| From: Rutger Nijlunsing <rutger@nospam.com> |
| Subject: Setting up a Git repository which can be pushed into and pulled from over HTTP(S). |
| Date: Thu, 10 Aug 2006 22:00:26 +0200 |
| Content-type: text/asciidoc |
| |
| How to setup Git server over http |
| ================================= |
| |
| NOTE: This document is from 2006. A lot has happened since then, and this |
| document is now relevant mainly if your web host is not CGI capable. |
| Almost everyone else should instead look at linkgit:git-http-backend[1]. |
| |
| Since Apache is one of those packages people like to compile |
| themselves while others prefer the bureaucrat's dream Debian, it is |
| impossible to give guidelines which will work for everyone. Just send |
| some feedback to the mailing list at git@vger.kernel.org to get this |
| document tailored to your favorite distro. |
| |
| |
| What's needed: |
| |
| - Have an Apache web-server |
| |
| On Debian: |
| $ apt-get install apache2 |
| To get apache2 by default started, |
| edit /etc/default/apache2 and set NO_START=0 |
| |
| - can edit the configuration of it. |
| |
| This could be found under /etc/httpd, or refer to your Apache documentation. |
| |
| On Debian: this means being able to edit files under /etc/apache2 |
| |
| - can restart it. |
| |
| 'apachectl --graceful' might do. If it doesn't, just stop and |
| restart apache. Be warning that active connections to your server |
| might be aborted by this. |
| |
| On Debian: |
| $ /etc/init.d/apache2 restart |
| or |
| $ /etc/init.d/apache2 force-reload |
| (which seems to do the same) |
| This adds symlinks from the /etc/apache2/mods-enabled to |
| /etc/apache2/mods-available. |
| |
| - have permissions to chown a directory |
| |
| - have Git installed on the client, and |
| |
| - either have Git installed on the server or have a webdav client on |
| the client. |
| |
| In effect, this means you're going to be root, or that you're using a |
| preconfigured WebDAV server. |
| |
| |
| Step 1: setup a bare Git repository |
| ----------------------------------- |
| |
| At the time of writing, git-http-push cannot remotely create a Git |
| repository. So we have to do that at the server side with Git. Another |
| option is to generate an empty bare repository at the client and copy |
| it to the server with a WebDAV client (which is the only option if Git |
| is not installed on the server). |
| |
| Create the directory under the DocumentRoot of the directories served |
| by Apache. As an example we take /usr/local/apache2, but try "grep |
| DocumentRoot /where/ever/httpd.conf" to find your root: |
| |
| $ cd /usr/local/apache/htdocs |
| $ mkdir my-new-repo.git |
| |
| On Debian: |
| |
| $ cd /var/www |
| $ mkdir my-new-repo.git |
| |
| |
| Initialize a bare repository |
| |
| $ cd my-new-repo.git |
| $ git --bare init |
| |
| |
| Change the ownership to your web-server's credentials. Use "grep ^User |
| httpd.conf" and "grep ^Group httpd.conf" to find out: |
| |
| $ chown -R www.www . |
| |
| On Debian: |
| |
| $ chown -R www-data.www-data . |
| |
| |
| If you do not know which user Apache runs as, you can alternatively do |
| a "chmod -R a+w .", inspect the files which are created later on, and |
| set the permissions appropriately. |
| |
| Restart apache2, and check whether http://server/my-new-repo.git gives |
| a directory listing. If not, check whether apache started up |
| successfully. |
| |
| |
| Step 2: enable DAV on this repository |
| ------------------------------------- |
| |
| First make sure the dav_module is loaded. For this, insert in httpd.conf: |
| |
| LoadModule dav_module libexec/httpd/libdav.so |
| AddModule mod_dav.c |
| |
| Also make sure that this line exists which is the file used for |
| locking DAV operations: |
| |
| DAVLockDB "/usr/local/apache2/temp/DAV.lock" |
| |
| On Debian these steps can be performed with: |
| |
| Enable the dav and dav_fs modules of apache: |
| $ a2enmod dav_fs |
| (just to be sure. dav_fs might be unneeded, I don't know) |
| $ a2enmod dav |
| The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf: |
| DAVLockDB /var/lock/apache2/DAVLock |
| |
| Of course, it can point somewhere else, but the string is actually just a |
| prefix in some Apache configurations, and therefore the _directory_ has to |
| be writable by the user Apache runs as. |
| |
| Then, add something like this to your httpd.conf |
| |
| <Location /my-new-repo.git> |
| DAV on |
| AuthType Basic |
| AuthName "Git" |
| AuthUserFile /usr/local/apache2/conf/passwd.git |
| Require valid-user |
| </Location> |
| |
| On Debian: |
| Create (or add to) /etc/apache2/conf.d/git.conf : |
| |
| <Location /my-new-repo.git> |
| DAV on |
| AuthType Basic |
| AuthName "Git" |
| AuthUserFile /etc/apache2/passwd.git |
| Require valid-user |
| </Location> |
| |
| Debian automatically reads all files under /etc/apache2/conf.d. |
| |
| The password file can be somewhere else, but it has to be readable by |
| Apache and preferably not readable by the world. |
| |
| Create this file by |
| $ htpasswd -c /usr/local/apache2/conf/passwd.git <user> |
| |
| On Debian: |
| $ htpasswd -c /etc/apache2/passwd.git <user> |
| |
| You will be asked a password, and the file is created. Subsequent calls |
| to htpasswd should omit the '-c' option, since you want to append to the |
| existing file. |
| |
| You need to restart Apache. |
| |
| Now go to http://<username>@<servername>/my-new-repo.git in your |
| browser to check whether it asks for a password and accepts the right |
| password. |
| |
| On Debian: |
| |
| To test the WebDAV part, do: |
| |
| $ apt-get install litmus |
| $ litmus http://<servername>/my-new-repo.git <username> <password> |
| |
| Most tests should pass. |
| |
| A command line tool to test WebDAV is cadaver. If you prefer GUIs, for |
| example, konqueror can open WebDAV URLs as "webdav://..." or |
| "webdavs://...". |
| |
| If you're into Windows, from XP onwards Internet Explorer supports |
| WebDAV. For this, do Internet Explorer -> Open Location -> |
| http://<servername>/my-new-repo.git [x] Open as webfolder -> login . |
| |
| |
| Step 3: setup the client |
| ------------------------ |
| |
| Make sure that you have HTTP support, i.e. your Git was built with |
| libcurl (version more recent than 7.10). The command 'git http-push' with |
| no argument should display a usage message. |
| |
| Then, add the following to your $HOME/.netrc (you can do without, but will be |
| asked to input your password a _lot_ of times): |
| |
| machine <servername> |
| login <username> |
| password <password> |
| |
| ...and set permissions: |
| chmod 600 ~/.netrc |
| |
| If you want to access the web-server by its IP, you have to type that in, |
| instead of the server name. |
| |
| To check whether all is OK, do: |
| |
| curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD |
| |
| ...this should give something like 'ref: refs/heads/master', which is |
| the content of the file HEAD on the server. |
| |
| Now, add the remote in your existing repository which contains the project |
| you want to export: |
| |
| $ git-config remote.upload.url \ |
| http://<username>@<servername>/my-new-repo.git/ |
| |
| It is important to put the last '/'; Without it, the server will send |
| a redirect which git-http-push does not (yet) understand, and git-http-push |
| will repeat the request infinitely. |
| |
| |
| Step 4: make the initial push |
| ----------------------------- |
| |
| From your client repository, do |
| |
| $ git push upload master |
| |
| This pushes branch 'master' (which is assumed to be the branch you |
| want to export) to repository called 'upload', which we previously |
| defined with git-config. |
| |
| |
| Using a proxy: |
| -------------- |
| |
| If you have to access the WebDAV server from behind an HTTP(S) proxy, |
| set the variable 'all_proxy' to 'http://proxy-host.com:port', or |
| 'http://login-on-proxy:passwd-on-proxy@proxy-host.com:port'. See 'man |
| curl' for details. |
| |
| |
| Troubleshooting: |
| ---------------- |
| |
| If git-http-push says |
| |
| Error: no DAV locking support on remote repo http://... |
| |
| then it means the web-server did not accept your authentication. Make sure |
| that the user name and password matches in httpd.conf, .netrc and the URL |
| you are uploading to. |
| |
| If git-http-push shows you an error (22/502) when trying to MOVE a blob, |
| it means that your web-server somehow does not recognize its name in the |
| request; This can happen when you start Apache, but then disable the |
| network interface. A simple restart of Apache helps. |
| |
| Errors like (22/502) are of format (curl error code/http error |
| code). So (22/404) means something like 'not found' at the server. |
| |
| Reading /usr/local/apache2/logs/error_log is often helpful. |
| |
| On Debian: Read /var/log/apache2/error.log instead. |
| |
| If you access HTTPS locations, Git may fail verifying the SSL |
| certificate (this is return code 60). Setting http.sslVerify=false can |
| help diagnosing the problem, but removes security checks. |
| |
| |
| Debian References: http://www.debian-administration.org/articles/285 |
| |
| Authors |
| Johannes Schindelin <Johannes.Schindelin@gmx.de> |
| Rutger Nijlunsing <git@wingding.demon.nl> |
| Matthieu Moy <Matthieu.Moy@imag.fr> |