Re: Avoiding virtual-root with Nginx

2019-01-31 Thread Georg Faerber 
Hi,

On 19-01-06 02:02:45, h...@alyssa.is wrote:
> With this in mind, I've been trying and failing to set up CGit with
> Nginx without using virtual-root. By default, CGit will generate links
> starting with /cgit.cgi/, rather than just /, but I can set
> virtual-root to / to get the behaviour I want. I've found vague
> mentions online of Nginx's PATH_INFO format not being compatible with
> CGit, so my question is: is this a bug in CGit, or is there something
> I should be doing differently with Nginx?
> 
> Given that the quoted note is at least ten years old, I'm not worried
> about it suddenly disappearing, but I'd still like to be sure I'm
> doing things properly.

How do you serve the cgi code? I'm using uwsgi and Nginx, and could send
you the configs, in case that's of interest to you.

Cheers,
Georg


signature.asc
Description: Digital signature
___
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit

Re: NGINX and linux

2018-04-03 Thread Georg Faerber 
Hi all,

On 18-03-01 13:02:45, John Keeping wrote:
> On Wed, Feb 28, 2018 at 08:37:17PM -0500, Rolan Pichler wrote:
> > The README is for APACHE and unix systems. Would there be a way to
> > get this working with nginx and on linux
> 
> Nginx doesn't support CGI directly, so you need to use fcgiwrap or an
> equivalent as a wrapper to run CGit.

I wouldn't recommend to use fcgiwrap, as this is deprecated. I'm running
cgit in production via uwsgi [1]. In case you need help setting it up:
ping me, I'm able to provide configs as well.

Good luck,
cheers,
Georg


[1] https://uwsgi-docs.readthedocs.io/en/latest/


signature.asc
Description: Digital signature
___
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit

Re: [PATCH 04/07] Inject repo authorization filter. Provide sample for gitolite integration.

2017-06-23 Thread Georg Faerber 
Hi all,

Any chance of getting this merged?

Cheers,
Georg

On 15-11-27 22:46:57, The Ranger wrote:
> ---
>  filters/gitolite-authorization.lua | 74 
> ++
>  scan-tree.c| 18 ++
>  2 files changed, 92 insertions(+)
>  create mode 100644 filters/gitolite-authorization.lua
> 
> diff --git a/filters/gitolite-authorization.lua 
> b/filters/gitolite-authorization.lua
> new file mode 100644
> index 000..2f0e4f5
> --- /dev/null
> +++ b/filters/gitolite-authorization.lua
> @@ -0,0 +1,74 @@
> +-- This script can be used with project-filter option
> +-- It uses REMOTE_USER environment variable to obtain the user who needs to 
> be authorized
> +-- This variable is normally set by HTTP Basic Authentication.
> +-- In Apache something like this can be used:
> +--
> +--AuthType Basic
> +--AuthName Protected area
> +--AuthUserFile users.htpasswd
> +--Require valid-user
> +--
> +-- For anonymous access a public username can be set in environment config.
> +-- In Apache, using mod_env:
> +--
> +--SetEnv REMOTE_USER gitweb
> +--
> +-- Gitolite requires HOME environment variable to work properly and point to 
> valid Gitolite
> +-- environment. Since the user, under which web server process runs, usually 
> does not have
> +-- this set, HOME should be explicitly configured and pointed to valid 
> gitolite setup.
> +-- In Apache, using mod_env:
> +--
> +--SetEnv HOME /path/to/gitolite/home
> +
> +
> +local git = {}
> +local http = {}
> +local repos = {}
> +local action = nil
> +
> +function action_init()
> + -- Anonymous access, cancel repo list building
> + if git.user == nil or git.user == "" then return end
> + 
> + local handle = io.popen("gitolite list-phy-repos | gitolite access % " 
> .. git.user .. " R any")
> + 
> + while true do
> + local repo = handle:read()
> + if repo == nil then break end
> + 
> + -- Skip DENIED repos
> + if not string.find(repo, "DENIED") then
> + -- Gitolite returns string: \t\t
> + -- We are interested only in the first field for now
> + -- Append .git extension since Gitolite does not and 
> cgit repo name has it
> + local name = string.sub(repo, 0, string.find(repo, 
> "\t") - 1) .. ".git"
> + repos[name] = 1 -- Authorize flag is > 0
> + end
> + end
> + 
> + handle:close()
> +end
> +
> +function action_filter()
> + -- Return > 0 if access is authorized
> + return repos[git.repo]
> +end
> +
> +local actions = {}
> +actions["init"] = action_init;
> +actions["filter"] = action_filter;
> +
> +function filter_open(...)
> + action = actions[select(1, ...)]
> + 
> + git["repo"] = select(2, ...)
> + git["user"] = select(3, ...)
> + 
> + http["server"] = select(4, ...)
> + http["path"] = select(5, ...)
> +end
> +
> +function filter_close()
> + return action()
> +end
> +
> diff --git a/scan-tree.c b/scan-tree.c
> index e17bca9..7490e74 100644
> --- a/scan-tree.c
> +++ b/scan-tree.c
> @@ -74,6 +74,14 @@ static char *xstrrchr(char *s, char *from, int c)
>   return from < s ? NULL : from;
>  }
>  
> +static int open_project_filter(const char *action, const char *repo) {
> + return cgit_open_filter(ctx.cfg.project_filter, action, repo,
> + ctx.env.remote_user ? ctx.env.remote_user : "",
> + ctx.env.server_name ? ctx.env.server_name : "",
> + ctx.env.path_info ? ctx.env.path_info : ""
> + );
> +}
> +
>  static void add_repo(const char *base, struct strbuf *path, repo_config_fn 
> fn)
>  {
>   struct stat st;
> @@ -115,6 +123,11 @@ static void add_repo(const char *base, struct strbuf 
> *path, repo_config_fn fn)
>   else if (rel.len && rel.buf[rel.len - 1] == '/')
>   strbuf_setlen(, rel.len - 1);
>  
> + if(ctx.cfg.project_filter) {
> + if(open_project_filter("filter", rel.buf)) return;
> + if(cgit_close_filter(ctx.cfg.project_filter) < 1) return;
> + }
> +
>   repo = cgit_add_repo(rel.buf);
>   config_fn = fn;
>   if (ctx.cfg.enable_git_config) {
> @@ -261,6 +274,11 @@ void scan_projects(const char *path, const char 
> *projectsfile, repo_config_fn fn
>  
>  void scan_tree(const char *path, repo_config_fn fn)
>  {
> + if (ctx.cfg.project_filter) {
> + open_project_filter("init", path);
> + cgit_close_filter(ctx.cfg.project_filter);
> + }
> +
>   if (ctx.cfg.project_list) {
>   scan_projects(path, ctx.cfg.project_list, fn);
>   return;
> -- 
> 2.1.4
> 
> ___
> CGit mailing list
> CGit@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/cgit


signature.asc
Description: Digital signature