Set up gitweb server on nginx

Precondition

please setup your git server via git-http-backend on nginx.

Setup gitweb conf

sudo apt-get install gitweb 
/etc/gitweb.conf is Gitweb (Git web interface) configuration file
The default project root is /usr/lib/git.
Here, I changed to my own path.
our $projectroot = "/home/errong_leng/www/git";

Change nginx conf

cat /etc/nginx/sites-enabled/git.errong.win.conf
server {
    listen  80;
    listen [::]:80;
    server_name git.errong.win;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
 location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
  root /home/errong_leng/www/git;
  fastcgi_pass unix:/var/run/fcgiwrap.socket;
  fastcgi_param SCRIPT_FILENAME   /usr/lib/git-core/git-http-backend;
  fastcgi_param PATH_INFO         $uri;
  fastcgi_param GIT_PROJECT_ROOT  /home/errong_leng/www/git;
  fastcgi_param GIT_HTTP_EXPORT_ALL "";
  fastcgi_param REMOTE_USER $remote_user;
  include fastcgi_params;
 }
 location /index.cgi {
  root /usr/share/gitweb;
  include fastcgi_params;
  gzip off;
  fastcgi_param SCRIPT_NAME $uri;
  fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
  fastcgi_pass unix:/var/run/fcgiwrap.socket;
 }
 location / {
  root /usr/share/gitweb;
  index index.cgi;
 }
}
cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
 location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
  root /home/errong_leng/www/git;
  fastcgi_pass unix:/var/run/fcgiwrap.socket;
  fastcgi_param SCRIPT_FILENAME   /usr/lib/git-core/git-http-backend;
  fastcgi_param PATH_INFO         $uri;
  fastcgi_param GIT_PROJECT_ROOT  /home/errong_leng/www/git;
  fastcgi_param GIT_HTTP_EXPORT_ALL "";
  fastcgi_param REMOTE_USER $remote_user;
  include fastcgi_params;
 }
 location /index.cgi {
  root /usr/share/gitweb;
  include fastcgi_params;
  gzip off;
  fastcgi_param SCRIPT_NAME $uri;
  fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
  fastcgi_pass unix:/var/run/fcgiwrap.socket;
    }
 location / {
  root /usr/share/gitweb;
  index index.cgi;
 }
}
Restart nginx server.

gitweb done

git.errong.win

errors handle

If your gitweb server can't work.
You can check the error log to analysis the cause.
cat /var/log/nginx/error.log
In my case, I encountered below errors.
It turned out that my system did not install perl module for CGI and HTML::Entities.
I installed them manually from sources.
Download CGI source
Download HTML::Entities source
I have a post for this. Install perl module from source
2018/06/13 04:35:36 [error] 28827#28827: *6986 FastCGI sent in stderr: "Can't locate CGI.pm in @INC (you may nee
d to install the CGI module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/sh
are/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/s
hare/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /usr/share/gitweb/index.cgi li
ne 13.
BEGIN failed--compilation aborted at /usr/share/gitweb/index.cgi line 13" while reading response header from ups
tream, client: 58.213.161.114, server: git.errong.win, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var
/run/fcgiwrap.socket:", host: "git.errong.win"
2018/06/13 04:35:36 [error] 28827#28827: *6986 upstream prematurely closed FastCGI stdout while reading response
 header from upstream, client: 58.213.161.114, server: git.errong.win, request: "GET / HTTP/1.1", upstream: "fas
tcgi://unix:/var/run/fcgiwrap.socket:", host: "git.errong.win"


2018/06/13 04:58:03 [error] 28827#28827: *7008 FastCGI sent in stderr: "[Wed Jun 13 04:58:03 2018] index.cgi: Ca
n't locate HTML/Entities.pm in @INC (you may need to install the HTML::Entities module) (@INC contains: /etc/per
l /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 
/usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_
64-linux-gnu/perl-base .) at /usr/local/share/perl/5.22.1/CGI.pm line 2219" while reading response header from u
pstream, client: 58.213.161.114, server: git.errong.win, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/v
ar/run/fcgiwrap.socket:", host: "git.errong.win"
2018/06/13 04:58:30 [error] 28827#28827: *7010 FastCGI sent in stderr: "[Wed Jun 13 04:58:30 2018] index.cgi: Ca
n't locate HTML/Entities.pm in @INC (you may need to install the HTML::Entities module) (@INC contains: /etc/per
l /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 
/usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_
64-linux-gnu/perl-base .) at /usr/local/share/perl/5.22.1/CGI.pm line 2219" while reading response header from u
pstream, client: 210.94.41.89, server: git.errong.win, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var
/run/fcgiwrap.socket:", host: "git.errong.win"

Install Perl module on ubuntu

Install by cpan

cpan -i foo
Replace foo with the module name you want to install.

Install from source

Search the module on cpan.org
Download the source.
Let's use HTML::Entities for example.
You will get your search url:
http://search.cpan.org/~gaas/HTML-Parser-3.72/lib/HTML/Entities.pm
The source url will be:
http://www.cpan.org/authors/id/G/GA/GAAS/HTML-Parser-3.72.tar.gz

Make and install perl module

  tar -xvf HTML-Parser-3.72.tar.gz   
  cd HTML-Parser-3.72/ 
  perl Makefile.PL
  make
  sudo make install 

setup http/https git server on nginx via git-http-backend

Precondition

sudo apt-get install nginx fcgiwrap git apache2-utils 

Set up https server

First, please setup your https server by your self.
You can refer to my guide

git-http-backend

git-http-backend is a Server side implementation of Git over HTTP.
/usr/lib/git-core/git-http-backend

Set Up Password Authentication file for your git server

We can get a password with MD5-based password algorithm, Apache variant via openssl passwd command.
You can add a username to the file using this command. We are using sammy as our username, but you can use whatever name you'd like:
sudo sh -c "echo -n 'sammy:' >> .gitpasswd" 
Next, add an encrypted password entry for the username by typing:
sudo sh -c "openssl passwd -apr1 >> .gitpasswd" 
You can repeat this process for additional usernames. You can see how the usernames and encrypted passwords are stored within the file by typing:
cat .gitpasswd 
Output
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1
Or We can use The htpasswd utility, found in the apache2-utils package, serves this function well.
Let's add a new user kimmy via htpasswd, below is command line.
htpasswd -c .gitpasswd kimmy 
cat .gitpasswd 
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1 
kimmy:$apr1$sBPFn6ek$L8Ta2LkiuXzi7bQZUqUlq0 

http/https nginx conf

cat /etc/nginx/sites-enabled/git.errong.win.conf
server {
    listen  80;
    listen [::]:80;
    server_name git.errong.win;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
    location ~ (/.*) {
        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
        include       fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /home/errong_leng/www/git;
        fastcgi_param REMOTE_USER         $remote_user;
        fastcgi_param PATH_INFO           $uri;
    }
}
cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
    location ~ (/.*) {
        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
        include       fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /home/errong_leng/www/git;
        fastcgi_param REMOTE_USER         $remote_user;
        fastcgi_param PATH_INFO           $uri;
    }
}
OK, nginx server config is done, just reload it.(sudo nginx -s reload)
Now it is time to set up git repository under the root(/home/errong_leng/www/git)

Set up git repository

$ cd www/git/ 
$ mkdir helloworld.git 
$ cd helloworld.git/ 
$ git --bare init 
Initialized empty Git repository in /home/errong_leng/www/git/helloworld.git/ 
$ cp hooks/post-update.sample hooks/post-update 
$ chmod a+x hooks/post-update 
$ chmod a+w . -R 
Now, We can git clone and push to the respository on remote machine via http/https protocol.

git clone helloworld.git

git clone https://git.errong.win/helloworld.git
Cloning into 'helloworld'...
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

git push helloworld.git

git push origin master
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
Counting objects: 3, done.
Writing objects: 100% (3/3), 205 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://git.errong.win/helloworld.git
  • [new branch] master -> master

setup https server via An ACME Shell script on nginx

I will give every detail steps when I setup https server for https://git.errong.win.
You can refer as a guide.

acme.sh

acme.sh is probably the easiest & smartest shell script toautomatically issue & renew the free certificates from Let's Encrypt.
Install the shell script via guide

http server nginx conf

First, let's setup a http server first via nginx.
After you installed nginx, the simple way to setup a http server is to add a conf file under /etc/nginx/sites-enabled/ folder.
cat /etc/nginx/sites-enabled/git.errong.com.conf
server {
    listen       80;
    listen       [::]:80;
    server_name  git.errong.com;

    location / {
        root   html;
        index  index.html index.htm;
    }
}
Reload nginx via sudo nginx -s reload

issue free certificates

sudo acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /home/errong_leng/www/git --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com
[Wed Jun 13 01:51:07 UTC 2018] Single domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting domain auth token for each domain
server {
[Wed Jun 13 01:51:07 UTC 2018] Getting webroot for domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting new-authz for domain='git.errong.win'
[Wed Jun 13 01:51:08 UTC 2018] The new-authz request is ok.
[Wed Jun 13 01:51:08 UTC 2018] Verifying:git.errong.win
[Wed Jun 13 01:51:11 UTC 2018] Success
[Wed Jun 13 01:51:11 UTC 2018] Verify finished, start to sign.
[Wed Jun 13 01:51:12 UTC 2018] Cert success.

[Wed Jun 13 01:51:12 UTC 2018] Your cert is in  /etc/letsencrypt/git.errong.win/git.errong.win.cer 
[Wed Jun 13 01:51:12 UTC 2018] Your cert key is in  /etc/letsencrypt/git.errong.win/git.errong.win.key 
[Wed Jun 13 01:51:12 UTC 2018] The intermediate CA cert is in  /etc/letsencrypt/git.errong.win/ca.cer 
[Wed Jun 13 01:51:12 UTC 2018] And the full chain certs is there:  /etc/letsencrypt/git.errong.win/fullchain.cer 
[Wed Jun 13 01:51:12 UTC 2018] Run reload cmd: nginx -s reload
[Wed Jun 13 01:51:12 UTC 2018] Reload success
Ok. We have ssl certificates now.
ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer; 
ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key; 

https server nginx conf

cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    location / {
        root   html;
        index  index.html index.htm;
    }
}
 
Now. everything is ready.
Just reload nginx server.
You will find http://git.errong.win and https://git.errong.win work welll now.
Remind :
please replace the server name "git.errong.win" to yours.

Samba add user for share

add user

sudo smbpasswd -a USER
sudo smbpasswd -e USER

set up share path

/etc/samba/smb.conf
[USER] 
       comment = USER home 
       path = /home/USER 
       writeable = yes 
       public=yes 
       browseable = yes 
       create mode = 776 
       force directory mode = 776 

restart samba service

sudo systemctl restart smbd.service
sudo systemctl restart nmbd.service

if still can't access, then check below config

/etc/samba/smb.conf
[global]    hosts allow = #add your IP here 
restart samba service again, it should work now.

Fix issue : grunt init failed with error Couldn't find match for "

Issue

PS D:\Ghost> grunt init
Running "update_submodules:pinned" (update_submodules) task

Running "subgrunt:init" (subgrunt) task
yarn install v1.7.0
[1/5] Validating package.json...
[2/5] Resolving packages...
[3/5] Fetching packages...
warning Pattern ["glob@latest"] is trying to unpack in the same destination "C:\\Users\\lenger\\AppData\\Local\\Yarn\\Ca
che\\v1\\npm-glob-7.1.2-c19c9df9a028702d678612384a6552404c636d15" as pattern ["glob@^7.0.5","glob@^7.0.5","glob@^7.1.0",
"glob@^7.0.4","glob@^7.1.2","glob@^7.0.3","glob@^7.0.3","glob@^7.0.0","glob@7.1.2","glob@^7.0.3"]. This could result in
non-deterministic behavior, skipping.
error Couldn't find match for "8dc6b689903c9363ade94e2e4d21c94813bbbe98" in "refs/heads/master,refs/heads/node-4-compat,
refs/tags/v0.0.1,refs/tags/v0.0.2,refs/tags/v0.0.3,refs/tags/v0.1.0,refs/tags/v0.1.1" for "https://github.com/kevinansfi
eld/eslint-plugin-sort-imports-es6-autofix.git".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
Warning: Failed installing node modules in "core/client". Use --force to continue.

Aborted due to warnings.

Solution

find -name "yarn.lock" | xargs rm -f 
then grunt init again
grunt init 

Transfer your ghost server between hosts

Assume you have a ghost server ran at a host machine.
Oneday the host machine maybe out of space or you find a new cheap host,
or you have a new host that have power memory and performance.
Then you may need to transfer your ghost server to another new host.

tar your ghost server to a *.tar.gz

//blog is my ghost server root directory
$cd www/blog
$tar -zcvf blog.tar.gz blog
copy the blog.tar.gz to the new host

preinstall on new host

nginx
sudo apt-get install nginx
node.js
https://nodejs.org/en/download/
extract and add node bin path to env
ghost
npm i -g ghost-cli 
acme.sh
https://github.com/Neilpang/acme.sh

configure on new host

tar cvf blog.tar.gz 

nginx conf

sudo ln -sf blog/system/files/blog.conf /etc/nginx/sites-available/blog.conf
sudo ln -sf /etc/nginx/sites-available/blog.conf /etc/nginx/sites-enabled/blog.conf

start http server

ghost start 
if you encounter systemd error, just follow the hint command(ghost linuxuser systemd) by ghost
and run ghost start again.
Before you start your ghost server, you should change the DNS record for your server. Since you changed host, the IP would changed.

enable https server via letsencrypt

sudo ln -sf blog/system/files/blog-ssl.conf /etc/nginx/sites-available/blog-ssl.conf
sudo ln -sf /etc/nginx/sites-available/blog-ssl.conf /etc/nginx/sites-enabled/blog-ssl.conf
acme.sh --issue --home /etc/letsencrypt --domain errong.win --webroot /home/errong_leng/www/blog/system/nginx-root --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com

http nginx conf

server {
    listen 80;
    listen [::]:80;

    server_name errong.win;
    root /home/errong_leng/www/blog/system/nginx-root;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:6666;
        
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

https nginx conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name errong.win;
    root /home/errong_leng/www/blog/system/nginx-root;

    ssl_certificate /etc/letsencrypt/errong.win/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/errong.win/errong.win.key;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:6666;
        
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

fixed: embedded-redis: Unable to run on macOS Sonoma

Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.la...