How to make git push work with nginx (basic auth) behind nginx reverse proxy (HTTPS)?
The problem was in the frontend syntax. I had to change:
proxy_pass http://mybackend:8081/git$1;
to the correct:
proxy_pass http://mybackend:8081/git$1$is_args$args;
or alternatively:
proxy_pass http://mybackend:8081$request_uri;
Thanks, Will!
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I like to have a git server on a computer (backend) without direct internet access. There should be basic authentication. The access should be available by means of a reverse proxy (frontend) on another computer, that does SSL/HTTPS. Both are running Debian 7 stable (wheezy + wheezy-backports for nginx and git).
So far everything (=
git clone
) works butgit push
:$ git push --set-upstream origin master Username for 'https://myfrontend:443': myusername Password for 'https://myusername@myfrontend:443': error: Cannot access URL https://myserver:443/git/gittest.git/, return code 22 fatal: git-http-push failed
The error message in the backend nginx log is:
2014/04/01 01:00:00 [error] 27000#0: *7 no user/password was provided for basic authentication, client: myfrontend, server: mybackend, request: "PROPFIND /git/gittest.git/ HTTP/1.0", host: "myfrontend"
It seems that the basic auth works for
clone
, but not forpush
.The nginx config of the frontend is:
server { listen 443; server_name myfrontend; resolver 127.0.0.1; charset UTF-8; # root /var/www/; index index.html; # ssl on; ssl_certificate /etc/ssl/certs/myfronted.crt; ssl_certificate_key /etc/ssl/private/myfrontend.key; # ssl_session_timeout 5m; # ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; # location ~ /git(/.*) { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://mybackend:8081/git$1; proxy_set_header X-Forwarded-Proto https; proxy_set_header REMOTE_USER $remote_user; } }
The nginx config for the backend is:
server { listen 8081; server_name mybackend; root /var/www; charset UTF-8; # location ~ /git(/.*) { auth_basic "Restricted"; auth_basic_user_file /var/lib/git/.htpasswd; dav_methods PUT DELETE MKCOL COPY MOVE; dav_ext_methods PROPFIND OPTIONS; create_full_put_path on; # fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT /var/lib/git; fastcgi_param PATH_INFO $1; fastcgi_param DOCUMENT_ROOT /usr/lib/git-core/; fastcgi_pass unix:/var/run/fcgiwrap.socket; include fastcgi_params; } }
The git config on the backend server is:
[core] repositoryformatversion = 0 filemode = true bare = true [http] receivepack = true [gitweb] owner = My Name
Is there another, maybe simpler way to serve git on the backend side? Maybe without nginx or without fcgiwrap? I would, however, like to survive without Apache...
Many thanks in advance!