Skip to content

Instantly share code, notes, and snippets.

@kierdwyn
Forked from massar/server-git.conf
Last active March 17, 2024 22:49
Show Gist options
  • Save kierdwyn/3745400e6a184f621b92 to your computer and use it in GitHub Desktop.
Save kierdwyn/3745400e6a184f621b92 to your computer and use it in GitHub Desktop.
Nginx git smart http protocol (git-http-backend) configuration with basic authentication. Need the support of fcgiwrap.
# Example nginx + git HTTP Smart mode (git-http-backend) + HTTP Authentication + HTTPS redirect
# Forked from jeroen@massar.ch - http://jeroen.massar.ch
# Preparation: you need to install and configure fcgiwrap and set it to listen at fcgiwrap.socket.
# An example tutorial: https://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-centos-6.0-p2
# A useful hint: add -f as a parameter to fcgiwrap to redirect the cgi errors to your nginx error log.
server {
listen 80;
server_name git.example.com;
# Redirect all non-HTTPS traffic to the HTTPS variant
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name git.example.com;
# The root here have nothing to do with your git repository path.
root /www/example/;
index index.html;
access_log /var/log/nginx/git.example.com.log;
error_log /var/log/nginx/git.example.com_error.log info;
# Turn on ssl and set ssl params
ssl on;
ssl_certificate /etc/nginx/ssl-bundle-git.crt;
ssl_certificate_key /etc/nginx/server.key;
# Create .htpasswd by
# sudo htpasswd -c /srv/websites/.htpasswd username
# Note that this will replace existed .htpasswd file.
auth_basic "Restricted";
auth_basic_user_file /www/.htpasswd;
# Match by regex, case sensitive. This will match URL with .git in.
# For example: git.example.com/someRepo.git/info/refs...
# Change this pattern to suit your needs.
# If you see PROPFIND in your access log then your request is not processed by git-http-backend.
# This may because your url didn't match the pattern,
# therefore all content inside the location block is not reached.
location ~ \.git {
# Set chunks to unlimited, as the body's can be huge
client_max_body_size 0;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param PATH_INFO $uri;
# Forward REMOTE_USER as we want to know when we are authenticated
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment