diff options
| author | Your Name <you@example.com> | 2026-02-18 15:12:32 +0800 |
|---|---|---|
| committer | Your Name <you@example.com> | 2026-02-18 15:12:32 +0800 |
| commit | c3a377a265d2ca92b8823be281fa0e487d30692b (patch) | |
| tree | 1d5b4213c65635ffdd82921b633eaaf5bebd2e60 /Caddyfile | |
| parent | b0572c958427ae6ad75109752e9741aab31ad65a (diff) | |
switch to rocky linux 10, add --init for zombie reaping, fix NAT setup
- base image alpine -> rockylinux:10 (cgit/fcgiwrap from EPEL)
- drop spawn-fcgi, use fcgiwrap -s directly
- add --init to reap zombie sshd-auth processes (PID exhaustion fix)
- replace ip addr/route networking with nft DNAT/SNAT/FORWARD rules
- add FORWARD accept rule that was missing for inbound DNAT traffic
Diffstat (limited to 'Caddyfile')
| -rw-r--r-- | Caddyfile | 6 |
1 files changed, 3 insertions, 3 deletions
| @@ -1,18 +1,18 @@ | |||
| 1 | {$DOMAIN} { | 1 | {$DOMAIN} { |
| 2 | handle {$CGIT_CSS} { | 2 | handle {$CGIT_CSS} { |
| 3 | root * /usr/share/webapps/cgit | 3 | root * /usr/share/cgit |
| 4 | file_server | 4 | file_server |
| 5 | } | 5 | } |
| 6 | 6 | ||
| 7 | handle {$CGIT_LOGO} { | 7 | handle {$CGIT_LOGO} { |
| 8 | root * /usr/share/webapps/cgit | 8 | root * /usr/share/cgit |
| 9 | file_server | 9 | file_server |
| 10 | } | 10 | } |
| 11 | 11 | ||
| 12 | handle { | 12 | handle { |
| 13 | reverse_proxy unix/{$FCGI_SOCK} { | 13 | reverse_proxy unix/{$FCGI_SOCK} { |
| 14 | transport fastcgi { | 14 | transport fastcgi { |
| 15 | env SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi | 15 | env SCRIPT_FILENAME /var/www/cgi-bin/cgit |
| 16 | env QUERY_STRING {query} | 16 | env QUERY_STRING {query} |
| 17 | env HTTP_HOST {host} | 17 | env HTTP_HOST {host} |
| 18 | env PATH_INFO {path} | 18 | env PATH_INFO {path} |