From bc0884bea403ed61abb4149633a33071b44fd36f Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Fri, 17 Feb 2023 11:15:38 -0800
Subject: add cgit config

---
 .../bia/ansible/roles/cgit/templates/cgit.conf.j2  | 64 +++++++++++++++++++---
 1 file changed, 56 insertions(+), 8 deletions(-)

(limited to 'clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2')

diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
index 9504e29..ae5287d 100644
--- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
@@ -1,15 +1,59 @@
 server {
-    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
+    server_name  git.jinwei.me;
+
+    return 404;
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /usr/local/etc/letsencrypt/live/cgit.jinwei.me/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/cgit.jinwei.me/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+    if ($host = git.jinwei.me) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name  git.jinwei.me;
+    listen 80;
+    return 404; # managed by Certbot
+}
+
+server {
+    if ($host = cgit.jinwei.me) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name  cgit.jinwei.me;
+
+    listen 80;
+    return 404; # managed by Certbot
+}
+
+server {
+    server_name  cgit.jinwei.me;
     root /usr/local/www/cgit;
     try_files $uri @cgit;
 
     location @cgit {
-          include fastcgi_params;
-          fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
-          fastcgi_param PATH_INFO $uri;
-          fastcgi_param QUERY_STRING $args;
-          fastcgi_param HTTP_HOST $server_name;
-          fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
+        fastcgi_param PATH_INFO $uri;
+        fastcgi_param QUERY_STRING $args;
+        fastcgi_param HTTP_HOST $server_name;
+        fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+    }
+
+    location /assets {
+        root /var/www/cgit.jinwei.me;
+	    disable_symlinks off;
+    } 
+    
+    location /static {
+        alias /var/www/cgit.jinwei.me/static;
+        expires 24h;
+        try_files $uri =404;
     }
 
     error_page   500 502 503 504  /50x.html;
@@ -17,5 +61,9 @@ server {
         root   /usr/local/www/nginx-dist;
     }
 
-    listen 80;
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /usr/local/etc/letsencrypt/live/cgit.jinwei.me/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/cgit.jinwei.me/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 }
-- 
cgit v1.2.3