Frequently Asked Questions - gitwin

Gitwin's Nginx web server has built-in support for LDAP authentication allowing you to use AD authentication. Follow steps below:

  • Create a dedicated AD service account for LDAP queries (say ldapreq, domain example.local)
  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Gitwin installation directory>\etc\nginx\nginx.conf
http {
....
ldap_server DCGC1 {
    url ldap://192.168.0.1:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "EXAMPLE\\ldapreq";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
ldap_server DCGC2 {
    url ldap://192.168.0.2:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "EXAMPLE\\ldapreq";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
server {
listen       9610;
server_name  localhost;
 
auth_ldap "Restricted";
auth_ldap_servers DCGC1,DCGC2;
 
 ....
 
  • Restart Gitwin_Nginx service
 
Useful links:
 

Gitwin's Nginx web server has a built-in support for SSL communications. Assuming that you have required certificate files located at the etc/nginx/ssl directory, you may follow steps below to enable secure communications:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Gitwin installation directory>\etc\nginx\nginx.conf:
.....
server {
       listen         9610;
       server_name    your.server.name;
       return         301 https://$server_name$request_uri:9643;
}
 
server {
listen 9643 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/your.server.name.crt;
ssl_certificate_key /etc/nginx/ssl/your.server.name.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 server_name  your.server.name;
.....
  • Setup above will automatically redirect http requests to https on port 9643, making your server communicate securely all the time. NB! SSLv3 are excluded from the supported list of protocols (ssl_protocols directive) to avoid Poodle security vulnerabilitiy.
  • Restart Gitwin_Nginx service
Useful links: