nginx separate regex for git-upload-pack and git-receive-pack

Question

I have this

location ~ ^.*user/repo\.git\/(HEAD|info/refs|objects/info/.*|git-upload-pack)${

    //send to fastcgi_param SCRIPT_FILENAME /usr/bin/gitolite-shell;

}

This is working for clone. I have modified Gitolite so I can make public repos without key or http user/password.

Now when I want to push info/refs get matched against this route and I can not move on to the next location that is responsible for push.

location ~ ^.*user/repo\.git\/(HEAD|info/refs|objects/info/.*|git-receive-pack)${

   //some custom auth and so on

}

Btw, this is working in apache for push on public repos:

<LocationMatch "^/username/repo/git-receive-pack$">
</LocationMatch>

Bottom line is that:

^.*user/repo\.git\/(HEAD|info/refs|objects/info/.*|git-upload-pack)$
^.*user/repo\.git\/(HEAD|info/refs|objects/info/.*|git-receive-pack)$

are problem since first will always catch second.

I tried to do some

if ($args = "service=git-receive-pack"){
    //do redirect to user/repo.git/git-receive-pack but that will not work since 
    //info/refs?service=git-receive-pack must be called first.
}

I need help with regex and do not forget that you can not match location query string in Nginx location. For example

user/repo.git/info/refs?service=git-receive-pack
user/repo.git/git-receive-pack

can be matched with simple `^.user/repo.git/.(git-receive-pack)$. That will not work since 1st case in Nginx is not matched because location is user/repo.git/info/refs.

score 1 · Answer 1 · answered Oct 01 '15 at 16:12

I solved this after 24 hours :(

This is solution that works from me.

location = /username/repo.git/info/refs {

    if ($args ~ service=git-upload-pack) {

        rewrite ^ /username/repo.git/git-upload-pack;
    }

    if ($args ~ service=git-receive-pack){
        rewrite ^ /username/repo.git/git-receive-pack;
    }
}

location ~ /username/repo.git/git-upload-pack {

    gzip off;

    if ( $request_method ~ POST ){
        set $uri1 $uri;
    }
    if ( $request_method ~ GET ){

        set $uri1 /username/repo.git/info/refs;
    }
    fastcgi_param PATH_INFO $uri1;
    fastcgi_param REMOTE_USER daemon;
    fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
    fastcgi_param GITOLITE_HTTP_HOME /var/lib/gitolite;
    fastcgi_param SCRIPT_FILENAME /usr/bin/gitolite-shell;
    fastcgi_param QUERY_STRING $query_string;
    fastcgi_pass 127.0.0.1:1234;
    include fastcgi_params;
}

location = /username/repo.git/git-receive-pack{
    gzip off;

    if ( $request_method ~ POST ){
        set $uri1 $uri;
    }
    if ( $request_method ~ GET ){

        set $uri1 /username/repo.git/info/refs;
    }
    satisfy any;
    auth_basic "Restricted Access for repository_path";
    auth_basic_user_file "/usr/local/nginx/htpasswd";
    auth_request /auth;

    fastcgi_param PATH_INFO $uri1;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
    fastcgi_param GITOLITE_HTTP_HOME /var/lib/gitolite;
    fastcgi_param SCRIPT_FILENAME /usr/bin/gitolite-shell;
    fastcgi_param QUERY_STRING $query_string;
    fastcgi_pass 127.0.0.1:1234;
    include fastcgi_params;
}

This nginx sucks since I only needed 5 lines of code to solve pull/push on public repos in apache. I hope that this hours spent are worth it.

nginx separate regex for git-upload-pack and git-receive-pack

1 Answers1