NGINX and linux

NGINX and linux

[re.pichler]

The README is for APACHE and unix systems. Would there be a way to get this
working with nginx and on linux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20180228/535c379c/attachment.html>

NGINX and linux

[john]

On Wed, Feb 28, 2018 at 08:37:17PM -0500, Rolan Pichler wrote:
> The README is for APACHE and unix systems. Would there be a way to get this
> working with nginx and on linux

Nginx doesn't support CGI directly, so you need to use fcgiwrap or an
equivalent as a wrapper to run CGit.

I found this post about setting up CGit and nginx which looks like it
covers the necessary configuration:
https://levlaz.org/installing-cgit-nginx-on-debian-jessie/

Patches to README are welcome if you get it working.

NGINX and linux

[georg]

Hi all,

On 18-03-01 13:02:45, John Keeping wrote:
> On Wed, Feb 28, 2018 at 08:37:17PM -0500, Rolan Pichler wrote:
> > The README is for APACHE and unix systems. Would there be a way to
> > get this working with nginx and on linux
> 
> Nginx doesn't support CGI directly, so you need to use fcgiwrap or an
> equivalent as a wrapper to run CGit.

I wouldn't recommend to use fcgiwrap, as this is deprecated. I'm running
cgit in production via uwsgi [1]. In case you need help setting it up:
ping me, I'm able to provide configs as well.

Good luck,
cheers,
Georg


[1] https://uwsgi-docs.readthedocs.io/en/latest/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20180403/d806c25e/attachment.asc>

NGINX and linux

[konstantin]

On 04/03/18 12:51, Georg Faerber wrote:
>> Nginx doesn't support CGI directly, so you need to use fcgiwrap or an
>> equivalent as a wrapper to run CGit.
> I wouldn't recommend to use fcgiwrap, as this is deprecated. I'm running
> cgit in production via uwsgi [1]. In case you need help setting it up:
> ping me, I'm able to provide configs as well.

Why not write about it here? I'd be interested in seeing what you have.
I wanted to do uwsgi with cgit about a year ago, but there was a bug in
uwsgi's CGI implementation that prevented it from working (they fixed it
after I reported it to them).

Do you do uwsgi for both cgit and git-daemon, or are you serving
https:// via cgit directly?

Regards,
-- 
Konstantin Ryabitsev
Director, IT Infrastructure Security
The Linux Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20180403/771b65f0/attachment.asc>

NGINX and linux

[Jason]

I run uwsgi+cgit on the actual cgit cgit repo. Here's the setup:

krantz ~ # cat /etc/nginx/sites/cgit.conf
server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name git.zx2c4.com;
        access_log /var/log/nginx/cgit.access_log main;
        error_log /var/log/nginx/cgit.error_log info;
        ssl_certificate_key
/var/www/letsencrypt/certs/git.zx2c4.com/privkey.pem;
        ssl_certificate /var/www/letsencrypt/certs/git.zx2c4.com/fullchain.pem;
        include secure-headers.conf;

        location /cgit.cgi {
                internal;
                include uwsgi_params;
                uwsgi_modifier1 9;
                uwsgi_pass unix:/var/run/uwsgi-apps/cgit.socket;
        }
        location ~
"^/[a-zA-Z0-9._-]+/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$"
{
                include uwsgi_params;
                uwsgi_modifier1 9;
                uwsgi_pass unix:/var/run/uwsgi-apps/git-http-backend.socket;
        }
        location / {
                root /var/www/uwsgi/cgit/cgi/;
                try_files $uri /cgit.cgi?url=$uri&$args;
        }
}
server {
        listen 80;
        listen [::]:80;
        server_name git.zx2c4.com;
        include letsencrypt.conf;
        location / {
                return 301 https://$server_name$request_uri;
        }
}

Running as a daemon: { /usr/bin/uwsgi --emperor /etc/uwsgi.d/
--daemonize /var/log/uwsgi.log --master --emperor-on-demand-directory
/var/run/uwsgi-apps --pidfile /var/run/uwsgi/uwsgi.pid }

krantz ~ # cat /etc/uwsgi.d/cgit.ini
[uwsgi]
chdir = /var/www/uwsgi/%n/cgi
master = true
uid = %n
gid = %n
logto = /var/log/uwsgi/%n.log
processes = 8
threads = 8
idle = 1800
die-on-idle = true
plugin = cgi
cgi = /var/www/uwsgi/%n/cgi/%n.cgi
listen = 256
cgroup = /sys/fs/cgroup/cgit
cgroup-opt = memory.limit_in_bytes=1073741824
prio = 10

krantz ~ # cat /etc/uwsgi.d/git-http-backend.ini
[uwsgi]
chdir = /mnt/git
master = true
uid = cgit
gid = cgit
logto = /var/log/uwsgi/%n.log
processes = 16
threads = 16
idle = 1800
die-on-idle = true
plugin = cgi
cgi = /usr/libexec/git-core/%n
listen = 256
prio = 10
env = GIT_PROJECT_ROOT=/mnt/git
env = HOME=/mnt/git
post-buffering = 8192
cgi-close-stdin-on-eof = true

krantz ~ # cat /var/www/uwsgi/cgit/source/cgit.conf
CGIT_SCRIPT_PATH = /var/www/uwsgi/cgit/cgi
CGIT_CONFIG = /var/www/uwsgi/cgit/cgitrc
CACHE_ROOT = /var/www/uwsgi/cgit/cache
prefix = /var/www/uwsgi/cgit
libdir = $(prefix)
filterdir = $(libdir)/filters
NM = gcc-nm
AR = gcc-ar
LD = gcc-ld
CFLAGS = -O3 -march=native -pipe -fomit-frame-pointer -fPIE
-fstack-protector-all -flto -fPIC
LDFLAGS = -Wl,-z,now -Wl,-z,relro -flto -fPIC