#
# !!! This file is managed by Ansible !!!
#

{% if  services.cgit.nginx.sslOnly is not defined or services.cgit.nginx.sslOnly is false %}
server {
	listen 80 ;
	listen [::]:80;
	
	server_name {{ services.cgit.nginx.domain }};

	root /usr/share/webapps/cgit;
	try_files $uri @cgit;

	location @cgit {
		include fastcgi_params;
		fastcgi_pass 127.0.0.1:8001;
		fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi;
		fastcgi_param PATH_INFO $uri;
		fastcgi_param QUERY_STRING $args;
	}
}

{% endif %}
{% if services.cgit.nginx.ssl.enable is true %}
server {
	listen 443 ssl;
	listen [::]:443 ssl;

	ssl_certificate "{{ services.cgit.nginx.ssl.cert }}";
	ssl_certificate_key "{{ services.cgit.nginx.ssl.privkey }}";
	include /etc/nginx/ssl.conf;
	
	server_name {{ services.cgit.nginx.domain }};

	root /usr/share/webapps/cgit;

	location ~ "^/[a-zA-Z0-9._-]+/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$" {
		if ($query_string = service=git-receive-pack) {
			return 403;
		}

		client_max_body_size 0;

		include fastcgi_params;
		fastcgi_pass 127.0.0.1:8001;
		fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
		fastcgi_param GIT_PROJECT_ROOT /var/lib/git/repositories;
		fastcgi_param PATH_INFO $fastcgi_script_name;
	}

	try_files $uri @cgit;

	location @cgit {
		include fastcgi_params;
		fastcgi_pass 127.0.0.1:8001;
		fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi;
		fastcgi_param PATH_INFO $uri;
		fastcgi_param QUERY_STRING $args;
	}
}
{% endif %}