setup http/https git server on nginx via git-http-backend

Precondition

sudo apt-get install nginx fcgiwrap git apache2-utils 

Set up https server

First, please setup your https server by your self.
You can refer to my guide

git-http-backend

git-http-backend is a Server side implementation of Git over HTTP.
/usr/lib/git-core/git-http-backend

Set Up Password Authentication file for your git server

We can get a password with MD5-based password algorithm, Apache variant via openssl passwd command.
You can add a username to the file using this command. We are using sammy as our username, but you can use whatever name you'd like:
sudo sh -c "echo -n 'sammy:' >> .gitpasswd" 
Next, add an encrypted password entry for the username by typing:
sudo sh -c "openssl passwd -apr1 >> .gitpasswd" 
You can repeat this process for additional usernames. You can see how the usernames and encrypted passwords are stored within the file by typing:
cat .gitpasswd 
Output
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1
Or We can use The htpasswd utility, found in the apache2-utils package, serves this function well.
Let's add a new user kimmy via htpasswd, below is command line.
htpasswd -c .gitpasswd kimmy 
cat .gitpasswd 
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1 
kimmy:$apr1$sBPFn6ek$L8Ta2LkiuXzi7bQZUqUlq0 

http/https nginx conf

cat /etc/nginx/sites-enabled/git.errong.win.conf
server {
    listen  80;
    listen [::]:80;
    server_name git.errong.win;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
    location ~ (/.*) {
        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
        include       fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /home/errong_leng/www/git;
        fastcgi_param REMOTE_USER         $remote_user;
        fastcgi_param PATH_INFO           $uri;
    }
}
cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
    location ~ (/.*) {
        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
        include       fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /home/errong_leng/www/git;
        fastcgi_param REMOTE_USER         $remote_user;
        fastcgi_param PATH_INFO           $uri;
    }
}
OK, nginx server config is done, just reload it.(sudo nginx -s reload)
Now it is time to set up git repository under the root(/home/errong_leng/www/git)

Set up git repository

$ cd www/git/ 
$ mkdir helloworld.git 
$ cd helloworld.git/ 
$ git --bare init 
Initialized empty Git repository in /home/errong_leng/www/git/helloworld.git/ 
$ cp hooks/post-update.sample hooks/post-update 
$ chmod a+x hooks/post-update 
$ chmod a+w . -R 
Now, We can git clone and push to the respository on remote machine via http/https protocol.

git clone helloworld.git

git clone https://git.errong.win/helloworld.git
Cloning into 'helloworld'...
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

git push helloworld.git

git push origin master
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
Counting objects: 3, done.
Writing objects: 100% (3/3), 205 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://git.errong.win/helloworld.git
  • [new branch] master -> master

No comments:

Post a Comment

fixed: embedded-redis: Unable to run on macOS Sonoma

Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.la...