/samples/nginx.conf (1955e0932d970de56779985628919de5bd2f7951) (4074 bytes) (mode 100644) (type blob)
upstream rgfs {
server 127.0.0.1:65300;
}
server {
listen 443 ssl http2 backlog=128 rcvbuf=64k sndbuf=64k;
listen [::]:443 ssl http2 backlog=128 rcvbuf=64k sndbuf=64k;
listen 80 backlog=128 rcvbuf=16k sndbuf=16k;
listen [::]:80 backlog=128 rcvbuf=16k sndbuf=16k;
server_name rg.domain.tld; # add here, space separated, more names
server_tokens off;
root /usr/share/rocketgit/root;
tcp_nopush on;
sendfile on;
# TODO - is ok in this context? You can put 0 for no limit.
client_max_body_size 1000m;
# more than that is written into a file first
client_body_buffer_size 128k;
# timeouts
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
# Security (ClickJacking)
add_header X-Frame-Options DENY;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options nosniff;
# XSS protection
add_header X-XSS-Protection "1; mode=block";
# Security (STS)
add_header Strict-Transport-Security "max-age=31536000";
access_log /var/log/nginx/rg-access.log;
error_log /var/log/nginx/rg-error.log;
if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) { return 444; }
# Force the use of only one name even if we have more aliases.
# Before un-commenting it, change SERVERNAME and PORT to real values
#if ($host != SERVERNAME) {
# rewrite ^/?(.*)$ $scheme://SERVERNAME[:$server_port]/$1 permanent;
#}
location ~ ^/(favicon\.ico|themes/.*|robots\.txt|\.well-known/.*)$ {
expires 1d;
gzip on;
gzip_comp_level 9;
gzip_types text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json image/svg+xml;
}
location /rgfs {
proxy_pass http://rgfs;
proxy_http_version 1.1;
proxy_set_header X-Original-IP $remote_addr/$remote_port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600;
proxy_buffering off;
}
location / {
gzip on;
gzip_comp_level 5;
gzip_types text/plain text/xml application/json image/svg+xml text/css text/javascript application/javascript application/x-javascript;
# To be able to know that the client closed the connection
# TODO: equivalent for apache?
fastcgi_ignore_client_abort on;
# To allow streaming of the response data to client
fastcgi_buffering off;
# TODO
fastcgi_keep_conn on;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/index.php$fastcgi_script_name;
fastcgi_param WEB_ssl_session_id $ssl_session_id;
fastcgi_pass unix:/run/rocketgit.sock;
}
ssl_protocols TLSv1.2 TLSv1.3;
# RedHat like:
ssl_certificate /etc/pki/tls/certs/localhost.crt;
ssl_certificate_key /etc/pki/tls/private/localhost.key;
# Debian like:
#ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
#ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
# Specify the cyphers to get an A+ on Qualys (ssllabs.com); recommended
# https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm
# Generated by: https://ssl-config.mozilla.org
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:60m;
ssl_session_timeout 1d;
ssl_session_tickets off;
#ssl_stapling on;
#ssl_trusted_certificate /etc/letsencrypt/live/r1.embedromix.ro/chain.pem;
#ssl_stapling_verify on;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
# To generate pin-sha256 string: openssl s_client -servername <server> -connect <server>:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# add_header Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains; report-uri=\"https://www.example.org/hpkp-report\""
# add_header Public-Key-Pins-Report-Only ... # to not block users!
}
Mode |
Type |
Size |
Ref |
File |
100644 |
blob |
9 |
f3c7a7c5da68804a1bdf391127ba34aed33c3cca |
.exclude |
100644 |
blob |
108 |
acc2186b1d357966e09df32afcea14933f5f0c78 |
.gitignore |
100644 |
blob |
375 |
1f425bcd2049c526744d449511094fc045ceac74 |
AUTHORS |
100644 |
blob |
1847 |
fd1f7a627adc85dec9ebd72ae9e6b4c941b82f8f |
History.txt |
100644 |
blob |
34520 |
dba13ed2ddf783ee8118c6a581dbf75305f816a3 |
LICENSE |
100644 |
blob |
3624 |
1c4ccf9cceb2e56ae71334442aff3183b242c333 |
Makefile.in |
100644 |
blob |
5325 |
96c40d868ce10b715299085ccffb30f96a730cf3 |
README |
100644 |
blob |
190331 |
0418946bd5fc97da80f0bbd2e918c657536c01e6 |
TODO |
100644 |
blob |
1294 |
f22911eb777f0695fcf81ad686eac133eb11fcc4 |
TODO-plans |
100644 |
blob |
203 |
a2863c67c3da44126b61a15a6f09738c25e0fbe0 |
TODO.perf |
100644 |
blob |
967 |
56bbaa7c937381fb10a2907b6bbe056ef8cc824a |
TODO.vm |
040000 |
tree |
- |
21928e906ad2907a55c2e81c2a8b0502b586b8a0 |
artwork |
100644 |
blob |
5328 |
d5be4cc3f15d059ad8d267d800c602e9774816a8 |
compare.csv |
100755 |
blob |
30 |
92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 |
configure |
040000 |
tree |
- |
811af39b8be55c3a36147dd06b040e86de4e9d4a |
debian |
040000 |
tree |
- |
7108e9538d908ff384482155efcaef836a057a2c |
docker |
040000 |
tree |
- |
f67d3605efbd6422a8acdd953578991139266391 |
docs |
100755 |
blob |
18252 |
e2438615edba7066a730ed6a796a5302263f1f37 |
duilder |
100644 |
blob |
536 |
b791516f9ec08c038e61269e0c5f38446a61e59b |
duilder.conf |
040000 |
tree |
- |
e330b65f3c3eea427853842a05410579de6175bd |
hooks |
040000 |
tree |
- |
e6ef0396dd7f12664ea681377807bdedf09ad13f |
inc |
040000 |
tree |
- |
e255ce234c3993998edc12bc7e93fff555376eda |
misc |
100644 |
blob |
6012 |
7cf5090db19ef7b7a1a4d962f2588464ff4f1c1f |
rocketgit.spec |
040000 |
tree |
- |
85421cbfb018ff4b0eebb1741e2dcfcc72f81ada |
root |
040000 |
tree |
- |
870e96f0afc7d85c97505a878609d386f81748d8 |
samples |
040000 |
tree |
- |
589b9039f8bbb597747e4e78cdfc26be35ead352 |
scripts |
040000 |
tree |
- |
454044f7e286fe13ec18598fce6b613190f52e5e |
selinux |
100755 |
blob |
256 |
462ccd108c431f54e380cdac2329129875a318b5 |
spell_check.sh |
040000 |
tree |
- |
d9260d3cf0d6490be720312893600a8041bf991b |
techdocs |
040000 |
tree |
- |
5dbc11970335b2e208d92e525d2b6ef49dcce3c3 |
tests |
040000 |
tree |
- |
e810d7397575886ef495708d571eb3675f6928ba |
tools |
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a
merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main