Building a Git Web Frontend and Git Server with FreeBSD + fcgiwrap + cgit

7 min

language: ja bn de en es fr hi ko pt ru zh-cn zh-tw

Hello, this is Munou.
Until recently, I was building with GItea, but it was too rich and consumed unnecessary server resources, so I wanted to improve this point.
Also, I wanted to create basic repositories from the CLI as much as possible. GitHub has the gh command, but I didn't want to adopt such platform-dependent commands for personal use, so I didn't introduce it.
This is because platform-dependent binaries don't offer much in terms of low-level learning.

Therefore, I adopted cgit as a separate web frontend for git and stored git on a remote destination via SSH, allowing me to build it as desired.

Enabling Git push

In other words, all you need to do is create a bare repository on the Git server side and be able to push to it.
It is assumed that you can already SSH to the remote destination, which in this case is the Git server.

Creating a Git user

In the case of FreeBSD, you can create it interactively with the "adduser" command.

adduser

After creating the git user here, switch to it and add the client's public key to .ssh/authorized_keys.

su - git
mkdir .ssh
chmod 700 .ssh
vim .ssh/authorized_keys
# Or
echo "client's public key" > ".ssh/authorized_keys"
chmod 600 .ssh/authorized_keys

Now, confirm that you can ssh.
Additionally, create a directory to store repositories under this git user's home directory.

mkdir repos

Then, set the default branch to use with git config.

git config --global init.defaultBranch main

Enabling repository creation from client to server

As it is, you would have to log in to the Git server every time, create a repository, and then git push from the client side, which is too cumbersome. So, I'll enable a series of operations from the client side.
I added the following to .bashrc.

mkr() {
  ssh git@bsd "git init --bare repos/$1.git"
  ssh git@bsd "cd repos/$1.git; git branch -m main"
  echo "remote add origin git@bsd:~/repos/$1.git"
}

Now, you can create repositories on the client side using the repository name provided as an argument.
Finally, by outputting the command to set the remote URL to standard output, you can easily set the remote URL.

Installing cgit

To use cgit, cgi is required, so install the necessary packages. It is assumed that Nginx is already installed.

pkg install cgit fcgiwrap

Nginx needs to be able to access via a UNIX socket with www:www user and group permissions, and the service needs to be enabled.

sysrc fcgiwrap_enable=YES
sysrc fcgiwrap_user=www
sysrc fcgiwrap_group=www
sysrc fcgiwrap_socket_owner=www
sysrc fcgiwrap_socket_group=www
service fcgiwrap start

cgit configuration

You need to configure cgit.
This time, I customized it a bit from the default, so it looks like this:

$ cat /usr/local/etc/cgitrc 
root-title=Git
root-desc=public repositories

virtual-root=/
scan-path=/home/git/repos/

css=/style.css
logo=/top.png

head-include=/usr/local/www/cgit/head.html
readme=:README.md
readme=:README.rst
enable-commit-graph=1

The files to be served were created under /usr/local/www/cgit/ at the time of package installation.

Nginx configuration

Now, for Nginx.

server {
    if ($host = git.soulminingrig.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name git.soulminingrig.com;
    listen 80;
}

server {
    server_name git.soulminingrig.com;
    listen 443 ssl;

    root /usr/local/www/cgit;

    location / {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
        fastcgi_param PATH_INFO $uri;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
    }

    location ~* \.(css|png|ico)$ {
        root /usr/local/www/cgit;
    }

    ssl_certificate /usr/local/etc/letsencrypt/live/git.soulminingrig.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /usr/local/etc/letsencrypt/live/git.soulminingrig.com/privkey.pem; # managed by Certbot
}

After creating the above conf file, perform a syntax check with nginx -t and then restart.

nginx -t
service nginx restart

By the way, I had already obtained the certificate with certbot.

certbot --nginx -d git.soulminingrig.com

Now it's accessible.

Conclusion

With this, I was able to build a very lightweight Git web frontend.
Since it can be built with very few resources, I am quite satisfied.

See you next time. Regards.