Fix $uri bug in writeups/cgit/cgit.mdHEADmaster

Regex capture groups returned from Nginx's `set` directive are not
"normalized". As a result, the cgit backend was getting undecoded
PATH_INFO, rendering some files with special characters inaccessible
and some web crawlers recursively accessing broken links(%25252525 ...)

- https://serverfault.com/questions/832040/how-can-i-block-all-head-requests-to-urls-that-contain-a-substring-on-apache
- https://nginx.org/en/docs/http/ngx_http_core_module.html#var_uri

1 files changed, 7 insertions, 10 deletions

diff --git a/writeups/cgit/cgit.md b/writeups/cgit/cgit.md
index 8bd4c19..362a295 100644
--- a/writeups/cgit/cgit.md
+++ b/writeups/cgit/cgit.md
@@ -188,27 +188,24 @@ location /cgit {
         gzip                    on;
 
         # not required for subdomain
-        if ( $uri ~* ^/cgit(/.*)?$ ) {
-                set $uri_new $1;
-        }
+        rewrite ^/git$ /git/ permanent;
+        rewrite ^/git/(.*)?$ /$1 break;
 
         include             fastcgi_params;
         fastcgi_param       SCRIPT_FILENAME /var/www/cgi-bin/cgit;
-        # change to $uri if subdomain
-        fastcgi_param       PATH_INFO       $uri_new;
+        fastcgi_param       PATH_INFO       $uri;
         fastcgi_param       QUERY_STRING    $args;
         fastcgi_param       HTTP_HOST       $server_name;
         fastcgi_pass        unix:/run/fcgiwrap/fcgiwrap-cgit.sock;
 
         location ~ /cgit/.+/(info/refs|git-upload-pack) {
                 # not required for subdomain
-                if ( $uri ~* ^/cgit(/.*)?$ ) {
-                        set $uri_new $1;
-                }
+                rewrite ^/git$ /git/ permanent;
+                rewrite ^/git/(.*)?$ /$1 break;
+
                 include             fastcgi_params;
                 fastcgi_param       SCRIPT_FILENAME     /usr/libexec/git-core/git-http-backend;
-                # change to $uri if subdomain
-                fastcgi_param       PATH_INFO           $uri_new;
+                fastcgi_param       PATH_INFO           $uri;
                 fastcgi_param       GIT_HTTP_EXPORT_ALL 1;
                 fastcgi_param       GIT_PROJECT_ROOT    /srv/git;
                 fastcgi_param       HOME                /srv/git;