# HTTP
<VirtualHost *:80>
	# CHANGE THIS to your domain
	ServerName example.com

	# redirect insecure connections to HTTPS
	Redirect permanent / https://example.com/
</VirtualHost>

# HTTPS
<VirtualHost *:443>
	# CHANGE THIS to your domain
	ServerName example.com



	### TLS
	SSLEngine on

	# CHANGE THIS to your certificate files
	SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem"
	SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"



	### GIT OVER HTTP

	# change this if you need
	SetEnv GIT_PROJECT_ROOT /srv/git

	SetEnv GIT_HTTP_EXPORT_ALL
	SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

	ScriptAliasMatch \
		"(?x)^/(.*/(HEAD | \
		info/refs | \
		objects/(info/[^/]+ | \
		0-9a-f]{2}/[0-9a-f]{38} | \
		pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
		git-(upload|receive)-pack))$" \
		"/usr/libexec/git-core/git-http-backend/$1"

	# change this if you need
	Alias /git /srv/git

	<Directory /usr/libexec/git-core>
		Options	+ExecCGI -MultiViews +SymLinksIfOwnerMatch
		AllowOverride None
		Require all granted
	</Directory>

	<Files "git-http-backend">
		AuthType Basic
		AuthName "Git Access"

		# change this if you need
		AuthUserFile /srv/git/.htpasswd
		Require expr !(%{QUERY_STRING} -strmatch '*service=git-receive-pack*' || %{REQUEST_URI} =~ m#/git-receive-pack$#)
		Require valid-user
	</Files>



	### SERVE PROJECT FILES

	# change this if you need
	DocumentRoot "/var/www/git"

	# change this if you need
	<Directory /var/www/git>
		Options FollowSymLinks
		AllowOverride All

		<IfModule mod_rewrite.c>
			Options -MultiViews +SymLinksIfOwnerMatch

			RewriteEngine On
			RewriteCond %{REQUEST_FILENAME} !-f
			RewriteRule ^(.*)$ index.php/$1 [L,NC]
		</IfModule>
		<Files config.ini>
			order allow,deny
			deny from all
		</Files>
	</Directory>
</VirtualHost>