CGIT + NGINX : Not able to push
Robbi
contact at robbi.my
Thu Nov 17 15:56:17 UTC 2022
Hi, I plan to setup my own git web using cgit. For now I able to clone
but I not able to push changes.
$ export GIT_CURL_VERBOSE=1
$ git push --set-upstream origin robbi.my_custom
23:24:24.335603 http.c:703 == Info: Couldn't find host
source.robbi.my in the (nil) file; using defaults
23:24:24.339495 http.c:703 == Info: Trying 172.64.80.1:443...
23:24:25.157231 http.c:703 == Info: Connected to
source.robbi.my (172.64.80.1) port 443 (#0)
23:24:25.158730 http.c:703 == Info: ALPN: offers h2
23:24:25.158730 http.c:703 == Info: ALPN: offers http/1.1
23:24:25.169314 http.c:703 == Info: CAfile: C:/Program
Files/Git/mingw64/ssl/certs/ca-bundle.crt
23:24:25.169314 http.c:703 == Info: CApath: none
23:24:25.169314 http.c:703 == Info: TLSv1.3 (OUT), TLS
handshake, Client hello (1):
23:24:25.613101 http.c:703 == Info: TLSv1.3 (IN), TLS
handshake, Server hello (2):
23:24:25.615105 http.c:703 == Info: TLSv1.3 (IN), TLS
handshake, Encrypted Extensions (8):
23:24:25.615105 http.c:703 == Info: TLSv1.3 (IN), TLS
handshake, Certificate (11):
23:24:25.619104 http.c:703 == Info: TLSv1.3 (IN), TLS
handshake, CERT verify (15):
23:24:25.619104 http.c:703 == Info: TLSv1.3 (IN), TLS
handshake, Finished (20):
23:24:25.620104 http.c:703 == Info: TLSv1.3 (OUT), TLS
change cipher, Change cipher spec (1):
23:24:25.620104 http.c:703 == Info: TLSv1.3 (OUT), TLS
handshake, Finished (20):
23:24:25.620104 http.c:703 == Info: SSL connection using
TLSv1.3 / TLS_AES_256_GCM_SHA384
23:24:25.620104 http.c:703 == Info: ALPN: server accepted h2
23:24:25.620104 http.c:703 == Info: Server certificate:
23:24:25.620104 http.c:703 == Info: subject: CN=*.robbi.my
23:24:25.620104 http.c:703 == Info: start date: Oct 13
02:03:14 2022 GMT
23:24:25.620104 http.c:703 == Info: expire date: Jan 11
02:03:13 2023 GMT
23:24:25.620104 http.c:703 == Info: subjectAltName: host
"source.robbi.my" matched cert's "*.robbi.my"
23:24:25.620104 http.c:703 == Info: issuer: C=US; O=Let's
Encrypt; CN=E1
23:24:25.620104 http.c:703 == Info: SSL certificate verify ok.
23:24:25.620104 http.c:703 == Info: Using HTTP2, server
supports multiplexing
23:24:25.620104 http.c:703 == Info: Copying HTTP/2 data in
stream buffer to connection buffer after upgrade: len=0
23:24:25.620104 http.c:703 == Info: h2h3 [:method: GET]
23:24:25.620104 http.c:703 == Info: h2h3 [:path:
/cgit-pink/info/refs?service=git-receive-pack]
23:24:25.620104 http.c:703 == Info: h2h3 [:scheme: https]
23:24:25.620104 http.c:703 == Info: h2h3 [:authority:
source.robbi.my]
23:24:25.620104 http.c:703 == Info: h2h3 [user-agent:
git/2.37.2.windows.2]
23:24:25.620104 http.c:703 == Info: h2h3 [accept: */*]
23:24:25.620104 http.c:703 == Info: h2h3 [accept-encoding:
deflate, gzip, br, zstd]
23:24:25.620104 http.c:703 == Info: h2h3 [pragma: no-cache]
23:24:25.620104 http.c:703 == Info: Using Stream ID: 1
(easy handle 0x22b7fa5f690)
23:24:25.620104 http.c:650 => Send header, 0000000190 bytes
(0x000000be)
23:24:25.620104 http.c:662 => Send header: GET
/cgit-pink/info/refs?service=git-receive-pack HTTP/2
23:24:25.620104 http.c:662 => Send header: Host:
source.robbi.my
23:24:25.620104 http.c:662 => Send header: user-agent:
git/2.37.2.windows.2
23:24:25.620104 http.c:662 => Send header: accept: */*
23:24:25.620104 http.c:662 => Send header: accept-encoding:
deflate, gzip, br, zstd
23:24:25.620104 http.c:662 => Send header: pragma: no-cache
23:24:25.620104 http.c:662 => Send header:
23:24:25.962937 http.c:703 == Info: TLSv1.3 (IN), TLS
handshake, Newsession Ticket (4):
23:24:25.963949 http.c:703 == Info: TLSv1.3 (IN), TLS
handshake, Newsession Ticket (4):
23:24:25.963949 http.c:703 == Info: old SSL session ID is
stale, removing
23:24:25.963949 http.c:703 == Info: Connection state
changed (MAX_CONCURRENT_STREAMS == 256)!
23:24:26.253252 http.c:650 <= Recv header, 0000000013 bytes
(0x0000000d)
23:24:26.253252 http.c:662 <= Recv header: HTTP/2 403
23:24:26.253252 http.c:650 <= Recv header, 0000000037 bytes
(0x00000025)
23:24:26.253252 http.c:662 <= Recv header: date: Thu, 17
Nov 2022 15:24:24 GMT
23:24:26.253252 http.c:650 <= Recv header, 0000000040 bytes
(0x00000028)
23:24:26.253252 http.c:662 <= Recv header: expires: Fri, 01
Jan 1980 00:00:00 GMT
23:24:26.253252 http.c:650 <= Recv header, 0000000040 bytes
(0x00000028)
23:24:26.253252 http.c:662 <= Recv header: expires: Fri, 01
Jan 1980 00:00:00 GMT
23:24:26.253252 http.c:650 <= Recv header, 0000000018 bytes
(0x00000012)
23:24:26.253252 http.c:662 <= Recv header: pragma: no-cache
23:24:26.253252 http.c:650 <= Recv header, 0000000018 bytes
(0x00000012)
23:24:26.253252 http.c:662 <= Recv header: pragma: no-cache
23:24:26.253252 http.c:650 <= Recv header, 0000000053 bytes
(0x00000035)
23:24:26.253252 http.c:662 <= Recv header: cache-control:
no-cache, max-age=0, must-revalidate
23:24:26.253252 http.c:650 <= Recv header, 0000000053 bytes
(0x00000035)
23:24:26.253252 http.c:662 <= Recv header: cache-control:
no-cache, max-age=0, must-revalidate
23:24:26.253252 http.c:650 <= Recv header, 0000000026 bytes
(0x0000001a)
23:24:26.253252 http.c:662 <= Recv header: cf-cache-status:
DYNAMIC
23:24:26.253252 http.c:650 <= Recv header, 0000000256 bytes
(0x00000100)
23:24:26.253252 http.c:662 <= Recv header: report-to:
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fD6cyeHU7oKzC1IXV6hfWtcCXjRGLX7lNK39sEBhlpUSgG6%2F4V8RjFxV%2F20PIQPuFFJeb03csCfZb87f9Q7b7amvGWLhncuAPTZEZ9GraBoHdhs1MObZEz5FdlvADngnu8w%3D"}],"group":"cf-nel","max_age":604800}
23:24:26.253252 http.c:650 <= Recv header, 0000000067 bytes
(0x00000043)
23:24:26.253252 http.c:662 <= Recv header: nel:
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
23:24:26.253252 http.c:650 <= Recv header, 0000000038 bytes
(0x00000026)
23:24:26.253252 http.c:662 <= Recv header:
strict-transport-security: max-age=0
23:24:26.253252 http.c:650 <= Recv header, 0000000033 bytes
(0x00000021)
23:24:26.253252 http.c:662 <= Recv header:
x-content-type-options: nosniff
23:24:26.253252 http.c:650 <= Recv header, 0000000020 bytes
(0x00000014)
23:24:26.253252 http.c:662 <= Recv header: server: cloudflare
23:24:26.253252 http.c:650 <= Recv header, 0000000030 bytes
(0x0000001e)
23:24:26.253252 http.c:662 <= Recv header: cf-ray:
76b9791ecb6405b7-IAD
23:24:26.253252 http.c:650 <= Recv header, 0000000054 bytes
(0x00000036)
23:24:26.253252 http.c:662 <= Recv header: alt-svc:
h3=":443"; ma=86400, h3-29=":443"; ma=86400
23:24:26.253252 http.c:650 <= Recv header, 0000000002 bytes
(0x00000002)
23:24:26.253252 http.c:662 <= Recv header:
23:24:26.253252 http.c:703 == Info: Connection #0 to host
source.robbi.my left intact
fatal: unable to access 'https://source.robbi.my/cgit-pink/': The
requested URL returned error: 403
as you see, it give me 403
Here my NginX conf
$ cat /etc/nginx/sites-available/source.robbi.my.conf | sed -e
's/#[^!].*$//'
server {
listen [::]:80;
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name source.robbi.my;
root /usr/share/cgit;
try_files $uri @cgit;
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/var/www/htdocs/cgit/cgit.cgi;
fastcgi_param PATH_INFO $request_uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param HTTP_HOST $server_name;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
location ~ /.+/(info/refs|git-upload-pack) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/usr/lib/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_HTTP_EXPORT_ALL 1;
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param HOME /srv/git;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
ssl_certificate /etc/nginx/ssl/cloudflare.pem;
ssl_certificate_key /etc/nginx/ssl/cloudflare.key;
}
It not sure what wrong here, it keep sending 403 when I tried to push
--
Regards
Robbi Nespu
PGP: 7816 3327 745D 4B14 0D70 0237 05C3 9BE3 9AAF 49F4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x05C39BE39AAF49F4.asc
Type: application/pgp-keys
Size: 3061 bytes
Desc: OpenPGP public key
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221117/061c70f5/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221117/061c70f5/attachment-0001.bin>
More information about the nginx
mailing list