-
-
Save kierdwyn/3745400e6a184f621b92 to your computer and use it in GitHub Desktop.
Nginx git smart http protocol (git-http-backend) configuration with basic authentication. Need the support of fcgiwrap.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example nginx + git HTTP Smart mode (git-http-backend) + HTTP Authentication + HTTPS redirect | |
| # Forked from jeroen@massar.ch - http://jeroen.massar.ch | |
| # Preparation: you need to install and configure fcgiwrap and set it to listen at fcgiwrap.socket. | |
| # An example tutorial: https://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-centos-6.0-p2 | |
| # A useful hint: add -f as a parameter to fcgiwrap to redirect the cgi errors to your nginx error log. | |
| server { | |
| listen 80; | |
| server_name git.example.com; | |
| # Redirect all non-HTTPS traffic to the HTTPS variant | |
| return 301 https://$host$request_uri; | |
| } | |
| server { | |
| listen 443; | |
| server_name git.example.com; | |
| # The root here have nothing to do with your git repository path. | |
| root /www/example/; | |
| index index.html; | |
| access_log /var/log/nginx/git.example.com.log; | |
| error_log /var/log/nginx/git.example.com_error.log info; | |
| # Turn on ssl and set ssl params | |
| ssl on; | |
| ssl_certificate /etc/nginx/ssl-bundle-git.crt; | |
| ssl_certificate_key /etc/nginx/server.key; | |
| # Create .htpasswd by | |
| # sudo htpasswd -c /srv/websites/.htpasswd username | |
| # Note that this will replace existed .htpasswd file. | |
| auth_basic "Restricted"; | |
| auth_basic_user_file /www/.htpasswd; | |
| # Match by regex, case sensitive. This will match URL with .git in. | |
| # For example: git.example.com/someRepo.git/info/refs... | |
| # Change this pattern to suit your needs. | |
| # If you see PROPFIND in your access log then your request is not processed by git-http-backend. | |
| # This may because your url didn't match the pattern, | |
| # therefore all content inside the location block is not reached. | |
| location ~ \.git { | |
| # Set chunks to unlimited, as the body's can be huge | |
| client_max_body_size 0; | |
| include fastcgi_params; | |
| fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; | |
| fastcgi_param GIT_HTTP_EXPORT_ALL ""; | |
| fastcgi_param GIT_PROJECT_ROOT /srv/git; | |
| fastcgi_param PATH_INFO $uri; | |
| # Forward REMOTE_USER as we want to know when we are authenticated | |
| fastcgi_param REMOTE_USER $remote_user; | |
| fastcgi_pass unix:/var/run/fcgiwrap.socket; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment