ansible/roles/git/server/files/git.conf

error_page 418 = @query_auth;

# Git over HTTP
location ~ ^/.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
    root /srv/git;
}
# Git operations that require authentication should go here
location @query_auth {
    auth_basic "Authentication Required";
    auth_basic_user_file /etc/nginx/htpasswd;
    rewrite ^(/.*)$ $1 break;
    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
    fastcgi_param PATH_INFO $uri;
    fastcgi_param GIT_PROJECT_ROOT /srv/git;
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
}
location ~ ^(.*\.git/git-receive-pack)$ {
    return 418;
}
location ~ ^/(.*\.git/(HEAD|info/refs|objects/(info/[^/]+)|git-upload-pack))$ {
    if ( $query_string = "service=git-receive-pack" ) { return 418; }
    rewrite ^(/.*)$ $1 break;
    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
    fastcgi_param PATH_INFO $uri;
    fastcgi_param GIT_PROJECT_ROOT /srv/git;
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    include fastcgi_params;
}

# Gitweb
location /gitweb.cgi {
  root /var/www/git/;
  include fastcgi_params;
  fastcgi_param SCRIPT_NAME $uri;
  fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
  fastcgi_pass  unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
}
location / {
  root /var/www/git;
  index gitweb.cgi;
}