1 files changed, 190 insertions, 0 deletions

diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
new file mode 100644
index 00000000..a837cf54
--- /dev/null
+++ b/etc/nginx/nginx.conf
@@ -0,0 +1,190 @@
+
+#user http;
+worker_processes  1;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    # nginx warning in journal or `sudo nginx -t`: "could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size"
+    # default is 1024, I increased to 2048 and still throws warning, I increase 4096 and warning is gone
+    # not fully understood
+    # https://wiki.archlinux.org/title/nginx#Warning:_Could_not_build_optimal_types_hash
+    # https://nginx.org/en/docs/http/ngx_http_core_module.html
+    # https://nginx.org/en/docs/hash.html
+    # https://nginx.org/en/docs/http/server_names.html
+    types_hash_max_size 4096;
+
+    server {
+        listen 80;
+        # needed for ipv6
+        listen [::]:80;
+        # https://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        server_name  flylightning.xyz;
+
+        ssl_certificate      /etc/nginx/flylightning.pem;
+        ssl_certificate_key  /etc/nginx/flylightning.key;
+
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location / {
+            root   /srv/http/master;
+            index  index.html;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        #error_page   500 502 503 504  /50x.html;
+        #location = /50x.html {
+        #    root   /usr/share/nginx/html;
+        #}
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+    server {
+        listen 80;
+        listen [::]:80;
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        server_name mirrors.flylightning.xyz;
+
+        ssl_certificate      /etc/nginx/flylightning.pem;
+        ssl_certificate_key  /etc/nginx/flylightning.key;
+
+        location / {
+            root /srv/http/mirrors;
+            autoindex on;
+        }
+    }
+
+    # https://wiki.archlinux.org/title/Cgit#Using_uwsgi
+    # https://wiki.gentoo.org/wiki/User:Halcon/HOWTO_cgit_uwsgi_nginx
+    # https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html
+    # https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html
+    # https://stackoverflow.com/questions/16182421/cgit-and-nginx-url-rewrite
+    server {
+        listen 80;
+        listen [::]:80;
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        server_name git.flylightning.xyz;
+        root /usr/share/webapps/cgit;
+
+        ssl_certificate      /etc/nginx/flylightning.pem;
+        ssl_certificate_key  /etc/nginx/flylightning.key;
+
+        # about nginx location regex:
+        # - https://nginx.org/en/docs/http/ngx_http_core_module.html#location
+        # - https://stackoverflow.com/a/59846239
+        #   - note in nginx / only means / and no other meaning, so no need \/
+        # - ~ means case-sensitive regex
+        # about (?:) non-capturing group:
+        # - https://manifold.net/doc/radian/why_do_non-capture_groups_exist_.htm
+        # - non-capturing group won't capture things inside () which may use later like in sed \1
+        #   - note: I don't think sed support ?: , because POSIX ERE and BRE doesn't seem to support ?:
+        #   - maybe improve a little bit performance by not storing things (not tested, also I did not read the source code)
+        # Serve static files with nginx
+        location ~ ^/(?:cgit\.(?:css|png)|robots\.txt|highlight\.css|mycgit\.css)$ {
+            root /usr/share/webapps/cgit;
+            expires 30d;
+        }
+        location / {
+            include uwsgi_params;
+            uwsgi_modifier1 9;
+            uwsgi_pass unix:/run/uwsgi/cgit.sock;
+        }
+    }
+
+}
+
+# vim: expandtab