如何使用用户/密码通过 NGINX 通过 HTTP 服务 GIT?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6414227/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to serve GIT through HTTP via NGINX with user/password?
提问by Cyril N.
Despite all the links I've found on how to configure git/nginx to get my repos, I can't make them work.
尽管我找到了有关如何配置 git/nginx 以获取我的存储库的所有链接,但我无法让它们工作。
I followed this tutorial, Git repository over HTTP WebDAV with nginx, but the user/password restriction doesnt' work. Anyone can clone the repository.
我遵循了本教程,使用 nginx 通过 HTTP WebDAV 的 Git 存储库,但用户/密码限制不起作用。任何人都可以克隆存储库。
I'm from a configuration using SVN + Apache + DAV_SVN, with a file for password (created with htpasswd), and a file for the authz. I'd like to do the same, using git+nginx. How's that possible ?
我来自使用 SVN + Apache + DAV_SVN 的配置,带有一个密码文件(使用 htpasswd 创建)和一个用于 authz 的文件。我想做同样的事情,使用 git+nginx。这怎么可能?
Thanks for your help!
谢谢你的帮助!
回答by Mike Mackintosh
Take a look at the following article, http://www.toofishes.net/blog/git-smart-http-transport-nginx/
看看下面这篇文章,http://www.toofishes.net/blog/git-smart-http-transport-nginx/
It provides a sample nginx config:
它提供了一个示例 nginx 配置:
http {
...
server {
listen 80;
server_name git.mydomain.com;
location ~ /git(/.*) {
# fcgiwrap is set up to listen on this host:port
fastcgi_pass localhost:9001;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
# export all repositories under GIT_PROJECT_ROOT
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param PATH_INFO ;
}
}
}
What this does is pass your repo which is located after /git in the url, to /usr/lib/git-core/git-http-backend. Example, http://git.mydomain.com/git/someappwould point to the someapprepository. This repo would be located in /srv/git/someappas defined in the fastcgi_paramof GIT_PROJECT_ROOTand can be changed to fit your server.
这样做是将位于 url 中 /git 之后的存储库传递给/usr/lib/git-core/git-http-backend. 例如,http://git.mydomain.com/git/someapp将指向someapp存储库。此存储库将位于of 中/srv/git/someapp定义的位置fastcgi_param,GIT_PROJECT_ROOT并且可以更改以适合您的服务器。
This is very useful and you can apply HttpAuthBasicModuleto nginx to password protect your repo's access via HTTP.
这非常有用,您可以HttpAuthBasicModule向 nginx申请密码保护您的 repo 通过 HTTP 访问。
Edit:If you are missing git-http-backend, you can install the git-corepackage on Ubuntu/Debian or on RPM based platforms look at How can git be installed on CENTOS 5.5?
编辑:如果您丢失了git-http-backend,您可以git-core在 Ubuntu/Debian 或基于 RPM 的平台上安装该软件包,请查看如何在 CENTOS 5.5 上安装 git?
回答by Morgan Touverey Quilling
Here is a full configuration for Git over HTTP, with TLS encryption, Basic Auth, and GitWeb. I assume that the repositories' root is in /home/git. You should replace example.comwith your domain.
这是 Git over HTTP 的完整配置,带有 TLS 加密、基本身份验证和GitWeb。我假设存储库的根在/home/git. 您应该替换example.com为您的域。
# Remove this block if you don't want TLS
server {
listen 80;
server_name git.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl; # Replace 443 ssl by 80 if you don't want TLS
server_name git.example.com;
root /usr/share/gitweb; # Remove if you don't want Gitweb
error_log /home/git/nginx-error.log;
access_log /home/git/nginx-access.log;
# Remove ssl_* lines if you don't want TLS
ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# Remove auth_* if you don't want HTTP Basic Auth
auth_basic "example Git";
auth_basic_user_file /etc/nginx/.htpasswd;
# static repo files for cloning over https
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
root /home/git/;
}
# requests that need to go to git-http-backend
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
root /home/git/;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_PROJECT_ROOT $document_root;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
# Remove all conf beyond if you don't want Gitweb
try_files $uri @gitweb;
location @gitweb {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
include fastcgi_params;
}
}
You have to install Git, Gitweb and FastCgiWrap :
你必须安装 Git、Gitweb 和 FastCgiWrap :
sudo apt-get install git gitweb fcgiwrap
For TLS, I use Let's Encryptfree certificates.
对于 TLS,我使用Let's Encrypt免费证书。
sudo letsencrypt certonly -d git.example.com --rsa-key-size 4096
To access Gitweb, just browse to git.example.com. You will also need to configure it to set the repositories' root :
要访问 Gitweb,只需浏览到 git.example.com。您还需要对其进行配置以设置存储库的 root :
sudo vim /etc/gitweb.conf
In order to get HTTP Basic Auth, you have to use the htpasswdcommand to add users to /etc/nginx/.htpasswd:
为了获得 HTTP 基本身份验证,您必须使用以下htpasswd命令将用户添加到/etc/nginx/.htpasswd:
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd username
Remove the -cswitch the next time you run the command, because it only creates the file (Nginx doesn't have a .htpasswd file by default in its configuration directory).
-c下次运行命令时删除开关,因为它只创建文件(默认情况下,Nginx 的配置目录中没有 .htpasswd 文件)。
If you want something more complex, powerful, GitHub-like, check Gitlab.
如果你想要更复杂、更强大、类似于 GitHub 的东西,请查看Gitlab。
回答by neoedmund
Adding more details, we need 3 components: nginx, git-http-backendand fcgiwrap.
添加更多细节,我们需要 3 个组件:nginx、git-http-backend和fcgiwrap。
git-http-backendis a standalone excutable binary can be built from https://github.com/git/git. It's the official solution for handling git http/https access, I don't know if it is the best one that exists.- Nginx do not have a built-in general FastCGI server(or I failed to find how to use nginx's
fastcgi_bindcorrectly). So another fastcgi server should be used, likefcgiwarp( a good manual https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/) - Use
fastcgi_pass unix:/tmp/cgi.sock;in nginx config (reference to other answers)
git-http-backend是一个独立的可执行二进制文件,可以从https://github.com/git/git构建。这是处理git http/https访问的官方解决方案,不知道是不是目前最好的解决方案。- Nginx 没有内置的通用 FastCGI 服务器(或者我找不到如何
fastcgi_bind正确使用 nginx 的方法)。所以应该使用另一个 fastcgi 服务器,比如fcgiwarp(一个好的手册https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/) fastcgi_pass unix:/tmp/cgi.sock;在 nginx 配置中使用(参考其他答案)
==update==
==更新==
fastcgiis not a must, and git-http-backendis not write only for fastcgi, and fastcgi is not simplest nor performance one.
for examples, I wrote a servlet to interact between nginx and git-http-backend, using nginx's proxy_pass, it also works!
fastcgi不是必须的,git-http-backend也不是只为 fastcgi 编写的,fastcgi 不是最简单的也不是性能的。例如,我写了一个servlet来在nginx和git-http-backend之间进行交互,使用nginx的proxy_pass,它也可以工作!
