Setting Up a CGit Instance On Apache (CentOS 7)

The following steps assume that our domain is already set up at

First, install cgit and highlight

sudo yum install cgit highlight

Create the repos at /srv/git (can be any path)

mkdir -p /srv/git
cd /srv/git

# clone an existing repository to become a remote for it
git clone --bare

Add the following to the cgit conf file at /etc/cgitrc to show our repo

repo.desc=My repo description

Follow the steps here to set up the git user's shell to the git-shell (path will vary) and home directory where we want our repos hosted.

Create an Apache configuration at /etc/httpd/conf.d/cgit.conf or somewhere that Apache can read

# This section is only needed if you want to redirect http traffic to https.
<VirtualHost *:80>
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{SERVER_NAME}
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost *:443>
  SSLEngine on

  # files in /usr/share/cgit will be available from URL /cgit-data
  Alias /cgit-data /usr/share/cgit

  # /cgit page is the cgit CGI
  ScriptAlias /cgit /var/www/cgi-bin/cgit

  # Redirect main page to /cgit
  RewriteEngine on
  RewriteCond %{HTTP_HOST} cgit\.myserver\.org [NC]
  RewriteCond %{REQUEST_URI} ^/$
  Rewriterule ^(.*)$ [L,R=301]

  # Allow anonymous https pulling but require authorization for writing
  SetEnv GIT_PROJECT_ROOT /srv/git
  ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

  RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
  RewriteCond %{REQUEST_URI} /git-receive-pack$
  RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]

  <LocationMatch "^/git/">
    Order Deny,Allow
    Deny from env=AUTHREQUIRED

    AuthType Basic
    AuthName "Git Access"
    Require group mygroup
    Satisfy Any

  <Directory "/usr/share/cgit">
    Require all granted

Restart Apache and call certbot to get a certificate for the site

sudo service httpd restart
sudo certbot --apache

Check that Certbot added the following to Apache's cgit.conf

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLCertificateChainFile /etc/letsencrypt/live/

Done! We can now browse the repo in cgit and clone it using https

git clone

We will use SSH for writing to the repo. Just create an .ssh dir in the git user's home dir and put public keys in .ssh/authorized_keys (remember to set permissions correctly)

By Alexandros Theodotou in
Tags : #apache, #web, #server, #git,