diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Caddyfile | 15 | ||||
| -rw-r--r-- | Dockerfile | 5 | ||||
| -rw-r--r-- | README.md | 29 | ||||
| -rw-r--r-- | supervisord.conf | 4 |
5 files changed, 43 insertions, 11 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ceb2b98 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +CLAUDE.md @@ -1,4 +1,10 @@ -{$SITE_ADDRESS:localhost} +{ + servers { + trusted_proxies static private_ranges + } +} + +{$SITE_ADDRESS::80} @assets path /cgit.css /cgit.js /cgit.png /favicon.ico /robots.txt handle @assets { @@ -7,8 +13,7 @@ handle @assets { } reverse_proxy unix//var/run/fgciwrap.sock { - transport fastcgi { - env SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi - } + transport fastcgi { + env SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi + } } - @@ -1,10 +1,9 @@ -FROM alpine +FROM alpine:3.21 WORKDIR /root COPY Caddyfile . COPY supervisord.conf . COPY entrypoint.sh . COPY cgitrc.template /etc/ -RUN apk add --no-cache cgit git caddy fcgiwrap supervisor py3-markdown py3-pygments envsubst; \ - envsubst < /etc/cgitrc.template > /etc/cgitrc +RUN apk add --no-cache cgit git caddy fcgiwrap supervisor py3-markdown py3-pygments envsubst CMD ["supervisord", "-c", "supervisord.conf"] ENTRYPOINT ["./entrypoint.sh"] @@ -4,8 +4,13 @@ ### Docker compose -Bind mount your git repos to `/repos` and a data folder to `/root/.local/share/caddy`. -The only environment variable is `SITE_ADDRESS`. If unset then localhost will be used (which you can't really use since the certs are inside the container). +Bind mount your git repos to `/repos`. + +The `SITE_ADDRESS` environment variable is passed directly to Caddy as the site address. If unset, defaults to `:80` (plain HTTP, no TLS). + +### Standalone (Caddy handles TLS) + +Mount a data folder to `/root/.local/share/caddy` to persist certificates. services: cgit: @@ -17,4 +22,22 @@ The only environment variable is `SITE_ADDRESS`. If unset then localhost will be - ~/repos:/repos - ./data:/root/.local/share/caddy environment: - SITE_ADDRESS: git.soltermann.xyz + SITE_ADDRESS: git.example.com + +### Behind a reverse proxy + +Leave `SITE_ADDRESS` unset (defaults to `:80`). Bind the port to localhost only and let the external proxy handle TLS. + + services: + cgit: + build: ./cgit + ports: + - "127.0.0.1:8080:80" + volumes: + - ~/repos:/repos + +Then in your external Caddyfile: + + git.example.com { + reverse_proxy localhost:8080 + } diff --git a/supervisord.conf b/supervisord.conf index 953aa5e..fb52d5e 100644 --- a/supervisord.conf +++ b/supervisord.conf @@ -7,8 +7,12 @@ user=root command=caddy run --config /root/Caddyfile stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 [program:git_frontend] command=fcgiwrap -s unix:/var/run/fgciwrap.sock stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 |