gz tar.bz tar.xz max-stats=year -#root-readme=/usr/local/www/cgit/about.htm -#root-readme=/usr/home/git/repos/about readme=:README.md readme=:readme.md @@ -82,4 +80,4 @@ readme=:install.txt readme=:INSTALL readme=:install -scan-path=/usr/local/git +#scan-path=/usr/local/git diff --git a/usr/local/etc/gmid.conf b/usr/local/etc/gmid.conf new file mode 100644 index 0000000..cf7b293 --- /dev/null +++ b/usr/local/etc/gmid.conf @@ -0,0 +1,24 @@ +# drop privileges +user "_gmid" + +# it's a good idea to enable chroot, but +# beware that can make CGI scripting harder +#chroot "/var/gemini" + +# An example of a server block: +server "jozanofastora.xyz" { + # set the directory to serve; it's relative to the + # chroot (if enabled) + root "/usr/local/gemini" + + # Set self-signed TLS cert and key. It's better to keep + # the keys outside the chroot. + # + # You should generate them manually, for example: + # openssl req -x509 -newkey rsa:4096 -nodes \ + # -out /usr/local/etc/ssl/gmid/localhost.crt \ + # -keyout /usr/local/etc/ssl/gmid/localhost.key \ + # -subj "/CN=localhost" + cert "/usr/local/etc/letsencrypt/live/jozanofastora.xyz/cert.pem" + key "/usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem" +} diff --git a/usr/local/etc/nginx/nginx.conf b/usr/local/etc/nginx/nginx.conf index cb034ba..acc23ac 100644 --- a/usr/local/etc/nginx/nginx.conf +++ b/usr/local/etc/nginx/nginx.conf @@ -26,7 +26,7 @@ http { } server{ - server_name jozanofastora.xyz www.jozanofastora.xyz; + server_name jozanofastora.xyz; root /usr/local/www/jozan; index index.html; expires $expires; @@ -50,58 +50,14 @@ http { root /usr/local/www/nginx-dist; } - - listen 443 ssl; # managed by Certbot - ssl_certificate /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/privkey.pem; # managed by Certbot - include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - - -} - - server{ - server_name gitjoe.xyz www.gitjoe.xyz git.jozanofastora.xyz; - expires $expires; - root /usr/local/www/gitjoe; - index index.html; - - location / { - try_files $uri $uri/ =404; - } - location ~ /\.ht { - deny all; - } - error_page 403 /403.html; - location = /403.html { - root /usr/local/www/gitjoe/err; - } - error_page 404 /404.html; - location = /404.html { - root /usr/local/www/gitjoe/err; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/local/www/nginx-dist; - } - - - listen 443 ssl; # managed by Certbot - ssl_certificate /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/privkey.pem; # managed by Certbot - include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - - - - + listen 443 ssl; + ssl_certificate /usr/local/etc/letsencrypt/live/jozanofastora.xyz/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem; } server { - server_name repos.gitjoe.xyz; - root /usr/local/www/cgit; + server_name gitjoe.xyz; + root /usr/local/www/gitjoe; try_files $uri @cgit; index cgit.cgi; @@ -115,7 +71,6 @@ http { fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; gzip off; - #rewrite ^ https://$server_name$request_uri permanent; rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break; } error_page 500 502 503 504 /50x.html; @@ -123,13 +78,9 @@ http { root /usr/local/www/nginx-dist; } - - listen 443 ssl; # managed by Certbot - ssl_certificate /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/privkey.pem; # managed by Certbot - include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - + listen 443 ssl; + ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem; } server { @@ -159,80 +110,59 @@ http { scgi_pass 127.0.0.1:12345; } - - listen 443 ssl; # managed by Certbot - ssl_certificate /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /usr/local/etc/letsencrypt/live/git.jozanofastora.xyz/privkey.pem; # managed by Certbot - include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Ce/srvrtbot - ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Cert/srvbot - - -} - - - -server { - if ($host = repos.gitjoe.xyz) { - return 301 https://$host/?p=about; - } # managed by Certbot - - - listen 80; - server_name repos.gitjoe.xyz; - return 404; # managed by Certbot - - + listen 443 ssl; + ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem; } server{ - if ($host = git.jozanofastora.xyz) { - return 301 https://gitjoe.xyz$request_uri; - } # managed by Certbot - - if ($host = www.gitjoe.xyz) { - return 301 https://gitjoe.xyz$request_uri; - } # managed by Certbot - if ($host = gitjoe.xyz) { - return 301 https://$host$request_uri; - } # managed by Certbot + return 301 https://$host?p=about; + } - server_name gitjoe.xyz www.gitjoe.xyz git.jozanofastora.xyz; + server_name gitjoe.xyz; listen 80; - return 404; # managed by Certbot - - - - + return 404; } server{ - if ($host = www.jozanofastora.xyz) { - return 301 https://jozanofastora.xyz$request_uri; - } # managed by Certbot - if ($host = jozanofastora.xyz) { return 301 https://$host$request_uri; - } # managed by Certbot - + } - server_name jozanofastora.xyz www.jozanofastora.xyz; + server_name jozanofastora.xyz; listen 80; - return 404; # managed by Certbot - - + return 404; } server { if ($host = fossil.jozanofastora.xyz) { return 301 https://$host$request_uri; - } # managed by Certbot - + } server_name fossil.jozanofastora.xyz; listen 80; - return 404; # managed by Certbot + return 404; +} + +server { + server_name www.jozanofastora.xyz; + listen 80; + listen 443 ssl; + rewrite ^/(.*) http://jozanofastora.xyz/$1 permanent; + ssl_certificate /usr/local/etc/letsencrypt/live/jozanofastora.xyz/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem; + return 404; +} +server { + server_name www.gitjoe.xyz git.jozanofastora.xyz; + listen 80; + listen 443 ssl; + rewrite ^/(.*) http://gitjoe.xyz/?p=about permanent; + ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem; + return 404; } } -- cgit v1.2.3