Example nginx + git HTTP Smart mode (git-http-backend) + HTTP Authentication + HTTPS redirect

server-git.conf

# Example nginx + git HTTP Smart mode (git-http-backend) + HTTP Authentication + HTTPS redirect
# jeroen@massar.ch - http://jeroen.massar.ch
 
server {
  listen  192.0.1.1:80;
  listen  [2001:db8::1]:80;
 
  # Redirect all non-HTTPS traffic to the HTTPS variant
  return 301 https://$host$request_uri;
}
 
server {
  listen  192.0.1.1:443;
  listen  [2001:db8::1]:443;
 
	root /www/empty/;
	index index.html;
 
	server_name git.example.com;
	access_log /var/log/nginx/access.log;
 
	#error_page 404 /404.html;
 
  # ... ssl params ...
 
	auth_basic            "Restricted";
	auth_basic_user_file  /www/htpasswd;
 
  location ~ /git(/.*) {
    # Set chunks to unlimited, as the body's can be huge
		client_max_body_size			0;
 
		fastcgi_param	SCRIPT_FILENAME		/usr/lib/git-core/git-http-backend;
		include		fastcgi_params;
		fastcgi_param	GIT_HTTP_EXPORT_ALL	"";
		fastcgi_param	GIT_PROJECT_ROOT	/git;
		fastcgi_param	PATH_INFO		$1;
	
		# Forward REMOTE_USER as we want to know when we are authenticated
		fastcgi_param	REMOTE_USER		$remote_user;
		fastcgi_pass	unix:/var/run/fcgiwrap.socket;
	}
}

👍

How to authenticate using auth server? Something like this https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/

@igor

How to authenticate using auth server? Something like this https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/

That could do the trick, don't forget to remove the auth_basic + auh_basic_user_file directives in that case.