nginx_sites/triton.fet.at/git.conf

# -*-nginx-*-
server {
    listen 80;
    server_name www.git.triton.fet.at git.triton.fet.at;
    location /{
        return 301 https://$host$request_uri;
    }
    location /.well-known {
        root /srv/welcome;
	allow all;
    }

}
server {
    listen  443 ssl;
    #    listen 80;
    server_name www.git.triton.fet.at git.triton.fet.at;
    ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;

#    satisfy any;
#    allow 192.168.95.0/24;
#    allow 127.0.0.1;
#    deny all;
#    
#    auth_ldap "FET Login";
#    auth_ldap_servers fet;   

    location /.well-known {
        root /srv/welcome;
	allow all;
    }
    location = / {
        return 302 https://$host/http/;
        }
    
    location /http {
        auth_ldap "FET Login";
        auth_ldap_servers fet;   
        root /srv/git/;
        index index.html;
    }
    location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
            satisfy any;
            allow 192.168.95.0/24;
            allow 127.0.0.1;
            deny all;
            
        auth_ldap "FET Login";
       auth_ldap_servers fet;   
       root /srv/git/git/;
    }
    location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
#            satisfy any;
#            allow 192.168.95.0/24;
#            allow 127.0.0.1;
#            deny all;
        auth_ldap "FET Login";
        auth_ldap_servers fet;   

        root /srv/git/git/;
        #        if ($remote_user = '') {
        #            set $my_remote_user "nobody";
        #        }
        #       if ($remote_user ~* '')
        #        {  set $my_remote_user $remote_user;
        #        }
	client_max_body_size 0;
	fastcgi_pass unix:/var/run/fcgiwrap.socket;
	fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
	fastcgi_param GIT_HTTP_EXPORT_ALL "";
	fastcgi_param GIT_PROJECT_ROOT /srv/git;
	fastcgi_param PATH_INFO $uri;
	fastcgi_param REMOTE_USER $remote_user;
	include fastcgi_params;

    }
}