Setting Up a Secure Git Server with Nginx on Debian 8
Git is a widely used version control solution that allows developers to manage and track changes in their source code. This guide details the steps to install an HTTP(S)-based Git server secured by username and password authentication.
Requirements
- Debian 8 (Jessie) operating system
- Sudo privileges
- Your preferred text editor (e.g., nano or vim)
Install Required Packages
Install the essential components: nginx, git, fcgiwrap, and Apache HTTP utilities. Use the following command:
sudo apt-get install nginx git fcgiwrap apache2-utils
Note: If another service like Apache is already using port 80, the Nginx installation via dpkg
may fail.
Create the Git Repository Directory
To store your repositories in /var/www/git
, run the following commands:
mkdir /var/www/git
chown www-data:www-data /var/www/git
This ensures the www-data
user (which FastCGI uses) has the appropriate permissions.
Configure Nginx
To route Git requests properly, update the Nginx configuration. This can be included in the default server block or placed in a custom file under /etc/nginx/conf.d
or /etc/nginx/sites-enabled
. The configuration should be added in this exact order:
location ~ (/.*) {
client_max_body_size 0;
auth_basic “Git Login”;
auth_basic_user_file “/var/www/git/htpasswd”;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL “”;
fastcgi_param GIT_PROJECT_ROOT /var/www/git;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $1;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
If you’d prefer serving repositories from a subdirectory (e.g., /repos
), change the first line to:
location ~ /repos(/.*) {
Also, verify that the server_name
in your configuration does not conflict with other entries to ensure proper request handling by Nginx.
Enable Password-Based Access
To restrict access, generate an htpasswd
file using the command below:
htpasswd -c /var/www/git/htpasswd <your username>
You’ll be prompted to input a password. To add additional users, omit the -c
flag:
htpasswd /var/www/git/htpasswd <another username>
Apply the Configuration Changes
Reload the Nginx service to activate all changes:
sudo service nginx reload
You now have a functioning Git server with password protection.
Optional: Automate Git Repository Initialization
To ensure that Git repositories have the correct ownership and structure, it’s helpful to use a script. This script must run under the www-data
user to avoid permission issues later. Create the script at /var/www/git/gitinit.sh
and insert:
#!/bin/sh
sudo -u www-data mkdir $1
cd $1
sudo -u www-data git init –bare
To run the script:
cd /var/www/git
./gitinit.sh repo-name
Don’t forget to make it executable:
chmod +x /var/www/git/gitinit.sh
Conclusion
Setting up a private Git server with Nginx on Debian 8 offers a secure and scalable environment for managing source code repositories. With HTTP(S) access, password protection, and an automated initialization script, this solution is ideal for teams seeking control and flexibility without relying on third-party hosting platforms.