server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name git.tyil.nl;

	ssl_certificate /etc/letsencrypt/live/git.tyil.nl/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/git.tyil.nl/privkey.pem;

	include /etc/nginx/snippets.d/certbot.conf;
	include /etc/nginx/snippets.d/ssl.conf;

	add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'" always;
	add_header Referrer-Policy "strict-origin-when-cross-origin" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-Frame-Options "SAMEORIGIN" always;

	root /usr/share/webapps/cgit/1.2.3-r100/htdocs;

	location / {
		try_files $uri @cgit;
	}

	location @cgit {
		include snippets.d/uwsgi.conf;

		gzip off;

		uwsgi_modifier1 9;
		#uwsgi_param PATH_INFO $fastcgi_path_info;

		uwsgi_pass 127.0.0.1:1234;
	}
}