Code Vault

xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)

Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.

Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

<root> / samples / rg.conf (bfee2a2ea9c070bba4023e996ded2a2dcb591d96) (4,382B) (mode 100644) [raw]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133

# This is the apache configuration file for RocketGit

<Directory "/usr/share/rocketgit/root">
	AllowOverride None
	Order allow,deny
	Allow from all

	<IfModule mod_authz_core.c>
	# apache 2.4
	Require all granted
	</IfModule>

	# Cache at will
	<FilesMatch "(?i)^.*\.(ico|jpg|jpeg|png|gif|js|css)$">
		FileETag MTime Size
	</FilesMatch>

	<IfModule mod_expires.c>
		ExpiresActive On
		ExpiresByType image/vnd.microsoft.icon "access plus 7 days"
		ExpiresByType image/png "access plus 1 day"
		ExpiresByType text/css "access plus 1 day"
		ExpiresByType text/javascript "access plus 1 day"
		ExpiresByType application/javascript "access plus 1 day"
		ExpiresByType application/x-javascript "access plus 1 day"
	</IfModule>
</Directory>

<VirtualHost *:80>
	ServerName rg.domain.tld
	ServerAlias rg
	DocumentRoot /usr/share/rocketgit/root/
	ErrorLog logs/rocketgit-error_log
	CustomLog logs/rocketgit-access_log common

	KeepAlive On
	MaxKeepAliveRequests 1000
	KeepAliveTimeout 10
	TraceEnable off

	RewriteEngine On

	# If you do not want HTTPS, comment the following lines and the HTTPS
	# virtual host, below.
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [redirect=301,last,qsappend]

	# Allow .ico, 'themes' folder and robots.txt
	# Also, avoid scripts that are looking for exploits
	RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes/.*|robots\.txt)$
	RewriteRule .* - [last]

	# all rest
	RewriteRule (.*) /index.php?rwe=1&vv=$1 [last,qsappend]


	<IfModule mod_headers.c>
	# Security (ClickJacking)
	Header always append X-Frame-Options DENY
	</IfModule>

	# Compress
	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
	DeflateBufferSize 81920

	<FilesMatch "\.php$">
		SetHandler "proxy:unix:/run/php-fpm/rocketgit.sock|fcgi://localhost"
	</FilesMatch>
</VirtualHost>

<VirtualHost *:443>
	#LogLevel debug #rewrite:trace8
	# Set ServerName correctly, else, this VirtualHost will not match
	#ServerName rg.domain.tld
	ServerAlias rg
	DocumentRoot /usr/share/rocketgit/root/
	ErrorLog logs/rocketgit-ssl_error_log
	CustomLog logs/rocketgit-ssl_request_log \
		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	TransferLog logs/rocketgit-ssl_access_log

	KeepAlive On
	MaxKeepAliveRequests 1000
	KeepAliveTimeout 10
	TraceEnable off

	RewriteEngine On

	# Allow .ico, 'themes' folder and robots.txt
	RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes/.*|robots\.txt)$
	RewriteRule .* - [last]

	# all rest
	RewriteRule (.*) /index.php?rwe=1&vv=$1 [last,qsappend]

	<IfModule mod_headers.c>
	# Security (ClickJacking)
	Header always append X-Frame-Options DENY
	# Add this for SSL
	Header set Strict-Transport-Security "max-age=31536000"
	</IfModule>

	LogLevel warn
	SSLEngine on
	SSLProtocol all -SSLv2 -SSLv3
	# Specify the cyphers to get an A+ on Qualys (ssllabs.com); recommended
	# https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm
	SSLHonorCipherOrder on
	SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
	# or, respect the system settings:
	# Pay attention on next line! It fails on RedHat6!
	#SSLCipherSuite PROFILE=SYSTEM

	# https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
	# To generate pin-sha256 string: openssl s_client -servername <server> -connect <server>:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
	# Header always set Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains; report-uri=\"https://www.example.org/hpkp-report\""
	# Header always set Public-Key-Pins-Report-Only ... # to not block users!

	SSLCertificateFile /etc/pki/tls/certs/localhost.crt
	SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

	<Files ~ "\.(cgi|shtml|phtml|php3?)$">
		SSLOptions +StdEnvVars
	</Files>

	# Compress
	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
	DeflateBufferSize 81920

	<FilesMatch "\.php$">
		SetHandler "proxy:unix:/run/php-fpm/rocketgit.sock|fcgi://localhost"
	</FilesMatch>
</VirtualHost>

Hints

Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:

... clone the repository ...
... make some changes and some commits ...
git push origin master