server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl", "mod_setenv" ) $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/certs/fullchain1.pem" ssl.privkey = "/etc/certs/privkey1.pem" setenv.add-response-header = ( "Strict-Transport-Security"=>"max-age=63072000; includeSubdomains", "X-Frame-Options"=>"DENY", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options" => "nosniff", "Content-Security-Policy" => "script-src 'self'; object-src 'self'", "X-Permitted-Cross-Domain-Policies" => "none", "Referrer-Policy" => "no-referrer") server.name = "git.terminaldweller.com" server.document-root = "/usr/share/webapps/cgit/" index-file.names = ( "cgit.cgi" ) cgi.assign = ( "cgit.cgi" => "" ) mimetype.assign = ( ".css" => "text/css" ) url.rewrite-once = ( "^/cgit/cgit.css" => "/cgit.css", "^/cgit/cgit.png" => "/cgit.png", "^/([^?/]+/[^?]*)?(?:\?(.*))?$" => "/cgit.cgi?url=$1&$2", ) }