server {
	include sourcehut.conf;
	include port80.conf;
	server_name git.localtest.me;

	client_max_body_size 100M;

	location / {
		proxy_pass http://srhts:5001;
		include headers.conf;
		add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always;
		include web.conf;
	}

	location /query {
		proxy_pass http://srhts:5101;
		include graphql.conf;
	}

	location /static {
		root /usr/lib/$python/site-packages/gitsrht;
		expires 30d;
	}

	location = /authorize {
		proxy_pass http://srhts:5001;
		proxy_pass_request_body off;
		proxy_set_header Content-Length "";
		proxy_set_header X-Original-URI $request_uri;
	}

	location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ {
		auth_request /authorize;
		root /var/lib/git;
		fastcgi_pass unix:/run/fcgiwrap/fcgiwrap.sock;
		fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
		fastcgi_param PATH_INFO $uri;
		fastcgi_param GIT_PROJECT_ROOT $document_root;
		fastcgi_read_timeout 500s;
		include fastcgi_params;
		gzip off;
	}
}