nginx 和 git-http-backend 403 推送
nginx and git-http-backend 403 on push
我正在尝试设置一个 git 服务器,前端为 stagit,后端为 git-http-backend,并在所有内容之间使用 nginx。我在 this 答案中找到了一个在我的服务器上工作的配置(通过工作,我的意思是 nginx 将通过网络浏览器为任何连接服务 html,但如果我使用,让我克隆一个存储库git clone https://git.website.com/test.git.
我遇到的问题是,当我推送源为 https://git.website.com/test.git 的存储库(无论是来自服务器本身还是来自我的本地计算机)时,我收到 403 错误并且我不知道为什么。有什么想法吗?
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/ssl-private.key;
root /srv/git;
index index.html index.htm index.nginx-debian.html;
access_log /var/log/nginx/git.access.log;
error_log /var/log/nginx/git.error.log;
gzip off;
location / {
try_files $uri $uri/ =404;
}
# static repo files for cloning over https
location ~ ^.*/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
root /srv/git;
}
# requests that need to go to git-http-backend
location ~ ^.*/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
root /srv/git;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_PROJECT_ROOT $document_root;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
}
大约两个小时前,我才开始尝试使用 git-http-backend 进行多个配置。似乎很难让 http 正常提供网页,但 也 允许 git 到 clone/push。使用找到的配置 here 导致空的 200 OK 响应...
经过多次试验和错误后,我从 this 答案中获取配置并对其进行修改以提供以下位置规则:
location / {
if ($arg_service = git-receive-pack) {
rewrite (/.*) /git_write/ last;
}
if ($uri ~ ^/.*/git-receive-pack$) {
rewrite (/.*) /git_write/ last;
}
if ($arg_service = git-upload-pack) {
rewrite (/.*) /git_read/ last;
}
if ($uri ~ ^/.*/git-upload-pack$) {
rewrite (/.*) /git_read/ last;
}
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
location ~ /git_read/(.*) {
include git-http-backend.conf;
}
# require auth to upload
location ~ /git_write/(.*) {
auth_basic "Pushing to Git repositories is restricted";
auth_basic_user_file /etc/nginx/htpasswd;
include git-http-backend.conf;
}
其中 /etc/nginx/git-http-backend.conf 显示为:
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param PATH_INFO ;
fastcgi_param REMOTE_USER $remote_user;
问题已解决。
我正在尝试设置一个 git 服务器,前端为 stagit,后端为 git-http-backend,并在所有内容之间使用 nginx。我在 this 答案中找到了一个在我的服务器上工作的配置(通过工作,我的意思是 nginx 将通过网络浏览器为任何连接服务 html,但如果我使用,让我克隆一个存储库git clone https://git.website.com/test.git.
我遇到的问题是,当我推送源为 https://git.website.com/test.git 的存储库(无论是来自服务器本身还是来自我的本地计算机)时,我收到 403 错误并且我不知道为什么。有什么想法吗?
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/ssl-private.key;
root /srv/git;
index index.html index.htm index.nginx-debian.html;
access_log /var/log/nginx/git.access.log;
error_log /var/log/nginx/git.error.log;
gzip off;
location / {
try_files $uri $uri/ =404;
}
# static repo files for cloning over https
location ~ ^.*/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
root /srv/git;
}
# requests that need to go to git-http-backend
location ~ ^.*/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
root /srv/git;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_PROJECT_ROOT $document_root;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
}
大约两个小时前,我才开始尝试使用 git-http-backend 进行多个配置。似乎很难让 http 正常提供网页,但 也 允许 git 到 clone/push。使用找到的配置 here 导致空的 200 OK 响应...
经过多次试验和错误后,我从 this 答案中获取配置并对其进行修改以提供以下位置规则:
location / {
if ($arg_service = git-receive-pack) {
rewrite (/.*) /git_write/ last;
}
if ($uri ~ ^/.*/git-receive-pack$) {
rewrite (/.*) /git_write/ last;
}
if ($arg_service = git-upload-pack) {
rewrite (/.*) /git_read/ last;
}
if ($uri ~ ^/.*/git-upload-pack$) {
rewrite (/.*) /git_read/ last;
}
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
location ~ /git_read/(.*) {
include git-http-backend.conf;
}
# require auth to upload
location ~ /git_write/(.*) {
auth_basic "Pushing to Git repositories is restricted";
auth_basic_user_file /etc/nginx/htpasswd;
include git-http-backend.conf;
}
其中 /etc/nginx/git-http-backend.conf 显示为:
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param PATH_INFO ;
fastcgi_param REMOTE_USER $remote_user;
问题已解决。