sites-available/git.replicant.us.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

ServerName git.replicant.us

<VirtualHost *:80>
	ServerName git.replicant.us

	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteCond %{REMOTE_ADDR} !=127.0.0.1
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<IfModule mod_ssl.c>
	<VirtualHost *:443>
		ServerAdmin contact@replicant.us
		ServerName git.replicant.us

                DocumentRoot /var/www/git.replicant.us

		RewriteEngine on

                Alias /cgit.css /usr/share/cgit/cgit.css
                Alias /cgit.png /usr/share/cgit/cgit.png

                Alias /replicant_logo_white.png /var/www/git.replicant.us/htdocs/replicant_logo_white.png
		Alias /replicant_favicon.ico /var/www/git.replicant.us/htdocs/replicant_favicon.ico
                Alias /replicant_lineage.png /var/www/git.replicant.us/htdocs/replicant_lineage.png

		AliasMatch ^/(.*).git/clone.bundle	/srv/git/bundles/$1.git/clone.bundle
                AliasMatch ^/(.*)/clone.bundle		/srv/git/bundles/$1.git/clone.bundle

		# The mirrors were moved to their own subdirectories but Replicant 6 still use
		# the old URL
		RedirectMatch "^/AOSP-mirror/(.*)"		"/mirrors/AOSP/$1"
		RedirectMatch "^/LineageOS-mirror/(.*)"		"/mirrors/LineageOS/$1"
		RedirectMatch "^/F-Droid-mirror/(.*)"		"/mirrors/F-Droid/$1"
		RedirectMatch "^/AOSP-mirror"			"/mirrors/AOSP"
		RedirectMatch "^/LineageOS-mirror"		"/mirrors/LineageOS"
		RedirectMatch "^/F-Droid-mirror"		"/mirrors/F-Droid"

		# Unlike Gitlab, this setup is case sensitive and there are differences between
		# 4.2 and 6.0 in case
		# Redirect /replicant/packages_apps_Settings.git /replicant/packages_apps_settings.git
		# Redirect /replicant/packages_apps_Browser.git /replicant/packages_apps_browser.git
		# Above was the previous way but that didn't work with Git protocol so we renamed the repos uppercase
		# but then it broke http protocol so here we go again redirecting to uppercase:
		Redirect /replicant/packages_apps_settings.git /replicant/packages_apps_Settings.git
		Redirect /replicant/packages_apps_browser.git /replicant/packages_apps_Browser.git

		# Other redirects
		IncludeOptional git-redirects/aosp-mirror.conf
		IncludeOptional git-redirects/contrib.conf
		IncludeOptional git-redirects/infrastructure.conf
		IncludeOptional git-redirects/replicant-4.2.conf
                IncludeOptional git-redirects/replicant-6.0.conf

                SetEnv GIT_PROJECT_ROOT /srv/git/git-data/repositories/
                ScriptAliasMatch \
                        "(?x)^/(.*/(HEAD | \
                                info/refs | \
                                objects/(info/[^/]+ | \
                                         [0-9a-f]{2}/[0-9a-f]{38} | \
                                        pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                                git-upload-pack))$" \
                        /usr/lib/git-core/git-http-backend/$1

		ScriptAlias /contrib		/usr/lib/cgit/cgit.cgi
		ScriptAlias /infrastructure	/usr/lib/cgit/cgit.cgi
		ScriptAlias /mirrors		/usr/lib/cgit/cgit.cgi
		ScriptAlias /replicant		/usr/lib/cgit/cgit.cgi
		ScriptAlias /replicant-next	/usr/lib/cgit/cgit.cgi

		<Location /contrib>
	                  SetEnv CGIT_CONFIG /etc/cgit.d/contrib.conf
		</Location>

		<Location /infrastructure>
			SetEnv CGIT_CONFIG /etc/cgit.d/infrastructure.conf
		</Location>

		<Location /mirrors>
	                  SetEnv CGIT_CONFIG /etc/cgit.d/mirrors.conf
		</Location>

		<Location /replicant>
	                  SetEnv CGIT_CONFIG /etc/cgit.d/replicant.conf
		</Location>

		<Location /replicant-next>
	                  SetEnv CGIT_CONFIG /etc/cgit.d/replicant-next.conf
		</Location>

                # <Location /test>
                #           SetEnv CGIT_CONFIG /etc/cgit.d/test.conf
                # </Location>

                 <Directory /usr/lib/git-core/>
                        AllowOverride None
                        Options +ExecCgi -MultiViews +SymLinksIfOwnerMatch
                        Require all granted
                </Directory>

                <LocationMatch "^/.*/git-receive-pack$">
                        Order deny,allow
                        Deny from all
                </LocationMatch>

                <Directory /usr/local/lib/cgit/>
                        AllowOverride None
                        Options ExecCGI FollowSymlinks
                        Require all granted
                </Directory>

		Header always set Strict-Transport-Security "max-age=31536000;"

		SSLEngine On
                SSLCertificateFile		/etc/letsencrypt/live/git.replicant.us/cert.pem
                SSLCertificateChainFile		/etc/letsencrypt/live/git.replicant.us/chain.pem
                SSLCertificateKeyFile		/etc/letsencrypt/live/git.replicant.us/privkey.pem

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
	</VirtualHost>
</IfModule>