# This is the apache configuration file for RocketGit
<Directory "/usr/share/rocketgit/root">
AllowOverride None
Order allow,deny
Allow from all
<IfModule mod_authz_core.c>
# apache 2.4
Require all granted
</IfModule>
# Cache at will
<FilesMatch "(?i)^.*\.(ico|jpg|jpeg|png|gif|js|css)$">
FileETag MTime Size
</FilesMatch>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/vnd.microsoft.icon "access plus 7 days"
ExpiresByType image/png "access plus 1 day"
ExpiresByType text/css "access plus 1 day"
ExpiresByType text/javascript "access plus 1 day"
ExpiresByType application/javascript "access plus 1 day"
ExpiresByType application/x-javascript "access plus 1 day"
</IfModule>
</Directory>
<VirtualHost *:80>
ServerName rg.domain.tld
ServerAlias rg
DocumentRoot /usr/share/rocketgit/root/
ErrorLog logs/rocketgit-error_log
CustomLog logs/rocketgit-access_log common
KeepAlive On
MaxKeepAliveRequests 1000
KeepAliveTimeout 10
TraceEnable off
RewriteEngine On
# If you do not want HTTPS, comment the following lines and the HTTPS
# virtual host, below.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [redirect=301,last,qsappend]
# Allow .ico, 'themes' folder and robots.txt
# Also, avoid scripts that are looking for exploits
RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes/.*|robots\.txt)$
RewriteRule .* - [last]
# all rest
RewriteRule (.*) /index.php?rwe=1&vv=$1 [last,qsappend]
<IfModule mod_headers.c>
# Security (ClickJacking)
Header always append X-Frame-Options DENY
</IfModule>
# Compress
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
DeflateBufferSize 81920
<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php-fpm/rocketgit.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>
<VirtualHost *:443>
#LogLevel debug #rewrite:trace8
# Set ServerName correctly, else, this VirtualHost will not match
#ServerName rg.domain.tld
ServerAlias rg
DocumentRoot /usr/share/rocketgit/root/
ErrorLog logs/rocketgit-ssl_error_log
CustomLog logs/rocketgit-ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
TransferLog logs/rocketgit-ssl_access_log
KeepAlive On
MaxKeepAliveRequests 1000
KeepAliveTimeout 10
TraceEnable off
RewriteEngine On
# Allow .ico, 'themes' folder and robots.txt
RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes/.*|robots\.txt)$
RewriteRule .* - [last]
# all rest
RewriteRule (.*) /index.php?rwe=1&vv=$1 [last,qsappend]
<IfModule mod_headers.c>
# Security (ClickJacking)
Header always append X-Frame-Options DENY
# Add this for SSL
Header set Strict-Transport-Security "max-age=31536000"
</IfModule>
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
# Specify the cyphers to get an A+ on Qualys (ssllabs.com); recommended
# https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
# or, respect the system settings:
# Pay attention on next line! It fails on RedHat6!
#SSLCipherSuite PROFILE=SYSTEM
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
# To generate pin-sha256 string: openssl s_client -servername <server> -connect <server>:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# Header always set Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains; report-uri=\"https://www.example.org/hpkp-report\""
# Header always set Public-Key-Pins-Report-Only ... # to not block users!
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
# Compress
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
DeflateBufferSize 81920
<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php-fpm/rocketgit.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a
pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master