RocketGit

catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)

Main RocketGit repo

Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit

/samples/rg.conf (0623eb4c576f85d67efe3266303035d60e2dd152) (4357 bytes) (mode 100644) (type blob)

# This is the apache configuration file for RocketGit

<Directory "/usr/share/rocketgit/root">
	AllowOverride None
	Order allow,deny
	Allow from all

	<IfModule mod_authz_core.c>
	# apache 2.4
	Require all granted
	</IfModule>

	# Cache at will
	<FilesMatch "(?i)^.*\.(ico|jpg|jpeg|png|gif|js|css)$">
		FileETag MTime Size
	</FilesMatch>

	<IfModule mod_expires.c>
		ExpiresActive On
		ExpiresByType image/vnd.microsoft.icon "access plus 7 days"
		ExpiresByType image/png "access plus 1 day"
		ExpiresByType text/css "access plus 1 day"
		ExpiresByType text/javascript "access plus 1 day"
		ExpiresByType application/javascript "access plus 1 day"
		ExpiresByType application/x-javascript "access plus 1 day"
	</IfModule>
</Directory>

<VirtualHost *:80>
	ServerName rg.domain.tld
	ServerAlias rg
	DocumentRoot /usr/share/rocketgit/root/
	ErrorLog logs/rocketgit-error_log
	CustomLog logs/rocketgit-access_log common

	KeepAlive On
	MaxKeepAliveRequests 1000
	KeepAliveTimeout 10
	TraceEnable off

	RewriteEngine On

	# If you do not want HTTPS, comment the following lines and the HTTPS
	# virtual host, below.
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [redirect=301,last,qsappend]

	# Allow .ico, 'themes' folder and robots.txt
	# Also, avoid scripts that are looking for exploits
	RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes/.*|robots\.txt|\.well-known/.*)$
	RewriteRule .* - [last]

	# all rest
	RewriteRule (.*) /index.php [last]


	<IfModule mod_headers.c>
	# Security (ClickJacking)
	Header always append X-Frame-Options DENY
	</IfModule>

	# Compress
	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
	DeflateBufferSize 81920

	<FilesMatch "\.php$">
		SetHandler "proxy:unix:/run/php-fpm/rocketgit.sock|fcgi://localhost"
	</FilesMatch>
</VirtualHost>

<VirtualHost *:443>
	#LogLevel debug #rewrite:trace8
	# Set ServerName correctly, else, this VirtualHost will not match
	#ServerName rg.domain.tld
	ServerAlias rg
	DocumentRoot /usr/share/rocketgit/root/
	ErrorLog logs/rocketgit-ssl_error_log
	CustomLog logs/rocketgit-ssl_request_log \
		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	TransferLog logs/rocketgit-ssl_access_log

	KeepAlive On
	MaxKeepAliveRequests 1000
	KeepAliveTimeout 10
	TraceEnable off

	RewriteEngine On

	# Allow .ico, 'themes' folder and robots.txt
	RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes/.*|robots\.txt)$
	RewriteRule .* - [last]

	# all rest
	RewriteRule (.*) /index.php [last]


	<IfModule mod_headers.c>
	# Security (ClickJacking)
	Header always append X-Frame-Options DENY
	# Add this for SSL
	Header set Strict-Transport-Security "max-age=31536000"
	</IfModule>

	LogLevel warn
	SSLEngine on
	SSLProtocol all -SSLv2 -SSLv3
	# Specify the cyphers to get an A+ on Qualys (ssllabs.com); recommended
	# https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm
	SSLHonorCipherOrder on
	SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
	# or, respect the system settings:
	# Pay attention on next line! It fails on RedHat6!
	#SSLCipherSuite PROFILE=SYSTEM

	# https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
	# To generate pin-sha256 string: openssl s_client -servername <server> -connect <server>:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
	# Header always set Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains; report-uri=\"https://www.example.org/hpkp-report\""
	# Header always set Public-Key-Pins-Report-Only ... # to not block users!

	SSLCertificateFile /etc/pki/tls/certs/localhost.crt
	SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

	<Files ~ "\.(cgi|shtml|phtml|php3?)$">
		SSLOptions +StdEnvVars
	</Files>

	# Compress
	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
	DeflateBufferSize 81920

	<FilesMatch "\.php$">
		SetHandler "proxy:unix:/run/php-fpm/rocketgit.sock|fcgi://localhost"
	</FilesMatch>
</VirtualHost>

Mode	Type	Size	Ref	File
100644	blob	9	f3c7a7c5da68804a1bdf391127ba34aed33c3cca	.exclude
100644	blob	102	eaeb7d777062c60a55cdd4b5734902cdf6e1790c	.gitignore
100644	blob	289	fabbff669e768c05d6cfab4d9aeb651bf623e174	AUTHORS
100644	blob	1132	dd65951315f3de6d52d52a82fca59889d1d95187	Certs.txt
100644	blob	549	41c3bdbba8ec2523fe24b84bdd46777fc13e8345	History.txt
100644	blob	34520	dba13ed2ddf783ee8118c6a581dbf75305f816a3	LICENSE
100644	blob	2634	88df0ac2d9bc9ab4bee9e6bef443e22731003efb	Makefile.in
100644	blob	4875	351369ca6f3895965cd98b847161c696d2052146	README
100644	blob	111453	c0379756fcc845f529cf0092e0078cc233b07f17	TODO
100644	blob	1294	f22911eb777f0695fcf81ad686eac133eb11fcc4	TODO-plans
100644	blob	203	a2863c67c3da44126b61a15a6f09738c25e0fbe0	TODO.perf
100644	blob	994	76399724a83bdbf5a2b3b03d3d66e6de8598b9cd	TODO.vm
040000	tree	-	21928e906ad2907a55c2e81c2a8b0502b586b8a0	artwork
100644	blob	4207	693a5395a40ac2505dcfe58b9a97cb459b85484f	compare.csv
100755	blob	30	92c4bc48245c00408cd7e1fd89bc1a03058f4ce4	configure
040000	tree	-	69114e8648f8e0e7173c76e30ca6bbfcece7df31	debian
040000	tree	-	a51a4ec84e294b8ba587fda746da7afbf7a60d38	docker
040000	tree	-	f67d3605efbd6422a8acdd953578991139266391	docs
100755	blob	16711	924262b2f8dbf3bbe02358e7f404175732e970d1	duilder
100644	blob	536	6dd937d60b0cff1377343673736d2dfe312cfcf6	duilder.conf
040000	tree	-	c503cf29ce2337a771fdfdbf4225b35d8e81ab98	hooks
040000	tree	-	c48b27c24b6cf5e6e9c270fcf6d1a5e1e9e44549	inc
040000	tree	-	ab5cc695f620de9abecc84af49866a45612067c6	misc
100644	blob	3900	5815fe0a43dc0b8bd3201ed90428969a48d71c90	rocketgit.spec.in
040000	tree	-	e33503c52791f95812dcb27a66c0247072b28065	root
040000	tree	-	5538a78481916285ac8c17d65831db124b5f48e2	samples
040000	tree	-	e14e2aa27881e9b30e1c2272f947a82da7794932	scripts
040000	tree	-	00c52dce99b99f5f59800512ffd8e145d5ffe2c9	selinux
100755	blob	256	462ccd108c431f54e380cdac2329129875a318b5	spell_check.sh
040000	tree	-	cb54e074b3ca35943edfcda9dd9cfcd281bcd9e7	techdocs
040000	tree	-	6cad9bb599c14d9c1a353128df1d8ee78d5f4b74	tests
040000	tree	-	63f68e921ac8d6a62ea9c3d180e072c7c4725b7d	tools

Hints:
Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:

git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:

... clone the repository ...
... make some changes and some commits ...
git push origin main