Gitweb is a nice web interface for Git repositories. For instance go
to http://git.kernel.org/ to see how it looks like. I find it useful
especially when I'm using the machine of somebody else and need to check out
some files from one of my own repositories. git-http-backend allows me
to clone git repositories over HTTPS so I don't have to use SSH.
First you have to prepare your repositories on your server for accessing
them via HTTPS. I would recommend to create an extra user "git" for it.
In this example I put my repositories to /home/git/repositories.
Basically you can put them where you want.
useradd -m git
su git
git clone --bare /old/repo.git /home/git/repositories/repo.git
cd /home/git/repositories/repo.git
sudo chmod -R g+ws .    # Setting necessary rights for pushing to the repository.
sudo chgrp -R git .
Now configure your repositories:
git --bare update-server-info
cp hooks/post-update.sample hooks/post-update
chmod a+x hooks/post-update
This generates all the information that is necessary to share the
repository using a webserver like NGINX.
I found a nice tutorial about how to set up NGINX for gitweb and
git-http-backend here. It almost worked out-of-the-box for me. I just
had to add following lines to fix some errors I got when I tried to work
with git-http-backend.
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param REMOTE_USER $remote_user;
Furthermore, I have added the auth_basic lines to restrict the access to
my repositories. The configuration shown below has been tested with
Ubuntu 12.04.
But first make sure you have all required packages installed:
(sudo) apt-get install git gitweb fcgiwrap
Here is my NGINX configuration file for Gitweb and git-http-backend. It
allows access only using HTTPS and asks for authentication both for the
web interface and for cloning the repositories. It works basically like
the .htaccess authentication mechanism from Apache.
server {
    listen      80;
    server_name git.weinimo.de;
    access_log /var/log/nginx/git.weinimo.de.access.log;
    rewrite     ^   https://$server_name$request_uri? permanent;
}
# HTTPS server
#
server {
    listen       443;
    server_name  git.weinimo.de;
    root /usr/share/gitweb;
    access_log /var/log/nginx/git.weinimo.de.access.log;
    ssl                  on;
    ssl_certificate      /etc/ssl/certs/certforyoursite.crt;
    ssl_certificate_key  /etc/ssl/private/sitekey.pem;
    ssl_session_timeout 5m;
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers          HIGH:!ADH:!MD5;
    ssl_prefer_server_ciphers on;
    auth_basic           "RESTRICTED ACCESS";
    auth_basic_user_file /etc/nginx/access_list;
    # static repo files for cloning over https
    location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
        root /home/git/repositories/;
    }
    # requests that need to go to git-http-backend
    location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
        root /home/git/repositories;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        fastcgi_param SCRIPT_FILENAME   /usr/lib/git-core/git-http-backend;
        fastcgi_param PATH_INFO         $uri;
        fastcgi_param GIT_PROJECT_ROOT  /home/git/repositories;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param REMOTE_USER $remote_user;
        include fastcgi_params;
    }
    # send anything else to gitweb if it's not a real file
    try_files $uri @gitweb;
    location @gitweb {
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        fastcgi_param SCRIPT_FILENAME   /usr/share/gitweb/gitweb.cgi;
        fastcgi_param PATH_INFO         $uri;
        fastcgi_param GITWEB_CONFIG     /etc/gitweb.conf;
        include fastcgi_params;
   }
}
Update1: I had to add the line fastcgi_param REMOTE_USER
$remote_user; to the NGINX configuration to fix the 403 errors I got
when trying to push changes to the server. This is necessary because I
use HTTP authentification. I also added some commands for preparing the
repositories for git-http-backend.
 
Update2: Added a section for setting up the repository file modes
to prevent the "remote: error: insufficient permission for adding an
object to repository database ./objects" error when trying to push to
the repository.
 
Update3: Disabled SSL and enabled TLS1.1 and TLS1.2 support.
Thanks for your comment itefixnet.
 
There are comments.