From e51e933661aad206a0379dae71795e4ed9938e16 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 27 Dec 2024 10:43:25 -0600
Subject: [PATCH] r/gitea: Serve kickstarts over HTTP

I want to use Gita as the canonical source for Anaconda kickstart
scripts.  There are certain situations, however, where they cannot be
accessed via HTTPS, such as on a Raspberry Pi without an RTC, since it
cannot validate the certificate without the correct time.  Thus, the
web server must not force an HTTPS redirect for these, but serve them
directly.
---
 roles/gitea/tasks/main.yml                |  2 ++
 roles/gitea/templates/gitea.httpd.conf.j2 | 34 ++++++++++++++---------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index 37b9b44..d0791c1 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -79,6 +79,8 @@
     dest: /etc/httpd/conf.d/gitea.conf
     mode: u=rw,go=r
   notify: reload httpd
+  tags:
+  - apache
 - name: ensure selinux allows apache to proxy for gitea
   seboolean:
     name=httpd_can_network_connect
diff --git a/roles/gitea/templates/gitea.httpd.conf.j2 b/roles/gitea/templates/gitea.httpd.conf.j2
index 90cd30b..dd0044f 100644
--- a/roles/gitea/templates/gitea.httpd.conf.j2
+++ b/roles/gitea/templates/gitea.httpd.conf.j2
@@ -1,7 +1,23 @@
-# vim: set ft=apache :
-RewriteEngine on
-RewriteCond %{HTTPS} !on
-RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+{#- vim: set ft=apache.jinja : -#}
+# vim: set sw=4 ts=4 sts=4 et :
+{% macro proxypass() -%}
+ProxyPreserveHost On
+ProxyRequests Off
+ProxyPass / http://localhost:3000/ nocanon
+ProxyPassReverse / http://localhost:3000/
+AllowEncodedSlashes NoDecode
+{%- endmacro -%}
+
+<VirtualHost _default_:80>
+    ServerName {{ gitea_http_domain }}
+
+    RewriteEngine on
+    RewriteCond %{HTTPS} !on
+    RewriteCond %{REQUEST_FILENAME} !\.ks$
+    RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+
+    {{ proxypass() | indent(4) }}
+</VirtualHost>
 
 <VirtualHost _default_:443>
     ServerName {{ gitea_http_domain }}
@@ -10,16 +26,8 @@ RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
     SSLCertificateKeyFile {{ gitea_ssl_certificate_key }}
     SSLCertificateChainFile {{ gitea_ssl_certificate }}
 
-    RewriteEngine On
-    RewriteCond %{HTTPS} !on
-    RewriteRule /.* https://%{SERVER_NAME}$0
-
     Header always set \
         Strict-Transport-Security "max-age=63072000; includeSubDomains"
 
-    ProxyPreserveHost On
-    ProxyRequests Off
-    ProxyPass / http://localhost:3000/ nocanon
-    ProxyPassReverse / http://localhost:3000/
-    AllowEncodedSlashes NoDecode
+    {{ proxypass() | indent(4) }}
 </VirtualHost>