diff options
| -rw-r--r-- | Dockerfile | 58 | ||||
| -rw-r--r-- | cgit-setup-auto.sh | 125 | ||||
| -rw-r--r-- | nginx.conf | 44 | ||||
| -rw-r--r-- | startup.sh | 14 |
4 files changed, 241 insertions, 0 deletions
diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6ecf73f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,58 @@ +FROM rockylinux:9 + +# Install required packages +RUN dnf install -y epel-release && \ + dnf install -y \ + tmux \ + git \ + nginx \ + fcgiwrap \ + gcc \ + make \ + openssl-devel \ + zlib-devel \ + procps-ng \ + systemd-sysv && \ + dnf clean all + +# Clone and build cgit +RUN git clone https://git.zx2c4.com/cgit /tmp/cgit && \ + cd /tmp/cgit && \ + git submodule init && \ + git submodule update && \ + make && \ + make install && \ + rm -rf /tmp/cgit + +# Create necessary directories +RUN mkdir -p /git /var/www/htdocs/cgit && \ + chown -R nginx:nginx /var/www/htdocs/cgit && \ + chgrp -R nginx /git && \ + chmod -R g+s /git && \ + chmod -R 775 /git + +# Configure cgit +RUN touch /etc/cgitrc && \ + chown nginx:nginx /etc/cgitrc && \ + chgrp nginx /etc/cgitrc && \ + chmod 664 /etc/cgitrc + +# Add cgit configuration +RUN echo 'css=/cgit.css' >> /etc/cgitrc && \ + echo 'logo=/cgit.png' >> /etc/cgitrc && \ + echo 'virtual-root=/' >> /etc/cgitrc && \ + echo 'cache-size=200' >> /etc/cgitrc && \ + echo 'scan-path=/git' >> /etc/cgitrc + +# Configure nginx +COPY nginx.conf /etc/nginx/nginx.conf + +# Create startup script +COPY startup.sh /startup.sh +RUN chmod +x /startup.sh + +# Expose port +EXPOSE 80 + +# Start services +CMD ["/startup.sh"] diff --git a/cgit-setup-auto.sh b/cgit-setup-auto.sh new file mode 100644 index 0000000..b4e6c53 --- /dev/null +++ b/cgit-setup-auto.sh @@ -0,0 +1,125 @@ +#!/bin/bash + +# CGit + Nginx Setup Script with Certbot SSL +# Usage: ./cgit-setup.sh <domain> <email> +# Example: ./cgit-setup.sh sg2.0nom.ch hc@email.ch + +set -e + +# Check arguments +if [ $# -ne 2 ]; then + echo "Usage: $0 <domain> <email>" + echo "Example: $0 domain.com name@email.com" + exit 1 +fi + +DOMAIN="$1" +EMAIL="$2" + +echo "Starting CGit + Nginx setup for $DOMAIN with email $EMAIL..." + +# Update system and install dependencies +echo "Installing dependencies..." +sudo dnf install -y epel-release +sudo dnf install -y tmux git nginx fcgiwrap git gcc make openssl-devel zlib-devel +sudo dnf install -y certbot python3-certbot-nginx + +# Clone and build cgit +echo "Building cgit..." +if [ ! -d "cgit" ]; then + git clone https://git.zx2c4.com/cgit +fi + +cd cgit +git submodule init +git submodule update +make +sudo make install +cd .. + +# Create directories and set permissions +echo "Setting up directories..." +sudo mkdir -p /git /var/www/htdocs/cgit +sudo chown -R nginx:nginx /var/www/htdocs/cgit +sudo chgrp -R nginx /git +sudo chmod -R g+s /git +sudo chmod -R 775 /git + +# Configure cgit +echo "Configuring cgit..." +sudo tee /etc/cgitrc > /dev/null <<EOL +css=/cgit.css +logo=/cgit.png +virtual-root=/ +cache-size=200 +scan-path=/git +EOL + +sudo chown nginx:nginx /etc/cgitrc +sudo chmod 664 /etc/cgitrc + +# Configure nginx for cgit (certbot-compatible) +echo "Configuring nginx..." +sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup + +sudo tee /etc/nginx/conf.d/cgit.conf > /dev/null <<EOL +server { + listen 80; + server_name $DOMAIN; + root /var/www/htdocs/cgit/; + + location / { + try_files \$uri @cgit; + } + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME \$document_root/cgit.cgi; + fastcgi_param PATH_INFO \$uri; + fastcgi_param QUERY_STRING \$args; + fastcgi_param HTTP_HOST \$server_name; + fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock; + } +} +EOL + +# Start services +echo "Starting services..." +sudo systemctl enable --now fcgiwrap@nginx.socket +sudo systemctl enable --now nginx + +# Wait for nginx to start +sleep 2 + +# Run certbot to enable SSL +echo "Setting up SSL with certbot for domain: $DOMAIN and email: $EMAIL" +sudo certbot --nginx -d "$DOMAIN" --non-interactive --agree-tos --email "$EMAIL" --redirect + +# Add HTTPS parameter to cgit location after certbot configuration +echo "Updating configuration for HTTPS..." +sudo sed -i ' +/listen 443 ssl/,/^}/ { + /@cgit/,/}/ { + /fastcgi_param HTTP_HOST/a\ fastcgi_param HTTPS on; + } +}' /etc/nginx/conf.d/cgit.conf + +# Test and reload nginx +echo "Testing configuration..." +sudo nginx -t +sudo systemctl reload nginx + +# Configure git +git config --global init.defaultBranch main + +echo "" +echo "Setup complete!" +echo "CGit is now available at: https://$DOMAIN" +echo "SSL certificate obtained for: $EMAIL" +echo "" +echo "To create a new repository:" +echo " cd /git" +echo " sudo git init --bare myrepo.git" +echo " sudo chown -R nginx:nginx myrepo.git" +echo "" +echo "The repository will be automatically visible in cgit." diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..d0b0daa --- /dev/null +++ b/nginx.conf @@ -0,0 +1,44 @@ +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { + listen 80; + server_name _; + root /var/www/htdocs/cgit/; + + location / { + try_files $uri @cgit; + } + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock; + } + } +}
\ No newline at end of file diff --git a/startup.sh b/startup.sh new file mode 100644 index 0000000..fa93bcf --- /dev/null +++ b/startup.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Create necessary socket directory +mkdir -p /run/fcgiwrap + +# Start fcgiwrap +fcgiwrap -s unix:/run/fcgiwrap/fcgiwrap-nginx.sock & + +# Change ownership of socket +sleep 2 +chown nginx:nginx /run/fcgiwrap/fcgiwrap-nginx.sock + +# Start nginx in foreground +nginx -g 'daemon off;'
\ No newline at end of file |