From 73b9aa3d22d5696366839873d0f8e9c54cd44444 Mon Sep 17 00:00:00 2001 From: Christian Date: Thu, 14 May 2026 20:50:26 -0500 Subject: Support reverse proxy deployment and general container improvements --- .gitignore | 1 + Caddyfile | 15 ++++++++++----- Dockerfile | 5 ++--- README.md | 29 ++++++++++++++++++++++++++--- supervisord.conf | 4 ++++ 5 files changed, 43 insertions(+), 11 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ceb2b98 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +CLAUDE.md diff --git a/Caddyfile b/Caddyfile index 125cf2b..ad6f1ca 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,4 +1,10 @@ -{$SITE_ADDRESS:localhost} +{ + servers { + trusted_proxies static private_ranges + } +} + +{$SITE_ADDRESS::80} @assets path /cgit.css /cgit.js /cgit.png /favicon.ico /robots.txt handle @assets { @@ -7,8 +13,7 @@ handle @assets { } reverse_proxy unix//var/run/fgciwrap.sock { - transport fastcgi { - env SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi - } + transport fastcgi { + env SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi + } } - diff --git a/Dockerfile b/Dockerfile index 8a17307..c62cb30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,9 @@ -FROM alpine +FROM alpine:3.21 WORKDIR /root COPY Caddyfile . COPY supervisord.conf . COPY entrypoint.sh . COPY cgitrc.template /etc/ -RUN apk add --no-cache cgit git caddy fcgiwrap supervisor py3-markdown py3-pygments envsubst; \ - envsubst < /etc/cgitrc.template > /etc/cgitrc +RUN apk add --no-cache cgit git caddy fcgiwrap supervisor py3-markdown py3-pygments envsubst CMD ["supervisord", "-c", "supervisord.conf"] ENTRYPOINT ["./entrypoint.sh"] diff --git a/README.md b/README.md index 8ca3065..b666b8c 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,13 @@ ### Docker compose -Bind mount your git repos to `/repos` and a data folder to `/root/.local/share/caddy`. -The only environment variable is `SITE_ADDRESS`. If unset then localhost will be used (which you can't really use since the certs are inside the container). +Bind mount your git repos to `/repos`. + +The `SITE_ADDRESS` environment variable is passed directly to Caddy as the site address. If unset, defaults to `:80` (plain HTTP, no TLS). + +### Standalone (Caddy handles TLS) + +Mount a data folder to `/root/.local/share/caddy` to persist certificates. services: cgit: @@ -17,4 +22,22 @@ The only environment variable is `SITE_ADDRESS`. If unset then localhost will be - ~/repos:/repos - ./data:/root/.local/share/caddy environment: - SITE_ADDRESS: git.soltermann.xyz + SITE_ADDRESS: git.example.com + +### Behind a reverse proxy + +Leave `SITE_ADDRESS` unset (defaults to `:80`). Bind the port to localhost only and let the external proxy handle TLS. + + services: + cgit: + build: ./cgit + ports: + - "127.0.0.1:8080:80" + volumes: + - ~/repos:/repos + +Then in your external Caddyfile: + + git.example.com { + reverse_proxy localhost:8080 + } diff --git a/supervisord.conf b/supervisord.conf index 953aa5e..fb52d5e 100644 --- a/supervisord.conf +++ b/supervisord.conf @@ -7,8 +7,12 @@ user=root command=caddy run --config /root/Caddyfile stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 [program:git_frontend] command=fcgiwrap -s unix:/var/run/fgciwrap.sock stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 -- cgit v1.2.3