# HTTP
server {
	listen 80;
	listen [::]:80;

	# CHANGE THIS to your domain
	server_name git.example.com;

	# redirect insecure connections to HTTPS
	location / {
		return 301 https://$host$request_uri;
	}
}

# HTTPS
server {
	# TLS
	listen 443 ssl;
	listen [::]:443 ssl;



	# CHANGE THIS to your domain
	server_name git.example.com;

	# CHANGE THIS to your certificate files
	ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem;



	### GIT OVER HTTP

	# change this if you need
	# code from https://github.com/ynohat/git-http-backend/blob/master/nginx.conf
	# Thank you, Anthony Hogg!
	location ~ /git(/.*) {
		# Set chunks to unlimited, as the bodies can be huge
		client_max_body_size            0;

		fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
		include fastcgi_params;
		fastcgi_param GIT_HTTP_EXPORT_ALL "";
		fastcgi_param GIT_PROJECT_ROOT /git;
		fastcgi_param PATH_INFO $1;

		# Forward REMOTE_USER as we want to know when we are authenticated
		fastcgi_param   REMOTE_USER     $remote_user;
		fastcgi_pass    unix:/run/fcgi.sock;
	}



	### SERVE PROJECT FILES

	# change this if you need
	root /var/www/git;

	# Add index.php to the list if you are using PHP
	index index.php;

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/run/php/php7.3-fpm.sock;
	}

	location ~* {
		try_files $uri $uri/ /index.php;
	}
}