如何在nginx反向代理(HTTPS)后面使用nginx(基本身份验证)进行git推送?

前端之家收集整理的这篇文章主要介绍了如何在nginx反向代理(HTTPS)后面使用nginx(基本身份验证)进行git推送?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我喜欢在没有直接上网的计算机(后端)上安装git服务器.应该有基本的身份验证.访问应该通过另一台执行SSL / HTTPS的计算机上的反向代理(前端)提供.两者都在运行Debian 7 stable(对于Nginx和git来说是wheezy wheezy-backports).

到目前为止,所有东西(= git clone)都有效,但git push:

$git push --set-upstream origin master
Username for 'https://myfrontend:443': myusername
Password for 'https://myusername@myfrontend:443': 
error: Cannot access URL https://myserver:443/git/gittest.git/,return code 22
fatal: git-http-push Failed

后端Nginx日志中的错误消息是:

2014/04/01 01:00:00 [error] 27000#0: *7 no user/password was provided for
basic authentication,client: myfrontend,server: mybackend,request:
"PROPFIND /git/gittest.git/ HTTP/1.0",host: "myfrontend"

似乎基本的auth适用于克隆,但不适用于推送.

前端的Nginx配置是:

server {
    listen 443;
    server_name myfrontend;
    resolver 127.0.0.1;
    charset UTF-8;
    #
    root /var/www/;
    index index.html;
    #
    ssl on;
    ssl_certificate /etc/ssl/certs/myfronted.crt;
    ssl_certificate_key /etc/ssl/private/myfrontend.key;
    #
    ssl_session_timeout 5m;
    #
    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
    #
    location ~ /git(/.*) {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://mybackend:8081/git$1;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header REMOTE_USER $remote_user;
    }
}

后端的Nginx配置是:

server {
    listen 8081;
    server_name mybackend;
    root /var/www;
    charset UTF-8;
    #
    location ~ /git(/.*) {
        auth_basic "Restricted";
        auth_basic_user_file /var/lib/git/.htpasswd;
        dav_methods PUT DELETE MKCOL COPY MOVE;
        dav_ext_methods PROPFIND OPTIONS;
        create_full_put_path on;
        #
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT /var/lib/git;
        fastcgi_param PATH_INFO $1;
        fastcgi_param DOCUMENT_ROOT /usr/lib/git-core/;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        include fastcgi_params;
    }
}

后端服务器上的git配置是:

[core]
repositoryformatversion = 0
filemode = true
bare = true
[http]
receivepack = true
[gitweb]
    owner = My Name

还有另一种更简单的方法可以在后端提供git吗?也许没有Nginx或没有fcgiwrap?但是,我想在没有Apache的情况下生存……

提前谢谢了!

最佳答案
问题出在前端语法中.我不得不改变:

proxy_pass http://mybackend:8081/git$1;

正确的:

proxy_pass http://mybackend:8081/git$1$is_args$args;

或者:

proxy_pass http://mybackend:8081$request_uri;

谢谢,威尔!

猜你在找的Nginx相关文章