13

server {

listen 80 ;
listen [::]:80 ;

server_name gitlist.patrikx3.com;

error_log /var/log/nginx/gitlist.patrikx3.com-error.log;
access_log /var/log/nginx/gitlist.patrikx3.com-access.log combined;
root /var/www/gitlist.patrikx3.com/public;
location ~ /.well-known {
    auth_basic off;
    auth_pam off;
    allow all;
    root /var/www/acme-challenge;
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

return 301 https://$host$request_uri;

}

server {

ssl on;
listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name gitlist.patrikx3.com;

error_log /var/log/nginx/gitlist.patrikx3.com-error.log;
access_log /var/log/nginx/gitlist.patrikx3.com-access.log combined;
root /var/www/gitlist.patrikx3.com/public;

ssl_certificate /root/acme/ssl/patrikx3.com/fullchain.cer;
ssl_certificate_key /root/acme/ssl/patrikx3.com/patrikx3.com.key;

# it uses the built in Linux security called PAM,
# but you could use a
# auth_basic on;
# auth_basic_user_file /etc/nginx/.htpasswd;

auth_pam "Restricted";
auth_pam_service_name "nginx";

limit_req zone=default_limit burst=1000;
limit_conn default_limit_conn 100;

location ~ /.well-known {
    auth_basic off;
    auth_pam off;
    allow all;
    root /var/www/acme-challenge;
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

set $x_frame_options_policy 'self';
add_header Strict-Transport-Security "max-age=31536000; " always;
add_header X-Frame-Options "ALLOW-FROM gitlist.patrikx3.com";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors $x_frame_options_policy";


index index.php;

location / {
    autoindex on;
    set $redirect_url $uri;
    try_files $uri $uri/ /index.php$is_args$query_string;
}

location = /index.php {
    include snippets/fastcgi-php.conf;
    fastcgi_param SCRIPT_FILENAME $request_filename;
    fastcgi_pass unix:/var/run/php/php7.3-fpm-git.sock;
}

# static repo files for cloning over https
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
    root /my/git/repos;
}

# requests that need to go to git-http-backend
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
    proxy_read_timeout 900;
    fastcgi_read_timeout 900;
    uwsgi_read_timeout 900;

    client_max_body_size 20G;
    root /my/git/repos;
    fastcgi_pass unix:/var/run/fcgiwrap-git.socket;
    fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
    fastcgi_param PATH_INFO $uri;
    fastcgi_param GIT_PROJECT_ROOT $document_root;
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    fastcgi_param REMOTE_USER $remote_user;
    include fastcgi_params;
}

}

p3x Spawn
onenoteredis-uiangular-compileramdiskgitlistfreenomopenwrt-insomniadocker-debian-testing-mongodb-stableopenwrt-redisaes-foldercorifeus-app-web-pagescorifeuscorifeus-web-materialgrunt-p3x-expresshtml-pdfredis-ui-servercorifeus-app-server-patrikx3corifeus-buildercorifeus-builder-angularcorifeus-servercorifeus-utilscorifeus-webfortune-cookieplay-ai-uiredis-ui-materialtoolssystemd-manager
  Bugs are evident™ - MATRIX
OK