# -*-nginx-*-
server {
    listen 80;
    server_name www.git.triton.fet.at git.triton.fet.at;

    include snippets/letsencrypt.conf;
}

server {
    listen 443 ssl http2;
    server_name www.git.triton.fet.at git.triton.fet.at;

    ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
    include snippets/ssl.conf;
    error_log /var/log/nginx/git.triton.fet.at.error.log;
    access_log /var/log/nginx/git.triton.fet.at.access.log;
#    satisfy any;
#    allow 192.168.95.0/24;
#    allow 127.0.0.1;
#    deny all;
#    
#    include snippets/ldap.conf;
    access_log  logs/git.triton.access.log;

    location = / {
        return 302 https://$host/git/;
    }
    location /http {
        include snippets/ldap.conf;
        root /mnt/git_repo/;
        index index.html;
    }
    location /static {
        alias /srv/gitweb/static;
    allow all;
    }
    location /git/static {
        alias /srv/gitweb/static;
    allow all;
    }
    location /git {
        include snippets/ldap.conf;

    fastcgi_pass unix:/var/run/fcgiwrap.socket;
    fastcgi_param SCRIPT_FILENAME /srv/gitweb/gitweb.cgi;
#   fastcgi_param GIT_HTTP_EXPORT_ALL "";
    fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
    fastcgi_param PATH_INFO $uri;
    fastcgi_param REMOTE_USER $remote_user;
    include fastcgi_params;
    }
    location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
        satisfy any;
        allow 192.168.95.0/24;
        allow 127.0.0.1;
        deny all;
            
        include snippets/ldap.conf;
        root /mnt/git_repo/;
    }
    location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
#        satisfy any;
#        allow 192.168.95.0/24;
#        allow 127.0.0.1;
#        deny all;

        include snippets/ldap.conf;

        root /mnt/git_repo/git/;
        #        if ($remote_user = '') {
        #            set $remote_user "nobody";
        #        }
        #       if ($remote_user ~* '')
        #        {  set $my_remote_user $remote_user;
        #        }
    client_max_body_size 0;
    fastcgi_pass unix:/var/run/fcgiwrap.socket;
    fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
    fastcgi_param PATH_INFO $uri;
    fastcgi_param REMOTE_USER $remote_user;
    include fastcgi_params;
    }
}