2. Servidor git https

Note

Servidor de versiones GIT sobre HTTPS

Manual para instalar y configurar un servidor NGINX para servir GIT.

El servidor git debe estar instalado y tener los permisos de ‘git:git’.

Incluir al nginx en el grupo git

sudo chown -R git:git /home/git/<repo>
sudo usermod -aG git nginx
sudo chmod -R g+rx /home/git/<repo>

Confirmar los permisos del directorio

cd /home/git
sudo chmod g+rx /home
sudo chmod g+rx /home/git

Habilitar el <repo> para su uso con HTTPS. Fichero /home/git/<repo>/config

[core]
     repositoryformatversion = 0
     filemode = true
     bare = true
     sharedrepository = 1
[receive]
      denyNonFastforwards = true
[http]
      receivepack = true

Crear el fichero de validación

touch /home/git/<repo>/git-daemon-export-ok

Protección de seguridad para repositorios compartidos

sudo -u nginx git config --global --add safe.directory /home/git/<repo>

Socket y service para el CGI fcgiwrap

dnf install epel-release
dnf install fcgiwrap

Socket /etc/systemd/system/fcgiwrap-gitea.socket

[Unit]
Description=fcgiwrap Socket for Gitea CGI

[Socket]
ListenStream=/run/fcgiwrap/fcgiwrap-gitea.socket
SocketMode=0666

[Install]
WantedBy=sockets.target

Service /etc/systemd/system/fcgiwrap-gitea.service

[Unit]
Description=fcgiwrap Service for Gitea CGI
Requires=fcgiwrap-gitea.socket
After=network.target

[Service]
User=nginx
Group=nginx
ExecStart=/usr/sbin/fcgiwrap
StandardInput=socket
Restart=on-failure

[Install]
WantedBy=multi-user.target

Verificar fcgiwrap

systemctl enable fcgiwrap-gitea.socket
systemctl start fcgiwrap-gitea.socket
systemctl enable fcgiwrap-gitea.service
systemctl start fcgiwrap-gitea.service
ls -al /run/fcgiwrap/fcgiwrap-gitea.socket

Fichero /etc/nginx/default.d/git.conf

location ~ (/.*) {
   root /home/git;
   include fastcgi_params;
   fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
   fastcgi_param GIT_PROJECT_ROOT /home/git;
   fastcgi_param PATH_INFO $uri;
   fastcgi_param REMOTE_USER $remote_user;
   fastcgi_param GIT_HTTP_EXPORT_ALL "";
   fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-gitea.socket;
}

Verificacion

curl -X GET http://IP:PORT/<REPO>/info/refs?service=git-upload-pack