Setting Up a Secure Git Server with Nginx on Debian 8

Git is a widely used version control solution that allows developers to manage and track changes in their source code. This guide details the steps to install an HTTP(S)-based Git server secured by username and password authentication.

Requirements

  • Debian 8 (Jessie) operating system
  • Sudo privileges
  • Your preferred text editor (e.g., nano or vim)

Install Required Packages

Install the essential components: nginx, git, fcgiwrap, and Apache HTTP utilities. Use the following command:


sudo apt-get install nginx git fcgiwrap apache2-utils

Note: If another service like Apache is already using port 80, the Nginx installation via dpkg may fail.

Create the Git Repository Directory

To store your repositories in /var/www/git, run the following commands:


mkdir /var/www/git
chown www-data:www-data /var/www/git

This ensures the www-data user (which FastCGI uses) has the appropriate permissions.

Configure Nginx

To route Git requests properly, update the Nginx configuration. This can be included in the default server block or placed in a custom file under /etc/nginx/conf.d or /etc/nginx/sites-enabled. The configuration should be added in this exact order:


location ~ (/.*) {
client_max_body_size 0;
auth_basic “Git Login”;
auth_basic_user_file “/var/www/git/htpasswd”;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL “”;
fastcgi_param GIT_PROJECT_ROOT /var/www/git;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $1;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}

If you’d prefer serving repositories from a subdirectory (e.g., /repos), change the first line to:

Also, verify that the server_name in your configuration does not conflict with other entries to ensure proper request handling by Nginx.

Enable Password-Based Access

To restrict access, generate an htpasswd file using the command below:


htpasswd -c /var/www/git/htpasswd <your username>

You’ll be prompted to input a password. To add additional users, omit the -c flag:


htpasswd /var/www/git/htpasswd <another username>

Apply the Configuration Changes

Reload the Nginx service to activate all changes:

You now have a functioning Git server with password protection.

Optional: Automate Git Repository Initialization

To ensure that Git repositories have the correct ownership and structure, it’s helpful to use a script. This script must run under the www-data user to avoid permission issues later. Create the script at /var/www/git/gitinit.sh and insert:


#!/bin/sh
sudo -u www-data mkdir $1
cd $1
sudo -u www-data git init –bare

To run the script:


cd /var/www/git
./gitinit.sh repo-name

Don’t forget to make it executable:


chmod +x /var/www/git/gitinit.sh

Conclusion

Setting up a private Git server with Nginx on Debian 8 offers a secure and scalable environment for managing source code repositories. With HTTP(S) access, password protection, and an automated initialization script, this solution is ideal for teams seeking control and flexibility without relying on third-party hosting platforms.

Source: vultr.com

Create a Free Account

Register now and get access to our Cloud Services.

Posts you might be interested in: