cgit with nginx on CentOS

Today I've set cgit on this server, but the more software I configure, the more cumbersome it would be to switch to another system: there already are XMPP, all the email business, some websites, Gopher server, IRC bouncer, and some helper things. So, I'd better be more active in writing these things down as notes.

Alternatively, one could write, for instance, ansible roles. It may be nice, but they would require more maintenance, would be less handy to read and adapt, and would depend on ansible (or other configuration management system, in case of a different choice). Another seemingly nice approach is "literate devops" with org, though perhaps less useful when it's mostly about configuration file editing. And apparently Nix can be handy for that as well.

cgit supports CGI, nginx supports FastCGI, so fcgiwrap should be installed. Most of the configuration goes into nginx, that's what I'm using (/etc/nginx/conf.d/git.conf):

server {
    listen 80;
    listen [::]:80;
    server_name git.uberspace.net;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name git.uberspace.net;

    ssl_certificate /etc/letsencrypt/live/git.uberspace.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/git.uberspace.net/privkey.pem;

    access_log /var/log/nginx/git_access_log main;
    error_log /var/log/nginx/git_error_log info;

    root /usr/share/cgit;
    try_files             $uri @cgit;

    location ~ ^/cgit-data/(.*)$ {
        alias /usr/share/cgit/$1;
    }

    location @cgit {
      include             /etc/nginx/fastcgi_params;
      fastcgi_param       SCRIPT_FILENAME /var/www/cgi-bin/cgit;
      fastcgi_param       PATH_INFO       $uri;
      fastcgi_pass        unix:/var/run/fcgiwrap.socket;
    }
}

It's partly borrowed from ArchWiki, just adapted for CentOS and for this system in particular. repoquery -l cgit had assisted in finding /var/www/cgi-bin/cgit. That's with default /etc/nginx/fastcgi_params from epel's nginx package.

/etc/cgitrc only required to add virtual-root=/ (as ArchWiki suggested) to fix some paths, otherwise the configuration is straightforward. The highlight-based highlighting is rather poor and buggy/wrong, seems to be better without it.

To get one more LE certificate (it already was mostly set, as letsencrypt user – instead of the root user, which certbot used by default):

sudo -u letsencrypt certbot certonly --webroot \
        -w /usr/share/nginx/uberspace -d git.uberspace.net

And I've changed the CSS so that it doesn't hurt my eyes when used with a browser without color overriding: cgit-uberspace.css (+ result).

See also: