User:Halcon/HOWTO cgit uwsgi nginx

HOWTO install and configure cgit + uwsgi + nginx in a domain subdirectory without webapp-config (using OpenRC).

Installing
The package can be installed without dependency on  from halcon-overlay (run by the author of this article).

Alternatively, you could copy the content of www-apps/cgit directory of that overlay to your local overlay and install the package from there.

Configuring
Create a special system user (it will be needed for configuring write access to the repositories):

Set a password for this user:

Log in as this user and make a directory for repositories:

Then, create the configuration file for cgit:

For the Option 2, content of the file /home/someuser/project.list could be:

(Don't forget to create this file not as root, but as someuser)

Configuring
Create the main configuration file (as someuser):

Create a non-emperor uwsgi OpenRC service:

Create the configuration file for the service:

Configuring
The corresponding sections of the configuration file /etc/nginx/nginx.conf: http { upstream uwsgi_cgit { server unix:///run/uwsgi_cgit/uwsgi_cgit.sock; }	server { ...               location ~* ^.+(cgit.(css|png)|favicon.ico) { root /usr/share/webapps/cgit/1.2.3-r103/htdocs/; expires 30d; }               location /subdirectory/ { uwsgi_pass uwsgi_cgit; include uwsgi_params; uwsgi_modifier1 9; }	} } ("root" value MUST BE CHANGED accordingly in case of installing another cgit version)

Read access (git clone, git pull)
Create a testing repo:

Start the service:

Restart nginx:

Try to clone the repo by https:

After the successful testing, add the service to default run level, if you need that:

Write access (git push)
Cgit does not support "git push" - at all, no such feature. But it's not a problem. It can be configured via SSH. After performing all the necessary steps (creating keys, adding the public key to /home/someuser/.ssh/authorized_keys etc), first test if someuser can log in via ssh in the usual way (without git). After testing that, "git push via ssh" can be configured as follows.

Re-create the repository My-Repo on the server. It should be empty and bare:

On a machine you plan to push from, in the repository folder:

or

or

And look at the page www.your-domain.something/subdirectory/My-Repo in a browser.

repository not found
If there is such a message on cgit web page, sooner of all, it means that there is a problem with permissions. If cgit is configured to read a file like project.list and can't read it, it warns about it. So, if you don't see that message, it means that cgit has read the list successfully and the problem is somewhere in the repository.

other issues with web page
As a general tip, it should be debugged starting from upstream. First, run

If it does not help to identify the problem, you could enable "http" directive for uwsgi and run uwsgi not as OpenRC service, but directly:

And then to see the result with curl, as it was recommended in the comments in uwsgi.cgit.ini.

account is locked
If, while trying to log in via ssh, the server warns "someuser not allowed because account is locked", it means that you forgot to create user password (even if you configured the authorization via public key).

External resources

 * https://www.tyil.nl/post/2020/01/08/running-cgit-on-gentoo/ - An article about cgit on Gentoo in Tyil's personal blog.