aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/cgit/cgit.conf
blob: 82a9877bd1c251ee418e68a1bf4f6e70b410dce5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl", "mod_setenv" )

$SERVER["socket"] == ":443" {
    ssl.engine                    = "enable"
    ssl.pemfile                   = "/etc/certs/fullchain1.pem"
    ssl.privkey                   = "/etc/certs/privkey1.pem"

    setenv.add-response-header = (
	"Strict-Transport-Security"=>"max-age=63072000; includeSubdomains", 
	"X-Frame-Options"=>"DENY",
	"X-XSS-Protection"=>"1; mode=block",
	"X-Content-Type-Options" => "nosniff",
	"Content-Security-Policy" => "script-src 'self'; object-src 'self'",
	"X-Permitted-Cross-Domain-Policies" => "none",
	"Referrer-Policy" => "no-referrer")

    server.name          = "git.terminaldweller.com"
    server.document-root = "/usr/share/webapps/cgit/"

    index-file.names     = ( "cgit.cgi" )
    cgi.assign           = ( "cgit.cgi" => "" )
    mimetype.assign      = ( ".css" => "text/css" )
    url.rewrite-once     = (
        "^/cgit/cgit.css"   => "/cgit.css",
        "^/cgit/cgit.png"   => "/cgit.png",
        "^/([^?/]+/[^?]*)?(?:\?(.*))?$"   => "/cgit.cgi?url=$1&$2",
    )
}