box.matto.nl
Enjoying Open Source Software

Gitweb on FreeBSD with mini_httpd

Minimal setup

My aim was to get quickly, and as simple as possible, a web interface to my own git repositories.

This is on my local home network only, and for my personal use only.

New jail

In order to keep everything easy under control, I created a new jail for this. Setting up a new jail on a ZFS system consists of just a few steps:

Clone a jail-template from a ZFS snapshot:

zfs clone zroot/jails/releases/13.1RELEASE@p0 zroot/jails/gitwebjail
ed /jails/gitwebjail/etc/ssh/sshd_config    # change listen address
  • add a config for this jail in /etc/jail.conf.
  • start the jail with jail -c gitwebjail.

(zroot/jails/releases/13.1RELEASE@p0 stands for the name of a ZFS snapshot that I made earlier.)

mini_httpd

I have never used mini_httpd before, so I took this opportunity to give it a try.

pkg install mini_httpd

I created a small config file for this, /usr/local/etc/mini_httpd.cnf:

host=localhost
port=80
user=git
nochroot
user=nobody
dir=/usr/local/www
cgipat=cgi-bin/*

After this I created the webdir:

mkdir -p /usr/local/www/cgi-bin

And put a nice welcome index.html in /usr/local/www/.

gitweb

Gitweb is part of the git package.

pkg install git

Now, make a symbolic link to the cgi-bin:

cd /usr/local/www/cgi-bin
ln -s /usr/local/share/examples/git/gitweb/gitweb.cgi .

Create the default directory for your repo's:

mkdir -p /pub/git

Put a test repo in it:

cp /pub/git
mkdir testrepo.git
cd testrepo.git
git init --bare

Start mini_httpd

/usr/local/etc/rc.d/mini_httpd onestart

And point your web-browser to http://<ip-adress-of-jail>/cgi-bin/gitweb.cgi.

You should see your testrepo listed.

If everything is running nice, enable mini_httpd in /etc/rc.conf.

mini_httpd_enable="YES"

And copy all git repositories to /pub/git.

Password protection

A basis password protection can be setup using a .htpasswd file.

Create a .htpasswd file with:

cd /usr/local/www/cgi-bin
mini_httpd-htpasswd -c .htpasswd <username>

After this, mini_httpd will see the .htpasswd file and start basic authentication.

Remember that when you are not using TLS, your password is transferred unencrypted to the web server.

Next steps

Of course, this is just a very basic set up. There is lots of room for improvement.

The nochroot in the mini_httpd.cnf could be replaced with chroot, TLS could be activated, and so on.

Have fun !

Tags: