From d5b7d91a17ac26f8ec3781c1faacc61cc785c21c Mon Sep 17 00:00:00 2001
From: Jose Quintana <joseluisquintana20@gmail.com>
Date: Tue, 16 Mar 2021 09:14:24 +0100
Subject: refactor: prod server adjustments

---
 Dockerfile                |  8 +++---
 LICENSE-MIT               |  2 +-
 README.md                 |  2 +-
 cgit/cgit.conf            | 67 +++++++++++++++++++++++++++++++++++++++++++
 conf/cgit.conf            | 67 -------------------------------------------
 conf/default.conf         | 36 -----------------------
 nginx/conf.d/default.conf | 36 +++++++++++++++++++++++
 nginx/nginx.conf          | 73 +++++++++++++++++++++++++++++++++++++++++++++++
 8 files changed, 182 insertions(+), 109 deletions(-)
 create mode 100644 cgit/cgit.conf
 delete mode 100644 conf/cgit.conf
 delete mode 100644 conf/default.conf
 create mode 100644 nginx/conf.d/default.conf
 create mode 100644 nginx/nginx.conf

diff --git a/Dockerfile b/Dockerfile
index 1ef8e06..c5657dd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,6 @@ RUN set -eux \
         cgit=${CGIT_VERSION} \
         fcgiwrap \
         git \
-        highlight \
         lua5.3-libs \
         py3-markdown \
         py3-pygments \
@@ -32,8 +31,9 @@ RUN set -eux \
     && rm -rf /tmp/* \
     && true
 
-COPY conf/cgit.conf /tmp/cgitrc.tmpl
-COPY conf/default.conf /etc/nginx/conf.d/default.conf
+COPY cgit/cgit.conf /tmp/cgitrc.tmpl
+COPY nginx/nginx.conf /etc/nginx/nginx.conf
+COPY nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
 
 VOLUME [ "/srv/git", "/var/cache/cgit" ]
 
@@ -51,5 +51,5 @@ LABEL org.opencontainers.image.vendor="Jose Quintana" \
     org.opencontainers.image.url="https://github.com/joseluisq/alpine-cgit" \
     org.opencontainers.image.title="cgit" \
     org.opencontainers.image.description="A fast web interface for git." \
-    org.opencontainers.image.version="${SERVER_VERSION}" \
+    org.opencontainers.image.version="${CGIT_VERSION}" \
     org.opencontainers.image.documentation="https://github.com/joseluisq/alpine-cgit"
diff --git a/LICENSE-MIT b/LICENSE-MIT
index 0e60829..c698317 100644
--- a/LICENSE-MIT
+++ b/LICENSE-MIT
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2019-present Jose Quintana <https://git.io/joseluisq>
+Copyright (c) 2021-present Jose Quintana <https://git.io/joseluisq>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
diff --git a/README.md b/README.md
index 5780e37..e048b40 100644
--- a/README.md
+++ b/README.md
@@ -64,4 +64,4 @@ Feel free to send some [Pull request](https://github.com/joseluisq/alpine-cgit/p
 
 This work is primarily distributed under the terms of both the [MIT license](LICENSE-MIT) and the [Apache License (Version 2.0)](LICENSE-APACHE).
 
-© 2021 [Jose Quintana](https://git.io/joseluisq)
+© 2021-present [Jose Quintana](https://git.io/joseluisq)
diff --git a/cgit/cgit.conf b/cgit/cgit.conf
new file mode 100644
index 0000000..3a1c755
--- /dev/null
+++ b/cgit/cgit.conf
@@ -0,0 +1,67 @@
+# CGit config file (cgitrc)
+# For all supported settings see https://linux.die.net/man/5/cgitrc
+
+root-title=$CGIT_TITLE
+root-desc=$CGIT_DESC
+
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+#
+# Search for these files in the root of the default branch of repositories
+# for coming up with the about page:
+#
+readme=:README.md
+readme=:readme.md
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.rst
+readme=:readme.rst
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.rst
+readme=:install.rst
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
+
+# Default Theme
+css=/cgit.css
+logo=/cgit.png
+
+# Cache
+cache-root=/var/cache/cgit
+cache-size=2000
+
+enable-index-links=1
+enable-index-owner=0
+enable-remote-branches=1
+enable-log-filecount=1
+enable-log-linecount=1
+enable-git-config=1
+snapshots=tar.xz zip
+
+robots=noindex, nofollow
+
+virtual-root=$CGIT_VROOT
+
+section-from-path=$CGIT_SECTION_FROM_STARTPATH
+
+max-repo-count=$CGIT_MAX_REPO_COUNT
+
+scan-path=/srv/git
diff --git a/conf/cgit.conf b/conf/cgit.conf
deleted file mode 100644
index db9e4da..0000000
--- a/conf/cgit.conf
+++ /dev/null
@@ -1,67 +0,0 @@
-# CGit config file (cgitrc)
-# For all supported settings see https://linux.die.net/man/5/cgitrc
-
-root-title=$CGIT_TITLE
-root-desc=$CGIT_DESC
-
-source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
-about-filter=/usr/lib/cgit/filters/about-formatting.sh
-
-##
-## Search for these files in the root of the default branch of repositories
-## for coming up with the about page:
-##
-readme=:README.md
-readme=:readme.md
-readme=:README.mkd
-readme=:readme.mkd
-readme=:README.rst
-readme=:readme.rst
-readme=:README.html
-readme=:readme.html
-readme=:README.htm
-readme=:readme.htm
-readme=:README.txt
-readme=:readme.txt
-readme=:README
-readme=:readme
-readme=:INSTALL.md
-readme=:install.md
-readme=:INSTALL.mkd
-readme=:install.mkd
-readme=:INSTALL.rst
-readme=:install.rst
-readme=:INSTALL.html
-readme=:install.html
-readme=:INSTALL.htm
-readme=:install.htm
-readme=:INSTALL.txt
-readme=:install.txt
-readme=:INSTALL
-readme=:install
-
-# Default Theme
-css=/cgit.css
-logo=/cgit.png
-
-# Cache
-cache-root=/var/cache/cgit
-cache-size=1000
-
-enable-index-links=1
-enable-index-owner=0
-enable-remote-branches=1
-enable-log-filecount=1
-enable-log-linecount=1
-enable-git-config=1
-snapshots=tar.xz zip
-
-robots=noindex, nofollow
-
-virtual-root=$CGIT_VROOT
-
-section-from-path=$CGIT_SECTION_FROM_STARTPATH
-
-max-repo-count=$CGIT_MAX_REPO_COUNT
-
-scan-path=/srv/git
diff --git a/conf/default.conf b/conf/default.conf
deleted file mode 100644
index fe5c9ad..0000000
--- a/conf/default.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-server {
-    listen          80;
-    server_name     localhost;
-    root            /usr/share/webapps/cgit;
-
-    location / {
-        try_files $uri @cgit;
-    }
-
-    location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) {
-        root /usr/share/webapps/cgit;
-        expires 30d;
-    }
-
-    location @cgit {
-        gzip off;
-        include             /etc/nginx/fastcgi_params;
-        fastcgi_param       SCRIPT_FILENAME $document_root/cgit.cgi;
-        fastcgi_param       PATH_INFO       $uri;
-        fastcgi_param       QUERY_STRING    $args;
-        fastcgi_param       HTTP_HOST       $server_name;
-        fastcgi_pass        unix:/var/run/fcgiwrap.sock;
-    }
-
-    error_page  404         /404.html;
-    error_page  401         /401.html;
-
-    error_page  500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-
-    location ~ /\.ht {
-        deny  all;
-    }
-}
diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf
new file mode 100644
index 0000000..fe5c9ad
--- /dev/null
+++ b/nginx/conf.d/default.conf
@@ -0,0 +1,36 @@
+server {
+    listen          80;
+    server_name     localhost;
+    root            /usr/share/webapps/cgit;
+
+    location / {
+        try_files $uri @cgit;
+    }
+
+    location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) {
+        root /usr/share/webapps/cgit;
+        expires 30d;
+    }
+
+    location @cgit {
+        gzip off;
+        include             /etc/nginx/fastcgi_params;
+        fastcgi_param       SCRIPT_FILENAME $document_root/cgit.cgi;
+        fastcgi_param       PATH_INFO       $uri;
+        fastcgi_param       QUERY_STRING    $args;
+        fastcgi_param       HTTP_HOST       $server_name;
+        fastcgi_pass        unix:/var/run/fcgiwrap.sock;
+    }
+
+    error_page  404         /404.html;
+    error_page  401         /401.html;
+
+    error_page  500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    location ~ /\.ht {
+        deny  all;
+    }
+}
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..c45d90c
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,73 @@
+user nginx;
+worker_processes auto;
+error_log stderr crit;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 2048;
+    use epoll;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    open_file_cache max=200000 inactive=20s;
+    open_file_cache_valid 30s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    access_log off;
+    error_log stderr crit;
+
+    sendfile on;
+    sendfile_max_chunk 512k;
+    tcp_nopush on;
+    tcp_nodelay on;
+    types_hash_max_size 4096;
+
+    keepalive_timeout 35;
+
+    gzip on;
+    gzip_min_length 10240;
+    gzip_comp_level 1;
+    gzip_vary on;
+    gzip_disable msie6;
+    gzip_proxied expired no-cache no-store private auth;
+    # text/html is always compressed by HttpGzipModule
+    gzip_types
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        text/x-component
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        application/rss+xml
+        application/atom+xml
+        font/truetype
+        font/opentype
+        application/vnd.ms-fontobject
+        image/svg+xml;
+
+    reset_timedout_connection on;
+    client_body_timeout 10;
+    send_timeout 5;
+
+    server_tokens off;
+    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
+    client_body_buffer_size 128k;
+    large_client_header_buffers 4 256k;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    include /etc/nginx/conf.d/*.conf;
+}
-- 
cgit v1.2.3