|  | From: Rutger Nijlunsing <rutger@nospam.com> | 
|  | Subject: Setting up a Git repository which can be pushed into and pulled from over HTTP(S). | 
|  | Date: Thu, 10 Aug 2006 22:00:26 +0200 | 
|  | Content-type: text/asciidoc | 
|  |  | 
|  | How to setup Git server over http | 
|  | ================================= | 
|  |  | 
|  | NOTE: This document is from 2006.  A lot has happened since then, and this | 
|  | document is now relevant mainly if your web host is not CGI capable. | 
|  | Almost everyone else should instead look at linkgit:git-http-backend[1]. | 
|  |  | 
|  | Since Apache is one of those packages people like to compile | 
|  | themselves while others prefer the bureaucrat's dream Debian, it is | 
|  | impossible to give guidelines which will work for everyone. Just send | 
|  | some feedback to the mailing list at git@vger.kernel.org to get this | 
|  | document tailored to your favorite distro. | 
|  |  | 
|  |  | 
|  | What's needed: | 
|  |  | 
|  | - Have an Apache web-server | 
|  |  | 
|  | On Debian: | 
|  | $ apt-get install apache2 | 
|  | To get apache2 by default started, | 
|  | edit /etc/default/apache2 and set NO_START=0 | 
|  |  | 
|  | - can edit the configuration of it. | 
|  |  | 
|  | This could be found under /etc/httpd, or refer to your Apache documentation. | 
|  |  | 
|  | On Debian: this means being able to edit files under /etc/apache2 | 
|  |  | 
|  | - can restart it. | 
|  |  | 
|  | 'apachectl --graceful' might do. If it doesn't, just stop and | 
|  | restart apache. Be warning that active connections to your server | 
|  | might be aborted by this. | 
|  |  | 
|  | On Debian: | 
|  | $ /etc/init.d/apache2 restart | 
|  | or | 
|  | $ /etc/init.d/apache2 force-reload | 
|  | (which seems to do the same) | 
|  | This adds symlinks from the /etc/apache2/mods-enabled to | 
|  | /etc/apache2/mods-available. | 
|  |  | 
|  | - have permissions to chown a directory | 
|  |  | 
|  | - have Git installed on the client, and | 
|  |  | 
|  | - either have Git installed on the server or have a webdav client on | 
|  | the client. | 
|  |  | 
|  | In effect, this means you're going to be root, or that you're using a | 
|  | preconfigured WebDAV server. | 
|  |  | 
|  |  | 
|  | Step 1: setup a bare Git repository | 
|  | ----------------------------------- | 
|  |  | 
|  | At the time of writing, git-http-push cannot remotely create a Git | 
|  | repository. So we have to do that at the server side with Git. Another | 
|  | option is to generate an empty bare repository at the client and copy | 
|  | it to the server with a WebDAV client (which is the only option if Git | 
|  | is not installed on the server). | 
|  |  | 
|  | Create the directory under the DocumentRoot of the directories served | 
|  | by Apache. As an example we take /usr/local/apache2, but try "grep | 
|  | DocumentRoot /where/ever/httpd.conf" to find your root: | 
|  |  | 
|  | $ cd /usr/local/apache/htdocs | 
|  | $ mkdir my-new-repo.git | 
|  |  | 
|  | On Debian: | 
|  |  | 
|  | $ cd /var/www | 
|  | $ mkdir my-new-repo.git | 
|  |  | 
|  |  | 
|  | Initialize a bare repository | 
|  |  | 
|  | $ cd my-new-repo.git | 
|  | $ git --bare init | 
|  |  | 
|  |  | 
|  | Change the ownership to your web-server's credentials. Use `"grep ^User | 
|  | httpd.conf"` and `"grep ^Group httpd.conf"` to find out: | 
|  |  | 
|  | $ chown -R www.www . | 
|  |  | 
|  | On Debian: | 
|  |  | 
|  | $ chown -R www-data.www-data . | 
|  |  | 
|  |  | 
|  | If you do not know which user Apache runs as, you can alternatively do | 
|  | a "chmod -R a+w .", inspect the files which are created later on, and | 
|  | set the permissions appropriately. | 
|  |  | 
|  | Restart apache2, and check whether http://server/my-new-repo.git gives | 
|  | a directory listing. If not, check whether apache started up | 
|  | successfully. | 
|  |  | 
|  |  | 
|  | Step 2: enable DAV on this repository | 
|  | ------------------------------------- | 
|  |  | 
|  | First make sure the dav_module is loaded. For this, insert in httpd.conf: | 
|  |  | 
|  | LoadModule dav_module libexec/httpd/libdav.so | 
|  | AddModule mod_dav.c | 
|  |  | 
|  | Also make sure that this line exists which is the file used for | 
|  | locking DAV operations: | 
|  |  | 
|  | DAVLockDB "/usr/local/apache2/temp/DAV.lock" | 
|  |  | 
|  | On Debian these steps can be performed with: | 
|  |  | 
|  | Enable the dav and dav_fs modules of apache: | 
|  | $ a2enmod dav_fs | 
|  | (just to be sure. dav_fs might be unneeded, I don't know) | 
|  | $ a2enmod dav | 
|  | The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf: | 
|  | DAVLockDB /var/lock/apache2/DAVLock | 
|  |  | 
|  | Of course, it can point somewhere else, but the string is actually just a | 
|  | prefix in some Apache configurations, and therefore the _directory_ has to | 
|  | be writable by the user Apache runs as. | 
|  |  | 
|  | Then, add something like this to your httpd.conf | 
|  |  | 
|  | <Location /my-new-repo.git> | 
|  | DAV on | 
|  | AuthType Basic | 
|  | AuthName "Git" | 
|  | AuthUserFile /usr/local/apache2/conf/passwd.git | 
|  | Require valid-user | 
|  | </Location> | 
|  |  | 
|  | On Debian: | 
|  | Create (or add to) /etc/apache2/conf.d/git.conf : | 
|  |  | 
|  | <Location /my-new-repo.git> | 
|  | DAV on | 
|  | AuthType Basic | 
|  | AuthName "Git" | 
|  | AuthUserFile /etc/apache2/passwd.git | 
|  | Require valid-user | 
|  | </Location> | 
|  |  | 
|  | Debian automatically reads all files under /etc/apache2/conf.d. | 
|  |  | 
|  | The password file can be somewhere else, but it has to be readable by | 
|  | Apache and preferably not readable by the world. | 
|  |  | 
|  | Create this file by | 
|  | $ htpasswd -c /usr/local/apache2/conf/passwd.git <user> | 
|  |  | 
|  | On Debian: | 
|  | $ htpasswd -c /etc/apache2/passwd.git <user> | 
|  |  | 
|  | You will be asked a password, and the file is created. Subsequent calls | 
|  | to htpasswd should omit the '-c' option, since you want to append to the | 
|  | existing file. | 
|  |  | 
|  | You need to restart Apache. | 
|  |  | 
|  | Now go to http://<username>@<servername>/my-new-repo.git in your | 
|  | browser to check whether it asks for a password and accepts the right | 
|  | password. | 
|  |  | 
|  | On Debian: | 
|  |  | 
|  | To test the WebDAV part, do: | 
|  |  | 
|  | $ apt-get install litmus | 
|  | $ litmus http://<servername>/my-new-repo.git <username> <password> | 
|  |  | 
|  | Most tests should pass. | 
|  |  | 
|  | A command-line tool to test WebDAV is cadaver. If you prefer GUIs, for | 
|  | example, konqueror can open WebDAV URLs as "webdav://..." or | 
|  | "webdavs://...". | 
|  |  | 
|  | If you're into Windows, from XP onwards Internet Explorer supports | 
|  | WebDAV. For this, do Internet Explorer -> Open Location -> | 
|  | http://<servername>/my-new-repo.git [x] Open as webfolder -> login . | 
|  |  | 
|  |  | 
|  | Step 3: setup the client | 
|  | ------------------------ | 
|  |  | 
|  | Make sure that you have HTTP support, i.e. your Git was built with | 
|  | libcurl (version more recent than 7.10). The command 'git http-push' with | 
|  | no argument should display a usage message. | 
|  |  | 
|  | Then, add the following to your $HOME/.netrc (you can do without, but will be | 
|  | asked to input your password a _lot_ of times): | 
|  |  | 
|  | machine <servername> | 
|  | login <username> | 
|  | password <password> | 
|  |  | 
|  | ...and set permissions: | 
|  | chmod 600 ~/.netrc | 
|  |  | 
|  | If you want to access the web-server by its IP, you have to type that in, | 
|  | instead of the server name. | 
|  |  | 
|  | To check whether all is OK, do: | 
|  |  | 
|  | curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD | 
|  |  | 
|  | ...this should give something like 'ref: refs/heads/master', which is | 
|  | the content of the file HEAD on the server. | 
|  |  | 
|  | Now, add the remote in your existing repository which contains the project | 
|  | you want to export: | 
|  |  | 
|  | $ git-config remote.upload.url \ | 
|  | http://<username>@<servername>/my-new-repo.git/ | 
|  |  | 
|  | It is important to put the last '/'; Without it, the server will send | 
|  | a redirect which git-http-push does not (yet) understand, and git-http-push | 
|  | will repeat the request infinitely. | 
|  |  | 
|  |  | 
|  | Step 4: make the initial push | 
|  | ----------------------------- | 
|  |  | 
|  | From your client repository, do | 
|  |  | 
|  | $ git push upload master | 
|  |  | 
|  | This pushes branch 'master' (which is assumed to be the branch you | 
|  | want to export) to repository called 'upload', which we previously | 
|  | defined with git-config. | 
|  |  | 
|  |  | 
|  | Using a proxy: | 
|  | -------------- | 
|  |  | 
|  | If you have to access the WebDAV server from behind an HTTP(S) proxy, | 
|  | set the variable 'all_proxy' to 'http://proxy-host.com:port', or | 
|  | 'http://login-on-proxy:passwd-on-proxy@proxy-host.com:port'. See 'man | 
|  | curl' for details. | 
|  |  | 
|  |  | 
|  | Troubleshooting: | 
|  | ---------------- | 
|  |  | 
|  | If git-http-push says | 
|  |  | 
|  | Error: no DAV locking support on remote repo http://... | 
|  |  | 
|  | then it means the web-server did not accept your authentication. Make sure | 
|  | that the user name and password matches in httpd.conf, .netrc and the URL | 
|  | you are uploading to. | 
|  |  | 
|  | If git-http-push shows you an error (22/502) when trying to MOVE a blob, | 
|  | it means that your web-server somehow does not recognize its name in the | 
|  | request; This can happen when you start Apache, but then disable the | 
|  | network interface. A simple restart of Apache helps. | 
|  |  | 
|  | Errors like (22/502) are of format (curl error code/http error | 
|  | code). So (22/404) means something like 'not found' at the server. | 
|  |  | 
|  | Reading /usr/local/apache2/logs/error_log is often helpful. | 
|  |  | 
|  | On Debian: Read /var/log/apache2/error.log instead. | 
|  |  | 
|  | If you access HTTPS locations, Git may fail verifying the SSL | 
|  | certificate (this is return code 60). Setting http.sslVerify=false can | 
|  | help diagnosing the problem, but removes security checks. | 
|  |  | 
|  |  | 
|  | Debian References: http://www.debian-administration.org/articles/285 | 
|  |  | 
|  | Authors | 
|  | Johannes Schindelin <Johannes.Schindelin@gmx.de> | 
|  | Rutger Nijlunsing <git@wingding.demon.nl> | 
|  | Matthieu Moy <Matthieu.Moy@imag.fr> |