Only encrypt critical gogs screens in order to allow http clone

src/freedombone

       echo 'and within the [server] section set:' >> /home/$MY_USERNAME/README
       echo "DOMAIN = $GIT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
       echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> /home/$MY_USERNAME/README
+      echo '' >> /home/$MY_USERNAME/README
+      echo "Note that there's a security compromise here." >> /home/$MY_USERNAME/README
+      echo "In order to allow git clone via http we don't redirect everything" >> /home/$MY_USERNAME/README
+      echo 'over https. Instead only critical things such as user login,' >> /home/$MY_USERNAME/README
+      echo 'settings and admin are encrypted.' >> /home/$MY_USERNAME/README
+      echo 'There are also potential security issues with cloning/pulling/pushing' >> /home/$MY_USERNAME/README
+      echo 'code over http, since a determined adversary could inject malware' >> /home/$MY_USERNAME/README
+      echo 'into the stream as it passes, so beware.' >> /home/$MY_USERNAME/README
+      echo 'If you have a bought domain and a non-self signed cert then you' >> /home/$MY_USERNAME/README
+      echo "should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https." >> /home/$MY_USERNAME/README
   fi
 
   echo "create database gogs;
   echo "    error_log /var/log/nginx/$GIT_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-  echo '    rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '    location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '    }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '    location ^~ /user/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '        rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '    }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '    location ^~ /admin/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '        rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '    }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-  echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+  echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '    location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
   echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME