itxx00 · April 16, 2015 07:40
diff --git a/gistfile1.txt b/gistfile1.txt
 /etc/nginx/conf.d/git.conf

 server {
    listen  443;
    server_name git.test.net;
    root /data/web;
    charset utf-8;
    index index.html;

    access_log /var/log/nginx/git_access.log;
    error_log /var/log/nginx/git_error.log;

    #error_page 404 /404.html;

    ssl on;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    #
    #ssl_session_timeout 5m;
    #
    #ssl_protocols SSLv3 TLSv1;
    #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    #ssl_prefer_server_ciphers on;

    auth_basic            "Restricted";
    auth_basic_user_file  /data/htpasswd;

    location ~ /git(/.*) {
        client_max_body_size                    0;
        fastcgi_param   SCRIPT_FILENAME         /usr/libexec/git-core/git-http-backend;
        fastcgi_param   GIT_HTTP_EXPORT_ALL     "";
        fastcgi_param   GIT_PROJECT_ROOT        /data/git;
        fastcgi_param   PATH_INFO               $1;
        # Forward REMOTE_USER as we want to know when we are authenticated
        fastcgi_param   REMOTE_USER             $remote_user;
        fastcgi_pass    unix:/var/run/fcgiwrap.socket;
        include         fastcgi_params;
        }
 }

 cd /data
 htpasswd -bc htpasswd user1 password1

 yum install git


 mkdir /etc/nginx/ssl
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

 install epel-release
 yum install gcc make fcgi fcgi-devel spawn-fcgi

 git clone https://github.com/samboy/fcgiwrap.git

 cd fcguwrap
 ./configure
 make && make install
 cp init.d/fcgiwrap /etc/init.d/
 chmod +x /etc/init.d/fcgiwrap
 sed -i '/nobody/nginx/' /etc/init.d/fcgiwrap


 cd /data/git
 git init --bare --shared test.git
 chown -R nginx.nginx /data/git

 iptables -I INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT



 On client side:
 git config --global http.sslverify false
 cat >>~/.netrc <<EOF
 machine git.test.net
 login user1
 password password1

 git clone https://git.test.net/git/test.git
	/etc/nginx/conf.d/git.conf

	server {
	listen 443;
	server_name git.test.net;
	root /data/web;
	charset utf-8;
	index index.html;

	access_log /var/log/nginx/git_access.log;
	error_log /var/log/nginx/git_error.log;

	#error_page 404 /404.html;

	ssl on;
	ssl_certificate /etc/nginx/ssl/nginx.crt;
	ssl_certificate_key /etc/nginx/ssl/nginx.key;
	#
	#ssl_session_timeout 5m;
	#
	#ssl_protocols SSLv3 TLSv1;
	#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	#ssl_prefer_server_ciphers on;

	auth_basic "Restricted";
	auth_basic_user_file /data/htpasswd;

	location ~ /git(/.*) {
	client_max_body_size 0;
	fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
	fastcgi_param GIT_HTTP_EXPORT_ALL "";
	fastcgi_param GIT_PROJECT_ROOT /data/git;
	fastcgi_param PATH_INFO $1;
	# Forward REMOTE_USER as we want to know when we are authenticated
	fastcgi_param REMOTE_USER $remote_user;
	fastcgi_pass unix:/var/run/fcgiwrap.socket;
	include fastcgi_params;
	}
	}

	cd /data
	htpasswd -bc htpasswd user1 password1

	yum install git


	mkdir /etc/nginx/ssl
	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

	install epel-release
	yum install gcc make fcgi fcgi-devel spawn-fcgi

	git clone https://github.com/samboy/fcgiwrap.git

	cd fcguwrap
	./configure
	make && make install
	cp init.d/fcgiwrap /etc/init.d/
	chmod +x /etc/init.d/fcgiwrap
	sed -i '/nobody/nginx/' /etc/init.d/fcgiwrap


	cd /data/git
	git init --bare --shared test.git
	chown -R nginx.nginx /data/git

	iptables -I INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT



	On client side:
	git config --global http.sslverify false
	cat >>~/.netrc <<EOF
	machine git.test.net
	login user1
	password password1

	git clone https://git.test.net/git/test.git