How to run gitweb and git-http-backend with Nginx in Fedora

I’ve configured my own web frontend for git using gitweb and git-http-backend.

I wanted to use Nginx as the webserver, but unfortunately there was a piece of software missing: fcgiwrap.  It’s packaging is a work in progress, so I have packaged it myself and now it is available in this copr, so you can download it from there.

Install the needed packages:

# dnf copr enable jorti/fcgiwrap
# dnf install git gitweb nginx fcgiwrap

Create/edit these config files:

/etc/nginx/conf.d/git.conf:

server {
    listen [::]:80;
    listen 0.0.0.0:80;
    server_name git.example.com;

    access_log /var/log/nginx/git.example.com_access.log main;

    return 301 https://$server_name$request_uri;
}

server {
    listen [::]:443 ssl;
    listen 0.0.0.0:443 ssl;
    server_name git.example.com;

    access_log /var/log/nginx/git.example.com_access.log main;

    ssl_certificate /etc/pki/tls/certs/git.example.com-chain.crt;
    ssl_certificate_key /etc/pki/tls/private/git.example.com.key;

    root /var/www/git;

    client_max_body_size 100M;

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/htpasswd;

    # static repo files for cloning over https
    location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
        root /var/lib/git/;
    }

    # requests that need to go to git-http-backend
    location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
        root /var/lib/git;
        fastcgi_pass unix:/run/nginx/fcgiwrap.sock;
        fastcgi_param SCRIPT_FILENAME   /usr/libexec/git-core/git-http-backend;
        fastcgi_param PATH_INFO         $uri;
        fastcgi_param GIT_PROJECT_ROOT  /var/lib/git;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param REMOTE_USER $remote_user;
        include fastcgi_params;
    }

    # send anything else to gitweb if it's not a real file
    try_files $uri @gitweb;
    location @gitweb {
        fastcgi_pass unix:/run/nginx/fcgiwrap.sock;
        fastcgi_param SCRIPT_FILENAME   /var/www/git/gitweb.cgi;
        fastcgi_param PATH_INFO         $uri;
        fastcgi_param GITWEB_CONFIG     /etc/gitweb.conf;
        include fastcgi_params;
   }
}

/etc/gitweb.conf:

our $projectroot = "/var/lib/git";

our @git_base_url_list = qw(https://git.example.com);

/etc/systemd/system/fcgiwrap.socket:

[Unit]
Description=fcgiwrap Socket

[Socket]
SocketMode=0600
SocketUser=nginx
SocketGroup=nginx
ListenStream=/run/nginx/fcgiwrap.sock

[Install]
WantedBy=sockets.target

/etc/systemd/system/fcgiwrap.service:

[Unit]
Description=Simple CGI Server
After=nss-user-lookup.target

[Service]
ExecStart=/usr/sbin/fcgiwrap
User=apache
Group=apache

[Install]
Also=fcgiwrap.socket

Enable and start the services:

# systemctl daemon-reload
# systemctl enable fcgiwrap.socket nginx.service
# systemctl start fcgiwrap.socket nginx.service

We should create the directory /var/lib/git with write permissions for the apache user.

# mkdir -p /var/lib/git/myrepo.git
# cd /var/lib/git/myrepo.git
# git init --bare
# chown -R apache:apache /var/lib/git/myrepo.git

Inside myrepo.git you can create a file called description with the description that will appear in the web frontend.

You can clone your empty repository with:

git clone https://git.example.com/myrepo.git

Or you can push your existing repository to it:

git remote add origin https://git.example.com/myrepo.git
git push --set-upstream origin master

Note that I’ve protected the access with a basic authentication file which you can create with htpasswd -c /etc/nginx/htpasswd username

Advertisements

One thought on “How to run gitweb and git-http-backend with Nginx in Fedora”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s