From: Shane Jaroch Date: Thu, 15 Jan 2026 17:44:30 +0000 (-0500) Subject: checkpoint X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=ef948188b986cfa87b9ede679cf554b326a14830;p=nutratech%2Fvps-root.git checkpoint --- diff --git a/Makefile b/Makefile index 21f4f36..c5d341b 100644 --- a/Makefile +++ b/Makefile @@ -43,24 +43,26 @@ VPS := $(VPS_USER)@$(VPS_HOST) .PHONY: stage/nginx stage/nginx: ##H @Remote Stage files on the remote VPS @echo "Staging files on $(VPS_HOST)..." - ssh $(VPS) 'rm -rf ~/.nginx-staging && mkdir -p ~/.nginx-staging' - scp -q -r etc/nginx/conf.d/*.conf $(VPS):~/.nginx-staging/ - scp -q scripts/deploy.sh $(VPS):~/.nginx-staging/ + ssh $(VPS) 'rm -rf ~/.nginx-staging && mkdir -p ~/.nginx-staging/etc/nginx/conf.d ~/.nginx-staging/scripts/gitweb-simplefrontend' + scp -q -r etc/nginx/conf.d/*.conf $(VPS):~/.nginx-staging/etc/nginx/conf.d/ + scp -q etc/gitweb.conf $(VPS):~/.nginx-staging/etc/gitweb.conf + scp -q -r scripts/gitweb-simplefrontend/* $(VPS):~/.nginx-staging/scripts/gitweb-simplefrontend/ + scp -q scripts/deploy.sh $(VPS):~/.nginx-staging/scripts/deploy.sh .PHONY: diff/nginx diff/nginx: ##H @Remote Show diff between local and remote @echo "Checking diff against $(VPS_HOST)..." - ssh -t $(VPS) "bash ~/.nginx-staging/deploy.sh diff" + ssh -t $(VPS) "bash ~/.nginx-staging/scripts/deploy.sh diff" .PHONY: deploy/nginx deploy/nginx: ##H @Remote Deploy staged files to remote @echo "Deploying checked-in nginx config to $(VPS_HOST)..." - ssh -t $(VPS) "bash ~/.nginx-staging/deploy.sh" + ssh -t $(VPS) "bash ~/.nginx-staging/scripts/deploy.sh" .PHONY: test/nginx test/nginx: ##H @Remote Test staged configuration without deploying @echo "Testing staged config on $(VPS_HOST)..." - ssh -t $(VPS) "bash ~/.nginx-staging/deploy.sh test" + ssh -t $(VPS) "bash ~/.nginx-staging/scripts/deploy.sh test" .PHONY: certbot/nginx certbot/nginx: ##H @Remote Run certbot on remote VPS diff --git a/etc/gitweb.conf b/etc/gitweb.conf index 7e7300b..c85dd93 100644 --- a/etc/gitweb.conf +++ b/etc/gitweb.conf @@ -1,39 +1,39 @@ # path to git projects (.git) -$projectroot = "/srv/git"; # [CUSTOM: VPS git root] - -$base_url = "https://git.nutra.tk"; #[CUSTOM : Base URL for links, to force HTTPS] - -# directory to use for temp files -$git_temp = "/tmp"; # [CUSTOM] - -# target of the home link on top of all pages -$home_link = $my_uri || "/"; # [CUSTOM: Link to root] - -# Label for the "home link" -$home_link_str = "Wombat Git"; # [CUSTOM] - -# Site Name -$site_name = "Nutra Git"; # [CUSTOM] - -# html text to include at home page -$home_text = "indextext.html"; # [CUSTOM] - -# file with project list; by default, simply scan the projectroot dir. -#$projects_list = $projectroot; - -# stylesheet to use -@stylesheets = ("/theme/gitweb.css", "/assets/custom.css"); # [CUSTOM: Modern Theme + Logo Fixes] - -# javascript code for gitweb -$javascript = "static/gitweb.js"; # [CUSTOM] - -# logo to use -$logo = "/assets/git-favicon.png"; # [CUSTOM] - -# the 'favicon' -$favicon = "/assets/git-favicon.png"; # [CUSTOM] - -# git-diff-tree(1) options to use for generated patches -#@diff_opts = ("-M"); - +$projectroot = "/srv/git"; + +# Detect version from environment variable (set by Nginx) +my $version = $ENV{'GITWEB_VERSION'} || 'v1'; + +# Base URL depends on version +$base_url = "https://git.nutra.tk/$version"; +$home_link = $my_uri || "/$version"; +$git_temp = "/tmp"; + +# --- Default v1 settings (Standard) --- +$site_name = "Nutra Git (v1)"; +@stylesheets = ("/v1/static/gitweb.css"); +$javascript = "/v1/static/gitweb.js"; +$logo = "/v1/static/git-logo.png"; +$favicon = "/v1/static/git-favicon.png"; @diff_opts = ("-M", "-C"); + +# --- Overrides for v2 (Themed) --- +if ($version eq 'v2') { + $site_name = "Nutra Git (v2)"; + $home_text = "indextext.html"; + @stylesheets = ("/v2/theme/gitweb.css"); + $javascript = "/v2/static/gitweb.js"; + $logo = "/v2/assets/git-favicon.png"; + $favicon = "/v2/assets/git-favicon.png"; +} + +# --- Overrides for v3 (Full Custom) --- +if ($version eq 'v3') { + $site_name = "Nutra Git"; + $home_link_str = "Wombat Git"; + $home_text = "indextext.html"; + @stylesheets = ("/v3/theme/gitweb.css", "/v3/assets/custom.css"); + $javascript = "/v3/static/gitweb.js"; + $logo = "/v3/assets/git-favicon.png"; + $favicon = "/v3/assets/git-favicon.png"; +} diff --git a/etc/nginx/conf.d/git-http.conf b/etc/nginx/conf.d/git-http.conf index 4696b79..a81fa14 100644 --- a/etc/nginx/conf.d/git-http.conf +++ b/etc/nginx/conf.d/git-http.conf @@ -1,92 +1,142 @@ server { server_name git.nutra.tk; - # Gitweb UI at root - location / { - root /usr/share/gitweb; - index index.cgi gitweb.cgi; - - location ~ \.css$ { - add_header Content-Type text/css; - } - location ~ \.js$ { - add_header Content-Type application/javascript; - } - location ~ \.png$ { - add_header Content-Type image/png; - } - - # If static file doesn't exist, pass to CGI - try_files $uri @gitweb; + # Listening Ports + listen 443 quic; + listen [::]:443 quic; + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + http3 on; + + # SSL Configuration + ssl_certificate /etc/letsencrypt/live/earthyenergy.mooo.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/earthyenergy.mooo.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + # Headers + add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + # Common Git Root + set $git_root /srv/git; + + # ---------------------------------------------------------------------- + # Root Redirect -> v1 + # ---------------------------------------------------------------------- + location = / { + return 302 /v1; } - # Custom Assets (Favicon, Logo, etc.) - location /assets/ { - alias /srv/git/assets/; + # ---------------------------------------------------------------------- + # Version 1: Original Gitweb (Standard) + # ---------------------------------------------------------------------- + + # Static assets for standard gitweb + location ^~ /v1/static/ { + alias /usr/share/gitweb/static/; } - # Modern Theme Assets - location /theme/ { - alias /srv/git/theme/; + # Git Smart HTTP Backend (v1) + location ~ ^/v1/git(/.*)$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_PROJECT_ROOT $git_root; + fastcgi_param GIT_HTTP_EXPORT_ALL "1"; + fastcgi_param PATH_INFO $1; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_pass unix:/var/run/fcgiwrap.socket; } - location @gitweb { + # Gitweb UI (v1) + location ~ ^/v1(/.*)?$ { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; - fastcgi_param PATH_INFO $uri; + fastcgi_param PATH_INFO $1; fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param GITWEB_VERSION "v1"; fastcgi_pass unix:/var/run/fcgiwrap.socket; } - # Directory for Git repositories - set $git_root /srv/git; + # ---------------------------------------------------------------------- + # Version 2: Simple Frontend (Theme only) + # ---------------------------------------------------------------------- - # Serve Git repositories under /git/ (Smart HTTP) - location ~ ^/git/([^/]+\.git)(/.*)?$ { + # Custom Theme/Assets Aliases for v2 + location ^~ /v2/theme/ { + alias /srv/git/theme/; + } + location ^~ /v2/assets/ { + alias /srv/git/assets/; + } + location ^~ /v2/static/ { + alias /usr/share/gitweb/static/; + } + + # Git Smart HTTP Backend (v2) + location ~ ^/v2/git(/.*)$ { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; fastcgi_param GIT_PROJECT_ROOT $git_root; fastcgi_param GIT_HTTP_EXPORT_ALL "1"; - fastcgi_param PATH_INFO /$1$2; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param QUERY_STRING $query_string; - # Pass remote user for authentication (if we add auth later) + fastcgi_param PATH_INFO $1; fastcgi_param REMOTE_USER $remote_user; - - # Explicitly tell backend we are on HTTPS - fastcgi_param HTTPS on; - fastcgi_pass unix:/var/run/fcgiwrap.socket; } - listen 443 quic; - listen [::]:443 quic; - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - http3 on; + # Gitweb UI (v2) + location ~ ^/v2(/.*)?$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param PATH_INFO $1; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param GITWEB_VERSION "v2"; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } - server_name git.nutra.tk; + # ---------------------------------------------------------------------- + # Version 3: Current Implementation (Full Custom) + # ---------------------------------------------------------------------- - # Advertise HTTP/3 availability to browsers - add_header Alt-Svc 'h3=":443"; ma=86400' always; + # Custom Theme/Assets Aliases for v3 + location ^~ /v3/theme/ { + alias /srv/git/theme/; + } + location ^~ /v3/assets/ { + alias /srv/git/assets/; + } + location ^~ /v3/static/ { + alias /usr/share/gitweb/static/; + } - # HSTS - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + # Git Smart HTTP Backend (v3) + location ~ ^/v3/git(/.*)$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_PROJECT_ROOT $git_root; + fastcgi_param GIT_HTTP_EXPORT_ALL "1"; + fastcgi_param PATH_INFO $1; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } - ssl_certificate /etc/letsencrypt/live/earthyenergy.mooo.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/earthyenergy.mooo.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + # Gitweb UI (v3) + location ~ ^/v3(/.*)?$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param PATH_INFO $1; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param GITWEB_VERSION "v3"; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } } +# HTTP to HTTPS redirect server { - if ($host = git.nutra.tk) { - return 301 https://$host$request_uri; - } - listen 80; listen [::]:80; server_name git.nutra.tk; - return 404; + + return 301 https://$host$request_uri; }