Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Installing Git and Cgit to Debian NGINX server (with smart http and authentication on push)
# Just some notes on enabling smart http with nginx as well as authentication on push for repos
# install git, cgit and apache2-utils (for authentication)
apt install git cgit apache2-utils fcgiwrap
# create a git user
adduser git
su git
mkdir .ssh && chmod 700 .ssh
touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys
# append ssh keys to the authorized keys file
# change back to root user
# As root, create location to store repos and change permissions
mkdir -p /srv/git
ln -s /srv/git /git # optional but I like it so the repos are available on /git if you're ssh cloning
cd /srv
chown -R git:git git/
# Configuring nginx
# /etc/nginx/git-http-backend.conf
fastcgi_pass unix:/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param PATH_INFO $1;
fastcgi_param REMOTE_USER $remote_user;
# /etc/nginx/sites-available/
server {
access_log /var/log/nginx/cgit-access.log;
error_log /var/log/nginx/cgit-error.log debug;
root /usr/share/cgit;
try_files $uri @cgit;
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
fastcgi_param DOCUMENT_ROOT /usr/lib/git-core;
fastcgi_pass unix:/run/fcgiwrap.socket;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
if ($arg_service = git-receive-pack) {
rewrite (/.*) /git_write/$1 last;
if ($uri ~ ^/.*/git-receive-pack$) {
rewrite (/.*) /git_write/$1 last;
if ($arg_service = git-upload-pack) {
rewrite (/.*) /git_read/$1 last;
if ($uri ~ ^/.*/git-upload-pack$) {
rewrite (/.*) /git_read/$1 last;
listen [::]:80 ;
listen 80 ;
location ~ /git_read/(.*) {
include git-http-backend.conf;
# require auth to upload
location ~ /git_write/(.*) {
auth_basic "Pushing to Git repositories is restricted";
auth_basic_user_file /etc/nginx/htpasswd;
include git-http-backend.conf;
# enable the configuration
ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/
# Create an http user (with write access)
htpasswd -c /etc/nginx/htpasswd username # where username is the username you want to use for auth
# configure cgit accordingly at
# /etc/cgitrc
# Create your repository
su git
cd /srv/git
mkdir myrepo.git
cd myrepo.git
git init --bare
# As root update permissions to be able to push via http
chown -R git:www-data /srv/git/
chmod -R ug+rwX /srv/git/
# To configure the git:// protocol
# /etc/systemd/system/git-daemon.service
Description=Start Git Daemon
ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/
# enable and start the unit
systemctl enable --now git-daemon.service
# You will then want to create a git-daemon-export-ok file inside all of the repos you want git-daemon to check
cd /srv/git/myrepo.git/
touch git-daemon-export-ok
# Finally, allow port 9418 for git:// protocol (as root)
ufw allow 9418
Copy link

This is good! Thanks!

Copy link

@RobbiNespu Thank you! I hope it was useful for you

Copy link

Thanks, it helps me a lot. 😘

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment