server {
    listen                [::]:80;
    server_name           @sitesubd@;
    return                301 https://$server_name$request_uri;
}

server {
    listen                [::]:443;
    server_name           @sitesubd@;
    root                  /srv/www/htdocs;

    # legacy (bookmarked) /cgit.git addresses
    location /cgit.cgi {
        rewrite           ^/cgit.cgi(/.*)$ $1 last;
    }

    # git-http-backend: initial clone GET request
    location ~ ^(/namespace)?/(.+?)/info(/.*)?$ {
        try_files         $uri @git_http_backend;
    }

    # git-http-backend: clone POST request
    location ~ ^(/namespace)?/(.+?)/git-upload-pack {
        try_files         $uri @git_http_backend;
    }

    # otherwise, cgit
    location / {
        try_files         $uri @cgit;
    }

    location @git_http_backend {
        include           uwsgi_params;
        uwsgi_modifier1   9;
        uwsgi_pass        unix:/run/uwsgi/git.socket;

        uwsgi_param       HTTP_HOST             $server_name;
        uwsgi_param       GIT_PROJECT_ROOT      /srv/git;
        uwsgi_param       PATH_INFO             $uri;
        uwsgi_param       GIT_HTTP_EXPORT_ALL   "";
    }

    location @cgit {
        include           uwsgi_params;
        uwsgi_modifier1   9;
        uwsgi_pass        unix:/run/uwsgi/cgit.socket;

        uwsgi_param       HTTP_HOST       $server_name;
        uwsgi_param       CGIT_CONFIG     /etc/cgit.d/cgitrc.@sitezone@;
        uwsgi_param       SCRIPT_FILENAME $document_root/cgit.cgi;
        uwsgi_param       PATH_INFO       $uri;
        uwsgi_param       QUERY_STRING    $args;
    }

    ssl_certificate           /srv/webroot/@sitezone@/ssl/fullchain.pem;
    ssl_certificate_key       /srv/webroot/@sitezone@/ssl/privkey.pem;
    ssl_trusted_certificate   /srv/webroot/@sitezone@/ssl/chain.pem;

    include conf.d/ssl_params;
}