I’ve configured my own web frontend for git using gitweb and git-http-backend.
I wanted to use Nginx as the webserver, but unfortunately there was a piece of software missing: fcgiwrap. It’s packaging is a work in progress, so I have packaged it myself and now it is available in this copr, so you can download it from there.
Install the needed packages:
# dnf copr enable jorti/fcgiwrap # dnf install git gitweb nginx fcgiwrap
Create/edit these config files:
/etc/nginx/conf.d/git.conf:
server {
listen [::]:80;
listen 0.0.0.0:80;
server_name git.example.com;
access_log /var/log/nginx/git.example.com_access.log main;
return 301 https://$server_name$request_uri;
}
server {
listen [::]:443 ssl;
listen 0.0.0.0:443 ssl;
server_name git.example.com;
access_log /var/log/nginx/git.example.com_access.log main;
ssl_certificate /etc/pki/tls/certs/git.example.com-chain.crt;
ssl_certificate_key /etc/pki/tls/private/git.example.com.key;
root /var/www/git;
client_max_body_size 100M;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd;
# static repo files for cloning over https
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
root /var/lib/git/;
}
# requests that need to go to git-http-backend
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
root /var/lib/git;
fastcgi_pass unix:/run/nginx/fcgiwrap.sock;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_PROJECT_ROOT /var/lib/git;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
# send anything else to gitweb if it's not a real file
try_files $uri @gitweb;
location @gitweb {
fastcgi_pass unix:/run/nginx/fcgiwrap.sock;
fastcgi_param SCRIPT_FILENAME /var/www/git/gitweb.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
include fastcgi_params;
}
}
/etc/gitweb.conf:
our $projectroot = "/var/lib/git";
our @git_base_url_list = qw(https://git.example.com);
/etc/systemd/system/fcgiwrap.socket:
[Unit]
Description=fcgiwrap Socket
[Socket]
SocketMode=0600
SocketUser=nginx
SocketGroup=nginx
ListenStream=/run/nginx/fcgiwrap.sock
[Install]
WantedBy=sockets.target
/etc/systemd/system/fcgiwrap.service:
[Unit]
Description=Simple CGI Server
After=nss-user-lookup.target
[Service]
ExecStart=/usr/sbin/fcgiwrap
User=apache
Group=apache
[Install]
Also=fcgiwrap.socket
Enable and start the services:
# systemctl daemon-reload
# systemctl enable fcgiwrap.socket nginx.service
# systemctl start fcgiwrap.socket nginx.service
We should create the directory /var/lib/git with write permissions for the apache user.
# mkdir -p /var/lib/git/myrepo.git
# cd /var/lib/git/myrepo.git
# git init --bare
# chown -R apache:apache /var/lib/git/myrepo.git
Inside myrepo.git you can create a file called description with the description that will appear in the web frontend.
You can clone your empty repository with:
git clone https://git.example.com/myrepo.git
Or you can push your existing repository to it:
git remote add origin https://git.example.com/myrepo.git
git push --set-upstream origin master
Note that I’ve protected the access with a basic authentication file which you can create with htpasswd -c /etc/nginx/htpasswd username