setup http/https git server on nginx via git-http-backend
Precondition
sudo apt-get install nginx fcgiwrap git apache2-utils
Set up https server
First, please setup your https server by your self.
You can refer to my guide
git-http-backend
git-http-backend is a Server side implementation of Git over HTTP.
/usr/lib/git-core/git-http-backend
Set Up Password Authentication file for your git server
We can get a password with MD5-based password algorithm, Apache variant via openssl passwd command.
You can add a username to the file using this command. We are using sammy as our username, but you can use whatever name you'd like:
sudo sh -c "echo -n 'sammy:' >> .gitpasswd"
Next, add an encrypted password entry for the username by typing:
sudo sh -c "openssl passwd -apr1 >> .gitpasswd"
You can repeat this process for additional usernames. You can see how the usernames and encrypted passwords are stored within the file by typing:
cat .gitpasswd
Output
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1
Or We can use The htpasswd utility, found in the apache2-utils package, serves this function well.
Let's add a new user kimmy via htpasswd, below is command line.
htpasswd -c .gitpasswd kimmy
cat .gitpasswd
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1
kimmy:$apr1$sBPFn6ek$L8Ta2LkiuXzi7bQZUqUlq0
http/https nginx conf
cat /etc/nginx/sites-enabled/git.errong.win.conf
server {
listen 80;
listen [::]:80;
server_name git.errong.win;
auth_basic "Restricted";
auth_basic_user_file /home/errong_leng/.gitpasswd;
location ~ (/.*) {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /home/errong_leng/www/git;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $uri;
}
}
cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.errong.win;
ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;
auth_basic "Restricted";
auth_basic_user_file /home/errong_leng/.gitpasswd;
location ~ (/.*) {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /home/errong_leng/www/git;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $uri;
}
}
OK, nginx server config is done, just reload it.(sudo nginx -s reload)
Now it is time to set up git repository under the root(/home/errong_leng/www/git)
Set up git repository
$ cd www/git/
$ mkdir helloworld.git
$ cd helloworld.git/
$ git --bare init
Initialized empty Git repository in /home/errong_leng/www/git/helloworld.git/
$ cp hooks/post-update.sample hooks/post-update
$ chmod a+x hooks/post-update
$ chmod a+w . -R
Now, We can git clone and push to the respository on remote machine via http/https protocol.
git clone helloworld.git
git clone https://git.errong.win/helloworld.git
Cloning into 'helloworld'...
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
warning: You appear to have cloned an empty repository.
Checking connectivity... done.
git push helloworld.git
git push origin master
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
Counting objects: 3, done.
Writing objects: 100% (3/3), 205 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://git.errong.win/helloworld.git
- [new branch] master -> master