From: Rutger Nijlunsing <rutger@nospam.com> Subject: Setting up a Git repository which can be pushed into and pulled from over HTTP(S). Date: Thu, 10 Aug 2006 22:00:26 +0200 Content-type: text/asciidoc How to setup Git server over http ================================= NOTE: This document is from 2006. A lot has happened since then, and this document is now relevant mainly if your web host is not CGI capable. Almost everyone else should instead look at linkgit:git-http-backend[1]. Since Apache is one of those packages people like to compile themselves while others prefer the bureaucrat's dream Debian, it is impossible to give guidelines which will work for everyone. Just send some feedback to the mailing list at git@vger.kernel.org to get this document tailored to your favorite distro. What's needed: - Have an Apache web-server On Debian: $ apt-get install apache2 To get apache2 by default started, edit /etc/default/apache2 and set NO_START=0 - can edit the configuration of it. This could be found under /etc/httpd, or refer to your Apache documentation. On Debian: this means being able to edit files under /etc/apache2 - can restart it. 'apachectl --graceful' might do. If it doesn't, just stop and restart apache. Be warning that active connections to your server might be aborted by this. On Debian: $ /etc/init.d/apache2 restart or $ /etc/init.d/apache2 force-reload (which seems to do the same) This adds symlinks from the /etc/apache2/mods-enabled to /etc/apache2/mods-available. - have permissions to chown a directory - have Git installed on the client, and - either have Git installed on the server or have a webdav client on the client. In effect, this means you're going to be root, or that you're using a preconfigured WebDAV server. Step 1: setup a bare Git repository ----------------------------------- At the time of writing, git-http-push cannot remotely create a Git repository. So we have to do that at the server side with Git. Another option is to generate an empty bare repository at the client and copy it to the server with a WebDAV client (which is the only option if Git is not installed on the server). Create the directory under the DocumentRoot of the directories served by Apache. As an example we take /usr/local/apache2, but try "grep DocumentRoot /where/ever/httpd.conf" to find your root: $ cd /usr/local/apache/htdocs $ mkdir my-new-repo.git On Debian: $ cd /var/www $ mkdir my-new-repo.git Initialize a bare repository $ cd my-new-repo.git $ git --bare init Change the ownership to your web-server's credentials. Use `"grep ^User httpd.conf"` and `"grep ^Group httpd.conf"` to find out: $ chown -R www.www . On Debian: $ chown -R www-data.www-data . If you do not know which user Apache runs as, you can alternatively do a "chmod -R a+w .", inspect the files which are created later on, and set the permissions appropriately. Restart apache2, and check whether http://server/my-new-repo.git gives a directory listing. If not, check whether apache started up successfully. Step 2: enable DAV on this repository ------------------------------------- First make sure the dav_module is loaded. For this, insert in httpd.conf: LoadModule dav_module libexec/httpd/libdav.so AddModule mod_dav.c Also make sure that this line exists which is the file used for locking DAV operations: DAVLockDB "/usr/local/apache2/temp/DAV.lock" On Debian these steps can be performed with: Enable the dav and dav_fs modules of apache: $ a2enmod dav_fs (just to be sure. dav_fs might be unneeded, I don't know) $ a2enmod dav The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf: DAVLockDB /var/lock/apache2/DAVLock Of course, it can point somewhere else, but the string is actually just a prefix in some Apache configurations, and therefore the _directory_ has to be writable by the user Apache runs as. Then, add something like this to your httpd.conf <Location /my-new-repo.git> DAV on AuthType Basic AuthName "Git" AuthUserFile /usr/local/apache2/conf/passwd.git Require valid-user </Location> On Debian: Create (or add to) /etc/apache2/conf.d/git.conf : <Location /my-new-repo.git> DAV on AuthType Basic AuthName "Git" AuthUserFile /etc/apache2/passwd.git Require valid-user </Location> Debian automatically reads all files under /etc/apache2/conf.d. The password file can be somewhere else, but it has to be readable by Apache and preferably not readable by the world. Create this file by $ htpasswd -c /usr/local/apache2/conf/passwd.git <user> On Debian: $ htpasswd -c /etc/apache2/passwd.git <user> You will be asked a password, and the file is created. Subsequent calls to htpasswd should omit the '-c' option, since you want to append to the existing file. You need to restart Apache. Now go to http://<username>@<servername>/my-new-repo.git in your browser to check whether it asks for a password and accepts the right password. On Debian: To test the WebDAV part, do: $ apt-get install litmus $ litmus http://<servername>/my-new-repo.git <username> <password> Most tests should pass. A command-line tool to test WebDAV is cadaver. If you prefer GUIs, for example, konqueror can open WebDAV URLs as "webdav://..." or "webdavs://...". If you're into Windows, from XP onwards Internet Explorer supports WebDAV. For this, do Internet Explorer -> Open Location -> http://<servername>/my-new-repo.git [x] Open as webfolder -> login . Step 3: setup the client ------------------------ Make sure that you have HTTP support, i.e. your Git was built with libcurl (version more recent than 7.10). The command 'git http-push' with no argument should display a usage message. Then, add the following to your $HOME/.netrc (you can do without, but will be asked to input your password a _lot_ of times): machine <servername> login <username> password <password> ...and set permissions: chmod 600 ~/.netrc If you want to access the web-server by its IP, you have to type that in, instead of the server name. To check whether all is OK, do: curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD ...this should give something like 'ref: refs/heads/master', which is the content of the file HEAD on the server. Now, add the remote in your existing repository which contains the project you want to export: $ git-config remote.upload.url \ http://<username>@<servername>/my-new-repo.git/ It is important to put the last '/'; Without it, the server will send a redirect which git-http-push does not (yet) understand, and git-http-push will repeat the request infinitely. Step 4: make the initial push ----------------------------- From your client repository, do $ git push upload master This pushes branch 'master' (which is assumed to be the branch you want to export) to repository called 'upload', which we previously defined with git-config. Using a proxy: -------------- If you have to access the WebDAV server from behind an HTTP(S) proxy, set the variable 'all_proxy' to `http://proxy-host.com:port`, or `http://login-on-proxy:passwd-on-proxy@proxy-host.com:port`. See 'man curl' for details. Troubleshooting: ---------------- If git-http-push says Error: no DAV locking support on remote repo http://... then it means the web-server did not accept your authentication. Make sure that the user name and password matches in httpd.conf, .netrc and the URL you are uploading to. If git-http-push shows you an error (22/502) when trying to MOVE a blob, it means that your web-server somehow does not recognize its name in the request; This can happen when you start Apache, but then disable the network interface. A simple restart of Apache helps. Errors like (22/502) are of format (curl error code/http error code). So (22/404) means something like 'not found' at the server. Reading /usr/local/apache2/logs/error_log is often helpful. On Debian: Read /var/log/apache2/error.log instead. If you access HTTPS locations, Git may fail verifying the SSL certificate (this is return code 60). Setting http.sslVerify=false can help diagnosing the problem, but removes security checks. Debian References: http://www.debian-administration.org/articles/285 Authors Johannes Schindelin <Johannes.Schindelin@gmx.de> Rutger Nijlunsing <git@wingding.demon.nl> Matthieu Moy <Matthieu.Moy@imag.fr>