catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)
Main RocketGit repo
Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 v0.71 v0.72 v0.73 v0.77 v0.78 v0.79 v0.80 group1/branch1 group2/subgroup1/branch2 main master release

/samples/nginx.conf (8c7fefc309c939feea04e974eec3e1b3791e2c54) (4185 bytes) (mode 100644) (type blob)

#upstream rg-php-fpm {
#        server unix:/run/php-fpm/rocketgit.sock;
#}

# HTTP server
server {
	listen 80 backlog=128 rcvbuf=64k;
	listen [::]:80 backlog=128 rcvbuf=64k;
	server_name rg.domain.tld; # add here, space separated, more names
	server_tokens off;
	root /usr/share/rocketgit/root;

	# TODO - is ok in this context?
	client_max_body_size 1000m;
	# more than that is written into a file first
	client_body_buffer_size 128k;

	# timeouts
	client_body_timeout 10;
	client_header_timeout 10;
	keepalive_timeout 10;
	send_timeout 10;

	# Security (ClickJacking)
        add_header X-Frame-Options DENY;

	access_log /var/log/nginx/rg-access.log;
	error_log /var/log/nginx/rg-error.log;

	if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) { return 444; }

	# Force the use of only one name even if we have more aliases.
	# Before un-commenting it, change SERVERNAME and PORT to real values
	#if ($host != SERVERNAME) {
	#	rewrite  ^/?(.*)$  http://SERVERNAME:PORT/$1  permanent;
	#}

	location ~ ^/(favicon\.ico|themes/.*|robots\.txt|\.well-known/.*)$ {
		expires 1d;
	}

	location / {
		gzip off;

		# To be able to know that the client closed the connection
		# TODO: equivalent for apache?
		fastcgi_ignore_client_abort off;

		# To allow streaming of the response data to client
		fastcgi_buffering off;

		# TODO
		fastcgi_keep_conn	on;

		include /etc/nginx/fastcgi_params;
		fastcgi_param SCRIPT_FILENAME	$document_root/index.php$fastcgi_script_name;

		fastcgi_pass unix:/run/php-fpm/rocketgit.sock;
	}
}

# HTTPS server
server {
	listen 443 ssl http2 backlog=128 rcvbuf=64k;
	listen [::]:443 ssl http2 backlog=128 rcvbuf=64k;
	server_name rg.domain.tld; # add here, space separated, more names
	server_tokens off;
	root /usr/share/rocketgit/root;

	# TODO - is ok in this context?
	client_max_body_size 1000m;
	# more than that is written into a file first
	client_body_buffer_size 128k;

	# timeouts
	client_body_timeout 10;
	client_header_timeout 10;
	keepalive_timeout 10;
	send_timeout 10;

	# Security (ClickJacking)
        add_header X-Frame-Options DENY;
	add_header Strict-Transport-Security "max-age=31536000";

	access_log /var/log/nginx/rg-ssl-access.log;
	error_log /var/log/nginx/rg-ssl-error.log;

	if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) { return 444; }

	# Force the use of only one name even if we have more aliases.
	# Before un-commenting it, change SERVERNAME and PORT to real values
	#if ($host != SERVERNAME) {
	#	rewrite  ^/?(.*)$  http://SERVERNAME:PORT/$1  permanent;
	#}

	location ~ ^/(favicon\.ico|themes/.*|robots\.txt|\.well-known/.*)$ {
		expires 1d;
	}

	location / {
		gzip off;

		# To be able to know that the client closed the connection
		# TODO: equivalent for apache?
		fastcgi_ignore_client_abort off;

		# To allow streaming of the response data to client
		fastcgi_buffering off;

		# TODO
		fastcgi_keep_conn	on;

		include /etc/nginx/fastcgi_params;
		fastcgi_param SCRIPT_FILENAME	$document_root/index.php$fastcgi_script_name;

		fastcgi_pass unix:/run/php-fpm/rocketgit.sock;
	}

	ssl_certificate /etc/pki/tls/certs/localhost.crt;
	ssl_certificate_key /etc/pki/tls/private/localhost.key;
	ssl_prefer_server_ciphers on;
	# Specify the cyphers to get an A+ on Qualys (ssllabs.com); recommended
	# https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm
	ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
	ssl_protocols TLSv1.2;
	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 5m;

	# https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
	# To generate pin-sha256 string: openssl s_client -servername <server> -connect <server>:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
	# add_header Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains; report-uri=\"https://www.example.org/hpkp-report\""
	# add_header Public-Key-Pins-Report-Only ... # to not block users!

}

Mode Type Size Ref File
100644 blob 9 f3c7a7c5da68804a1bdf391127ba34aed33c3cca .exclude
100644 blob 102 eaeb7d777062c60a55cdd4b5734902cdf6e1790c .gitignore
100644 blob 289 fabbff669e768c05d6cfab4d9aeb651bf623e174 AUTHORS
100644 blob 1132 dd65951315f3de6d52d52a82fca59889d1d95187 Certs.txt
100644 blob 549 41c3bdbba8ec2523fe24b84bdd46777fc13e8345 History.txt
100644 blob 34520 dba13ed2ddf783ee8118c6a581dbf75305f816a3 LICENSE
100644 blob 3398 cf75b360b8a3e6ef86bc4a42648e353bd58c2a80 Makefile.in
100644 blob 5774 4a18249bf06d04d1e27d97623f12a7a2d51f83c0 README
100644 blob 118763 259c7b1871cb204da34bc36f9b635efb208c8a40 TODO
100644 blob 1294 f22911eb777f0695fcf81ad686eac133eb11fcc4 TODO-plans
100644 blob 203 a2863c67c3da44126b61a15a6f09738c25e0fbe0 TODO.perf
100644 blob 1044 9bb3652b3937eb624dba0f2d8efff7ce6c0ce0e2 TODO.vm
040000 tree - 21928e906ad2907a55c2e81c2a8b0502b586b8a0 artwork
100644 blob 4650 548f8c18609fa92b720aebfa5433f50a2c4ced78 compare.csv
100755 blob 30 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 configure
040000 tree - 1624fa67631f0dd10772e19016ffcd9af8e44773 debian
040000 tree - 3c08a24a998b6e80be5f4af4ac3599ab6acacba3 docker
040000 tree - f67d3605efbd6422a8acdd953578991139266391 docs
100755 blob 16719 464375221f1db42f123db3ca7eeb14ad5659b196 duilder
100644 blob 536 a19f569b20992ce32c943ec937f846e5f6275ebb duilder.conf
040000 tree - c503cf29ce2337a771fdfdbf4225b35d8e81ab98 hooks
040000 tree - 7d7eded090374232f580fbcb004e5c0ddbe1097b inc
040000 tree - ab5cc695f620de9abecc84af49866a45612067c6 misc
100644 blob 3742 dd0d01262f0ec9a6ac67aa549300631f6f3896b8 rocketgit.spec.in
040000 tree - b40f50e29ed4ce18e4cfc84fc25bcf086d5b7ec8 root
040000 tree - edfd5fcdabcb2a987269d8167dfe8d02eebe3e19 samples
040000 tree - dadefbcdcd82cedbce7279cf8003cbc1da8112e0 scripts
040000 tree - 00c52dce99b99f5f59800512ffd8e145d5ffe2c9 selinux
100755 blob 256 462ccd108c431f54e380cdac2329129875a318b5 spell_check.sh
040000 tree - cb54e074b3ca35943edfcda9dd9cfcd281bcd9e7 techdocs
040000 tree - 984d80c5dbd69030f7b3ac4081d83dd9ce780e72 tests
040000 tree - 63f68e921ac8d6a62ea9c3d180e072c7c4725b7d tools
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main