git on HTTP with gitolite and nginx

Question

I am trying to setup a server where my git repo would be accessible with HTTP(S).

I am using gitolite and nginx (and gitlab for web interface but I doubt it makes any difference).

I have searched the whole afternoon and I think I'm stuck.

I have think I have understood that nginx needs fcgiwrap to work with gitolite, so I tried several configurations, but none of them work.

My repositories are at /home/git/repositories.

Here's the three nginx configurations I have tried.

1:

   location ~ /git(/.*) {
       gzip off;
       root /usr/lib/git-core;

       fastcgi_pass  unix:/var/run/fcgiwrap.socket;
       include /etc/nginx/fcgiwrap.conf;

       fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
       fastcgi_param DOCUMENT_ROOT /usr/lib/git-core/;
       fastcgi_param SCRIPT_NAME git-http-backend;

       fastcgi_param GIT_HTTP_EXPORT_ALL "";
       fastcgi_param GIT_PROJECT_ROOT /home/git/repositories;
       fastcgi_param PATH_INFO $1;
       #fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    }

Result:

> git clone http://myservername/projectname.git test/
Cloning into test...
fatal: http://myservername/projectname.git/info/refs not found: did you run git update-server-info on the server?

and

> git clone http://myservername/git/projectname.git test/
Cloning into test...
error: The requested URL returned error: 502 while accessing http://myservername/git/projectname.git/info/refs
fatal: HTTP request failed

2:

   location ~ /git(/.*) {
        fastcgi_pass  localhost:9001;
        include       /etc/nginx/fcgiwrap.conf;
        fastcgi_param SCRIPT_FILENAME     /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /home/git/repositories;
        fastcgi_param PATH_INFO           $1;
    }

Result:

> git clone http://myservername/projectname.git test/
Cloning into test...
fatal: http://myservername/projectname.git/info/refs not found: did you run git update-server-info on the server?

and

> git clone http://myservername/git/projectname.git test/
Cloning into test...
error: The requested URL returned error: 502 while accessing http://myservername/git/projectname.git/info/refs
fatal: HTTP request failed

3:

location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
    root /home/git/repositories/;
  }

  location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
    root /home/git/repositories;

    fastcgi_pass unix:/var/run/fcgiwrap.socket;
    fastcgi_param SCRIPT_FILENAME   /usr/lib/git-core/git-http-backend;
    fastcgi_param PATH_INFO         $uri;
    fastcgi_param GIT_PROJECT_ROOT  /home/git/repositories;  
    include /etc/nginx/fcgiwrap.conf;
  }

Result:

> git clone http://myservername/projectname.git test/
Cloning into test...
error: The requested URL returned error: 502 while accessing http://myservername/projectname.git/info/refs
fatal: HTTP request failed

and

> git clone http://myservername/git/projectname.git test/
Cloning into test...
error: The requested URL returned error: 502 while accessing http://myservername/git/projectname.git/info/refs
fatal: HTTP request failed

Also note that with any of those configurations, when I try to clone with a project name that actually doesn't exist, I get a 502 error.

Does anyone already succeeded in doing this? What am I doing wrong?

Thanks.

UPDATE:

nginx error log file said:

2012/04/05 17:34:50 [crit] 21335#0: *50 connect() to unix:/var/run/fcgiwrap.socket failed (13: Permission denied) while connecting to upstream, client: 192.168.12.201, server: myservername, request: "GET /git/oct_editor.git/info/refs HTTP/1.1", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "myservername"

So I changed permissions for /var/run/fcgiwrap.socket, and now I have :

> git clone http://myservername/git/projectname.git test/
Cloning into test...
error: The requested URL returned error: 403 while accessing     http://myservername/git/projectname.git/info/refs
fatal: HTTP request failed

Here is the error.log file I have now:

2012/04/05 17:36:52 [error] 21335#0: *78 FastCGI sent in stderr: "Cannot chdir to script directory (/usr/lib/git-core/git/projectname.git/info)" while reading response header from upstream, client: 192.168.12.201, server: myservername, request: "GET /git/projectname.git/info/refs HTTP/1.1", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "myservername"

I keep on investigating.

Have user, under is running fastcgi process, rights to enter directory `/usr/lib/git-core/git/projectname.git/info`? — Jan Marek, Jul 26 '12 at 09:55
{ln -s /home/git /usr/lib/git-core/git} or set {{root /home;}} -but second could be security problem — Fantastory, Sep 23 '14 at 12:16

score 1 · Answer 1 · answered Apr 05 '12 at 16:10

Here is what I set in my Apache config (I know: not nginx, but still can help you):

SetEnv GIT_PROJECT_ROOT @H@/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GITOLITE_HTTP_HOME @H@
ScriptAlias /hgit/ @H@/gitolite/bin/gl-auth-command/
SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"

(with @H@ the path where .gitolite.rc and, in my case, the repositories are stored)

I don't see GITOLITE_HTTP_HOME and GIT_HTTP_BACKEND defined in your config.
See the full config here.

dorian · Answer 2 · 2021-12-07T13:52:03.933

Old question, but it popped up first when I was looking for this, so thought I'd post an answer to at least part of the problem.

I'll just refer to your attempt #1 for ease.

I think the main problem you're having here is this line:

fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;

What you're doing here is passing the request to the git backend, but I think you want to be passing it to the gitolite backend:

fastcgi_param SCRIPT_FILENAME /path/to/gitolite/base/gitolite/src/gitolite-shell;

So I think when you tried:

git clone http://myservername/projectname.git

Git happily looked for something, and couldn't find it (because you set git to the wrong location based on your server mappings). But when you tried:

git clone http://myservername/git/projectname.git

Git wasn't able to do anything, because gitolite owns the GIT_PROJECT_ROOT at that location in your nginx config.

You may also want to make the script available in the gitolite bin and direct nginx to it there---seems to be convention:

/path/to/gitolite/base/bin/gitolite-shell

Directing nginx to the gitolite backend will address your server error issue.

I'm now having a 'can't find the repository' error, but I think that's because my http basic auth users don't match up to my gitolite user permissions. If I can be bothered trying to address that, I'll update.

On that note, there is a potential second problem with your script if you're using basic authentication for this server (since you've just posted the config for the location and not the whole server). In that case, you need to pass the authenticated user to gitolite. You'd actually need to do this for a normal git setup too:

fastcgi_param REMOTE_USER $remote_user;

I should point out that this may also be related to my 'can't find the repository' issue, if gitolite requires something different in this respect than normal git. I suspect that gitolite might require this regardless of whether authentication is enabled or not, unless you can get anonymous access working for gitolite with nginx.

NB: I think there are multiple ways of passing the request to git or gitolite. So if you set http up for git, the following (that you've used) is often recommended and works:

fastcgi_param PATH_INFO $1;

But for gitolite, you see alternatives that are different. The most common is:

fastcgi_param PATH_INFO $fastcgi_path_info;

I am using the former, and as I said, it seems to work. But my problem might be that nginx is not passing the path properly (as opposed to a 'user' problem). Worth noting.

git on HTTP with gitolite and nginx

2 Answers2