HTTP Git Server With Nginx on Debian 8

Published on: Thu, May 25, 2017 at 1:02 pm EST
Debian Linux Guides System Admin

Git is a version control system (VCS) that enables the tracking of changes in code. In this tutorial, we will walk through installing a HTTP(S) Git server, and adding username/password authentication.

Prerequisites

  • Debian 8 (Jessie).
  • Sudo.
  • Text editor of your choice (nano, vim).

Installing needed software

We will need nginx, git, fcgiwrap and apache httpd utils. Go ahead and type into the terminal.

sudo apt-get install nginx git fcgiwrap apache2-utils

dpkg will fail to install Nginx if another process (such as Apache) is already bound to port 80.

Creating the Git directory

Assuming you would want to create the git directory at /var/www/git, you would need to run the following commands:

mkdir /var/www/git
chown www-data:www-data /var/www/git # Make sure www-data (the user fastcgi runs) from has permissions.

Configuring Nginx

Now we need to configure Nginx to pass on Git traffic to Git. This can be added to the default config, a custom server {} at /etc/nginx/conf.d or /etc/nginx/sites-enabled.

The configuration file's parameters and directive must be added in the order in which they are listed below.

location ~ (/.*) {
    client_max_body_size 0; # Git pushes can be massive, just to make sure nginx doesn't suddenly cut the connection add this.
    auth_basic "Git Login"; # Whatever text will do.
    auth_basic_user_file "/var/www/git/htpasswd";
    include /etc/nginx/fastcgi_params; # Include the default fastcgi configs
    fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; # Tells fastcgi to pass the request to the git http backend executable
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    fastcgi_param GIT_PROJECT_ROOT /var/www/git; # /var/www/git is the location of all of your git repositories.
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $1; # Takes the capture group from our location directive and gives git that.
    fastcgi_pass  unix:/var/run/fcgiwrap.socket; # Pass the request to fastcgi
}

If you would like to have your git repositories at a sub-directory ie. http://your-domain.com/repos make the first line location ~ /repos(/.*) {, it's a regex.

Make sure the server_name directive in your server {} doesn't clash with anything else or else Nginx wont pass the request on.

Adding password authentication

Nginx accepts Apache htpasswd files, to create them, we will need to execute the following command:

htpasswd -c /var/www/git/htpasswd <your username>

You will be prompted to enter your password. To add more users, do:

htpasswd /var/www/git/htpasswd <another username>

One last step

Make sure to reload Nginx to apply all the changes by running:

sudo service nginx reload

You now have a private Git server! Enjoy.

(Optional) Make a script that initializes Git repositories

Please note that www-data (the user account that FastCGI runs under) must have read and write access to the Git repository, creating a script now saves headaches later on.

Open your script file ie. /var/www/git/gitinit.sh and paste the following:

#!/bin/sh
sudo -u www-data mkdir $1
cd $1
sudo -u www-data git init --bare

You can run the script like this:

cd /var/www/git
./gitinit.sh repo-name

Remember to allow execution by running:

chmod +x /var/www/git/gitinit.sh

Want to contribute ?

You could earn up to $300 by adding new articles