simple-authentication.lua gives "Invalid request"

Jeremy Epstein jazepstein at
Sat Sep 27 04:44:32 CEST 2014

For now, I've created a separate nginx virtualhost for each repo, and
I've configured HTTP basic authentication in each virtualhost.

I didn't think that this was possible before - but then I realised
that it's actually quite easy, all I needed to do was to create a
cgitrc file for each repo (rather than just having the global
/etc/cgitrc), and then in the nginx virtualhost config, add this:

fastcgi_param   CGIT_CONFIG     /path/to/repo_foo/cgitrc;

(to set the CGIT_CONFIG environment variable per vhost).

This is not as ideal as actually getting the cgit authentication
feature working - but it achieves the same end result (i.e. per-repo
access control).

So, if anyone else is in the same boat, and if there have still been
no solutions suggested for the problem, you might want to consider
taking my approach too.


On Sun, Sep 21, 2014 at 11:48 PM, Jeremy Epstein <jazepstein at> wrote:
> Hi,
> I'm trying to set up cgit on my server, with password protection
> per-repository using the "filters/simple-authentication.lua" script:
> After spending some time installing lua and luacrypto, I'm correctly
> getting the "Authentication Required" page when I try to view a
> protected repo. However, when I enter a username / password and click
> "login", all I get after that is "Invalid request" (as a 404
> response).
> I have cgit running behind nginx, configured more-or-less per these
> instructions:
> Would be great to get this working. As I'll be using cgit for private
> repos (for client projects), the password-protection is a must. I
> realise that this feature is new, so I understand if there are still
> some hiccups involved.
> Cheers,
> Jeremy.

More information about the CGit mailing list