# Example nginx + git HTTP Smart mode (git-http-backend) + HTTP Authentication + HTTPS redirect # Forked from jeroen@massar.ch - http://jeroen.massar.ch # Preparation: you need to install and configure fcgiwrap and set it to listen at fcgiwrap.socket. # An example tutorial: https://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-centos-6.0-p2 # A useful hint: add -f as a parameter to fcgiwrap to redirect the cgi errors to your nginx error log. server { listen 80; server_name git.example.com; # Redirect all non-HTTPS traffic to the HTTPS variant return 301 https://$host$request_uri; } server { listen 443; server_name git.example.com; # The root here have nothing to do with your git repository path. root /www/example/; index index.html; access_log /var/log/nginx/git.example.com.log; error_log /var/log/nginx/git.example.com_error.log info; # Turn on ssl and set ssl params ssl on; ssl_certificate /etc/nginx/ssl-bundle-git.crt; ssl_certificate_key /etc/nginx/server.key; # Create .htpasswd by # sudo htpasswd -c /srv/websites/.htpasswd username # Note that this will replace existed .htpasswd file. auth_basic "Restricted"; auth_basic_user_file /www/.htpasswd; # Match by regex, case sensitive. This will match URL with .git in. # For example: git.example.com/someRepo.git/info/refs... # Change this pattern to suit your needs. # If you see PROPFIND in your access log then your request is not processed by git-http-backend. # This may because your url didn't match the pattern, # therefore all content inside the location block is not reached. location ~ \.git { # Set chunks to unlimited, as the body's can be huge client_max_body_size 0; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT /srv/git; fastcgi_param PATH_INFO $uri; # Forward REMOTE_USER as we want to know when we are authenticated fastcgi_param REMOTE_USER $remote_user; fastcgi_pass unix:/var/run/fcgiwrap.socket; } }