Edited README, omitted /cgit.cgi/ from urls, added HTTP Basic Auth

9 files changed, 148 insertions, 54 deletions

diff --git a/Dockerfile b/Dockerfile
index 3190d9f..f510d84 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,14 @@
+#
+#
+# cgit Docker Container
+
 FROM rockylinux:9
-LABEL MAINTAINER="Lambda <lambda@disroot.org>"
+LABEL MAINTAINER="RATDAD <lambda@disroot.org>"
 
 # Update everything; install dependencies.
 RUN dnf -y update && dnf -y upgrade \
     && dnf install -y git gcc make openssl-devel zlib-devel zip \
-    highlight httpd \
+    highlight httpd pip \
     && dnf clean all
 
 # Install cgit.
@@ -20,12 +24,17 @@ RUN cd cgit \
 
 # Configure.
 ADD etc/cgitrc /etc/cgitrc
-ADD etc/httpd/httpd.conf /etc/httpd/conf/httpd.conf
+ADD etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf
+
+# Add helper scripts.
+COPY opt/ /opt
+RUN chmod +x /opt/*
 
-# Add custom syntax highlighting.
-COPY opt/highlight.sh  /opt/highlight.sh
+# Entrypoint.
+COPY ./entrypoint.sh /
+RUN chmod +x /entrypoint.sh
 
 # You SHOULD run this behind a reverse proxy.
 # Thus, 443 isn't being exposed.
 EXPOSE 80
-CMD [ "httpd", "-DFOREGROUND" ]
\ No newline at end of file
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/README.md b/README.md
index 36c70f2..2b82c84 100644
--- a/README.md
+++ b/README.md
@@ -1,25 +1,56 @@
 # cgit-docker
+cgit Docker container.  
+Scans for repos at `/srv/git`.
 
-### About
-cgit is a CGI web interface for git scm developed by the guy who created wireguard. You can read more on the cgit project [here](https://git.zx2c4.com/cgit/about).  
-  
-There's no official docker container for cgit. However, this will you to easily deploy it.
+## Running the Container
+```bash
+docker pull ratdad/cgit
+docker run --name cgit -d -p 80:80 -v git/repo/location:/srv/git 
+```
 
-### Installation
-You can use Docker Compose to create an instance of the server.
+You can optionally run with HTTP Basic Auth with these options.
+```bash
+docker run --name cgit -d -p 80:80 -v git/repo/location:/srv/git -e HTTP_AUTH_PASSWORD=pass HTTP_AUTH_USER=user
+``` 
 
+## Docker Compose
+You can use Docker Compose to create an instance of the server.
 ```yaml
+#
+#
+# cgit-docker compose example
+
 name: 'cgit-docker'
 
 services:
   cgit:
     container_name: cgit-docker
-    image: ratdad/cgit-docker:latest
+    build:
+      context: .
+      dockerfile: Dockerfile
+    # You can also use the pre-built containers hosted at ghcr and docker
+    # image: ghcr.io/bigratdad/cgit-docker:latest
+    # image: ratdad/cgit-docker:latest
+    env_file:
+      - .env
     ports:
       - 80:80
     volumes:
-      - ./etc/httpd/conf/httpd.conf:/etc/httpd/conf/httpd.conf # apply custom httpd config
-      - ./etc/cgitrc:/etc/cgitrc # apply custom cgit runtime config
-      - ./opt/highlight.sh:/opt/highlight.sh # use a custom highlight script
-      - ./srv/git/:/srv/git # mount the dir cgit reads for repositories
+      - ./etc/httpd/conf/httpd.conf:/etc/httpd/conf/httpd.conf # you may want to change the httpd config on the server
+      - ./etc/cgitrc:/etc/cgitrc # you can (and should) bind your own cgitrc
+      - ./opt/:/opt # put your helper scripts in /opt
+      - ./srv/git/:/srv/git # bind the location of your git repos to /srv/git in the container
 ```
+
+## Configuration
+There are several areas you may want to configure on this server.
+
+### Runtime Configuration
+Runtime configuration is done via a `cgitrc` file placed in `/etc/cgitrc` on the container. If you're using a compose file, you should be able to bind your own `cgitrc` file to that location. See [cgitrc(5)](https://linux.die.net/man/5/cgitrc) for more details on how to write this file for your specific use case.
+
+### Apache Web Server
+This container runs Apache Web Server. I made this decision because it's one of the few http servers that has built support for Common Gateway Interface. 
+
+**To configure**, just mount your custom `httpd.conf` to `/etc/httpd/conf/httpd.conf` inside the container. Just keep in mind that cgit is compiled to serve its files in `/srv/www/htdocs/cgit/` and not the default location of `/var/www/htdocs/cgit/` as the documentation states. This is a decision I made deliberately because `/srv/` is where server files should go.
+
+
diff --git a/cgit.conf b/cgit.conf
index 7fef75d..0a031e1 100644
--- a/cgit.conf
+++ b/cgit.conf
@@ -1,7 +1,8 @@
-##
-## cgit Compiler Options
-## This will be included by the Makefile upon compilation
+#
+#
+# cgit Compiler Options
+# This will be included by the Makefile upon compilation.
 
-## Use the standard dir for serving web content
+# Use the standard dir for serving web content.
 CGIT_SCRIPT_PATH = /srv/www/htdocs/cgit/
 CGIT_CONFIG = /etc/cgitrc
diff --git a/compose.yml b/compose.yml
index aca365f..4eea970 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,17 +1,21 @@
 #
 #
 # cgit-docker compose example
-
-name: 'cgit-docker'
-
 services:
   cgit:
-    container_name: cgit-docker
-    image: ratdad/cgit-docker:latest
+    build:
+      context: .
+      dockerfile: Dockerfile
+    # You can also use the pre-built containers hosted at ghcr and docker.
+    # image: ghcr.io/bigratdad/cgit:latest
+    # image: ratdad/cgit:latest
+    env_file:
+      - .env
     ports:
       - 80:80
     volumes:
-      - ./etc/httpd/conf/httpd.conf:/etc/httpd/conf/httpd.conf # apply custom httpd config
-      - ./etc/cgitrc:/etc/cgitrc # apply custom cgit runtime config
-      - ./opt/highlight.sh:/opt/highlight.sh # use a custom highlight script
-      - ./srv/git/:/srv/git # mount the dir cgit reads for repositories
+      # - ./favicon.ico:/srv/www/htdocs/cgit/favicon.ico # custom favicon
+      # - ./cgit.css:/srv/www/htdocs/cgit/cgit.css # custom cgit.css
+      - ./etc/httpd/conf/httpd.conf:/etc/httpd/conf/httpd.conf # You may want to change the httpd config on the server.
+      - ./etc/cgitrc:/etc/cgitrc # You can (and should) bind your own cgitrc.
+      - ./srv/git/:/srv/git # Bind the location of your git repos to /srv/git in the container.
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..a5eadf1
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+/opt/auth.sh
+httpd -DFOREGROUND
\ No newline at end of file
diff --git a/etc/cgitrc b/etc/cgitrc
index dad2e2a..6d04348 100644
--- a/etc/cgitrc
+++ b/etc/cgitrc
@@ -1,30 +1,39 @@
 #
+#
 # cgit Runtime Configuration
 # see cgitrc(5) for details
 
 #
-# General options
-root-title=Git Repository Browser
-root-desc=a fast webinterface for the git dscm
+# Global Settings
 robots=noindex, nofollow
-scan-path=/srv/git
+snapshots=tar.gz tar.bz2 zip
 source-filter=/opt/highlight.sh
 
 #
-# Site options
+# Site Settings
 enable-index-links=1
 enable-remote-branches=1
 enable-log-filecount=1
 enable-log-linecount=1
 enable-git-config=1
-snapshots=tar.gz tar.bz2 zip
 
 #
-# Cache
+# Cache Settings
 cache-root=/var/cache/cgit
 cache-size=1000
 
 #
+# List of common mimetypes
+#
+mimetype.gif=image/gif
+mimetype.html=text/html
+mimetype.jpg=image/jpeg
+mimetype.jpeg=image/jpeg
+mimetype.pdf=application/pdf
+mimetype.png=image/png
+mimetype.svg=image/svg+xml
+
+#
 # Search for these files in the root of the default branch of repos.
 # This will determine the "about" page for the repo.
 readme=:README.md
@@ -55,3 +64,7 @@ readme=:INSTALL.txt
 readme=:install.txt
 readme=:INSTALL
 readme=:install
+
+# NOTE: According to the cgit mailing list, these options should go last.
+virtual-root=/
+scan-path=/srv/git
\ No newline at end of file
diff --git a/etc/httpd/conf/httpd.conf b/etc/httpd/conf/httpd.conf
index d99bd92..3b6da71 100644
--- a/etc/httpd/conf/httpd.conf
+++ b/etc/httpd/conf/httpd.conf
@@ -1,20 +1,35 @@
-##
-## Apache Server Configuration
-##
+#
+#
+# Apache Server Configuration
 
 ServerRoot /etc/httpd
 
 #
-# Load Standard Modules
+# Load Modules
 LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule logio_module modules/mod_logio.so
 LoadModule mime_magic_module modules/mod_mime_magic.so
 LoadModule mime_module modules/mod_mime.so
-LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
-LoadModule cgi_module modules/mod_cgi.so
 LoadModule dir_module modules/mod_dir.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+
+# Load CGI Module
+<IfModule !mpm_prefork_module>
+   LoadModule cgid_module modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_prefork_module>
+   LoadModule cgi_module modules/mod_cgi.so
+</IfModule>
+
+# And Basic Auth Modules
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authz_user_module modules/mod_authz_user.so
 
 #
 # Server config
@@ -25,21 +40,26 @@ EnableSendFile on
 AddDefaultCharset UTF-8
 TypesConfig /etc/mime.types
 MIMEMagicFile conf/magic
+AddHandler cgi-script .cgi
 
+# Always wear protection.
 <Directory />
     Require all denied
 </Directory>
 
-DocumentRoot "/srv/www/htdocs/cgit"
+# NOTE: Alias matcher MUST end in /, not /cgit.cgi. It WILL break otherwise.
+# ALSO: "cgitrc must have a virtual-root=/".
+# Remove /cgit.cgi/ from url paths.
+ScriptAlias "/" "/srv/www/htdocs/cgit/cgit.cgi/"
 <Directory "/srv/www/htdocs/cgit/">
     DirectoryIndex cgit.cgi
-    AddHandler cgi-script .cgi
     AllowOverride None
-    Options +ExecCGI -FollowSymLinks
+    Options +ExecCGI +FollowSymLinks
+    SetHandler cgi-script
     Require all granted
 </Directory>
 
-# Future proof
+# Deny access to .htaccess/.htpasswd
 <Files ".ht">
     Require all denied
 </Files>
\ No newline at end of file
diff --git a/opt/auth.sh b/opt/auth.sh
new file mode 100644
index 0000000..6d87868
--- /dev/null
+++ b/opt/auth.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Check if we're enabling basic auth.
+if [ "$HTTP_AUTH_PASSWORD" != "" ]; then
+    echo "AuthType Basic
+AuthName \"CGit\"
+AuthUserFile /srv/www/htdocs/cgit/.htpasswd
+Require valid-user" > /srv/www/htdocs/cgit/.htaccess
+htpasswd  -c -b /srv/www/htdocs/cgit/.htpasswd $HTTP_AUTH_USER $HTTP_AUTH_PASSWORD
+fi
\ No newline at end of file
diff --git a/opt/highlight.sh b/opt/highlight.sh
index 13e8ae6..d9e0ace 100644
--- a/opt/highlight.sh
+++ b/opt/highlight.sh
@@ -1,23 +1,25 @@
-## This is for syntax highlighting
-# Get the name of the file and the extension of it
+#
+#
+# Syntax Highlighting
+# You should mount your own (most likely better) syntax script here.
+
 BASENAME="$1"
 EXTENSION="${BASENAME##*.}"
 
 [ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt
 [ -z "${EXTENSION}" ] && EXTENSION=txt
 
-# Makefile and Makefile.* are all .mk
 [ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk
 
-# User note: highlight v2 and v3 have different command options
-# -X is replaced by "-O xhtml" in v3
+# User note: highlight v2 and v3 have different command options.
+# -X is replaced by "-O xhtml" in v3.
 
 # If for whatever reason, this container is using EPEL5 (it shouldn't),
-# use the following line instead of the bottom line
+# use the following line instead of the bottom line.
 # exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
 
 # EPEL6 version with no inline css
 # exec highlight --force  -f -I -O xhtml -S "EXTENSION" 2>/dev/null
 
-# highlight v3 is available on EPEL6
+# highlight v3 is available on EPEL6.
 exec highlight --force --inline-css -f -I -O xhtml -S "EXTENSION" 2>/dev/null
\ No newline at end of file