NGINX and linux
Jason A. Donenfeld
Jason at zx2c4.com
Tue Apr 3 22:35:29 CEST 2018
I run uwsgi+cgit on the actual cgit cgit repo. Here's the setup:
krantz ~ # cat /etc/nginx/sites/cgit.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.zx2c4.com;
access_log /var/log/nginx/cgit.access_log main;
error_log /var/log/nginx/cgit.error_log info;
ssl_certificate_key
/var/www/letsencrypt/certs/git.zx2c4.com/privkey.pem;
ssl_certificate /var/www/letsencrypt/certs/git.zx2c4.com/fullchain.pem;
include secure-headers.conf;
location /cgit.cgi {
internal;
include uwsgi_params;
uwsgi_modifier1 9;
uwsgi_pass unix:/var/run/uwsgi-apps/cgit.socket;
}
location ~
"^/[a-zA-Z0-9._-]+/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$"
{
include uwsgi_params;
uwsgi_modifier1 9;
uwsgi_pass unix:/var/run/uwsgi-apps/git-http-backend.socket;
}
location / {
root /var/www/uwsgi/cgit/cgi/;
try_files $uri /cgit.cgi?url=$uri&$args;
}
}
server {
listen 80;
listen [::]:80;
server_name git.zx2c4.com;
include letsencrypt.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
Running as a daemon: { /usr/bin/uwsgi --emperor /etc/uwsgi.d/
--daemonize /var/log/uwsgi.log --master --emperor-on-demand-directory
/var/run/uwsgi-apps --pidfile /var/run/uwsgi/uwsgi.pid }
krantz ~ # cat /etc/uwsgi.d/cgit.ini
[uwsgi]
chdir = /var/www/uwsgi/%n/cgi
master = true
uid = %n
gid = %n
logto = /var/log/uwsgi/%n.log
processes = 8
threads = 8
idle = 1800
die-on-idle = true
plugin = cgi
cgi = /var/www/uwsgi/%n/cgi/%n.cgi
listen = 256
cgroup = /sys/fs/cgroup/cgit
cgroup-opt = memory.limit_in_bytes=1073741824
prio = 10
krantz ~ # cat /etc/uwsgi.d/git-http-backend.ini
[uwsgi]
chdir = /mnt/git
master = true
uid = cgit
gid = cgit
logto = /var/log/uwsgi/%n.log
processes = 16
threads = 16
idle = 1800
die-on-idle = true
plugin = cgi
cgi = /usr/libexec/git-core/%n
listen = 256
prio = 10
env = GIT_PROJECT_ROOT=/mnt/git
env = HOME=/mnt/git
post-buffering = 8192
cgi-close-stdin-on-eof = true
krantz ~ # cat /var/www/uwsgi/cgit/source/cgit.conf
CGIT_SCRIPT_PATH = /var/www/uwsgi/cgit/cgi
CGIT_CONFIG = /var/www/uwsgi/cgit/cgitrc
CACHE_ROOT = /var/www/uwsgi/cgit/cache
prefix = /var/www/uwsgi/cgit
libdir = $(prefix)
filterdir = $(libdir)/filters
NM = gcc-nm
AR = gcc-ar
LD = gcc-ld
CFLAGS = -O3 -march=native -pipe -fomit-frame-pointer -fPIE
-fstack-protector-all -flto -fPIC
LDFLAGS = -Wl,-z,now -Wl,-z,relro -flto -fPIC
More information about the CGit
mailing list