#
#
# Apache Server Configuration

ServerRoot /etc/httpd

#
# Load Modules
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule dir_module modules/mod_dir.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule alias_module modules/mod_alias.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule expires_module modules/mod_expires.so
# And Basic Auth Modules
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_user_module modules/mod_authz_user.so
# Load CGI Module
<IfModule !mpm_prefork_module>
   LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
   LoadModule cgi_module modules/mod_cgi.so
</IfModule>

#
# Server config
Listen 80
ServerName localhost
EnableSendFile on
AddDefaultCharset UTF-8
TypesConfig /etc/mime.types
MIMEMagicFile conf/magic
AddHandler cgi-script .cgi

#
# Log Config
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
ErrorLog "logs/error_log"
ScriptLog logs/git-http-debug.log
CustomLog "logs/access_log" combined

#
# Git Smart HTTP Support (if enabled)
PassEnv GIT_HTTP_AUTH_FILE
IncludeOptional conf.d/git-http.conf

#
# Always wear protection.
<Directory />
    Require all granted
</Directory>

#
# ALSO: cgitrc must have this: virtual-root=/
DocumentRoot "/srv/www/htdocs/cgit"
<Directory "/srv/www/htdocs/cgit">
    Require all granted
    # -Indexes here is not strictly necessary;
    # Added for good hygiene
    Options +ExecCGI -Indexes
    DirectoryIndex cgit.cgi
    AllowOverride All

    RewriteEngine On
    
    # Hard stop: never rewrite Git HTTP requests.
    RewriteRule ^.+/(git-upload-pack|git-receive-pack|info/refs)$ - [END]
    
    # Serve static files directly.
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule ^ - [END]

    # Let cgit handle everything else (and stay off my url).
    RewriteRule ^(.*)$ cgit.cgi/$1 [END]

    # Cache static assets
    ExpiresActive On
    <FilesMatch "\.(css|js|png|ico)$">
        ExpiresDefault "access plus 30 days"
        Header set Cache-Control "public, max-age=2592000, immutable"
    </FilesMatch>
</Directory>

# Deny access to .htaccess/.htpasswd.
<Files ".ht">
    Require all denied
</Files>