1From: Rutger Nijlunsing <rutger@nospam.com> 2Subject: Setting up a Git repository which can be pushed into and pulled from over HTTP(S). 3Date: Thu, 10 Aug 2006 22:00:26 +0200 4Content-type: text/asciidoc 5 6How to setup Git server over http 7================================= 8 9Since Apache is one of those packages people like to compile 10themselves while others prefer the bureaucrat's dream Debian, it is 11impossible to give guidelines which will work for everyone. Just send 12some feedback to the mailing list at git@vger.kernel.org to get this 13document tailored to your favorite distro. 14 15 16What's needed: 17 18- Have an Apache web-server 19 20 On Debian: 21 $ apt-get install apache2 22 To get apache2 by default started, 23 edit /etc/default/apache2 and set NO_START=0 24 25- can edit the configuration of it. 26 27 This could be found under /etc/httpd, or refer to your Apache documentation. 28 29 On Debian: this means being able to edit files under /etc/apache2 30 31- can restart it. 32 33 'apachectl --graceful' might do. If it doesn't, just stop and 34 restart apache. Be warning that active connections to your server 35 might be aborted by this. 36 37 On Debian: 38 $ /etc/init.d/apache2 restart 39 or 40 $ /etc/init.d/apache2 force-reload 41 (which seems to do the same) 42 This adds symlinks from the /etc/apache2/mods-enabled to 43 /etc/apache2/mods-available. 44 45- have permissions to chown a directory 46 47- have Git installed on the client, and 48 49- either have Git installed on the server or have a webdav client on 50 the client. 51 52In effect, this means you're going to be root, or that you're using a 53preconfigured WebDAV server. 54 55 56Step 1: setup a bare Git repository 57----------------------------------- 58 59At the time of writing, git-http-push cannot remotely create a Git 60repository. So we have to do that at the server side with Git. Another 61option is to generate an empty bare repository at the client and copy 62it to the server with a WebDAV client (which is the only option if Git 63is not installed on the server). 64 65Create the directory under the DocumentRoot of the directories served 66by Apache. As an example we take /usr/local/apache2, but try "grep 67DocumentRoot /where/ever/httpd.conf" to find your root: 68 69 $ cd /usr/local/apache/htdocs 70 $ mkdir my-new-repo.git 71 72 On Debian: 73 74 $ cd /var/www 75 $ mkdir my-new-repo.git 76 77 78Initialize a bare repository 79 80 $ cd my-new-repo.git 81 $ git --bare init 82 83 84Change the ownership to your web-server's credentials. Use `"grep ^User 85httpd.conf"` and `"grep ^Group httpd.conf"` to find out: 86 87 $ chown -R www.www . 88 89 On Debian: 90 91 $ chown -R www-data.www-data . 92 93 94If you do not know which user Apache runs as, you can alternatively do 95a "chmod -R a+w .", inspect the files which are created later on, and 96set the permissions appropriately. 97 98Restart apache2, and check whether http://server/my-new-repo.git gives 99a directory listing. If not, check whether apache started up 100successfully. 101 102 103Step 2: enable DAV on this repository 104------------------------------------- 105 106First make sure the dav_module is loaded. For this, insert in httpd.conf: 107 108 LoadModule dav_module libexec/httpd/libdav.so 109 AddModule mod_dav.c 110 111Also make sure that this line exists which is the file used for 112locking DAV operations: 113 114 DAVLockDB "/usr/local/apache2/temp/DAV.lock" 115 116 On Debian these steps can be performed with: 117 118 Enable the dav and dav_fs modules of apache: 119 $ a2enmod dav_fs 120 (just to be sure. dav_fs might be unneeded, I don't know) 121 $ a2enmod dav 122 The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf: 123 DAVLockDB /var/lock/apache2/DAVLock 124 125Of course, it can point somewhere else, but the string is actually just a 126prefix in some Apache configurations, and therefore the _directory_ has to 127be writable by the user Apache runs as. 128 129Then, add something like this to your httpd.conf 130 131 <Location /my-new-repo.git> 132 DAV on 133 AuthType Basic 134 AuthName "Git" 135 AuthUserFile /usr/local/apache2/conf/passwd.git 136 Require valid-user 137 </Location> 138 139 On Debian: 140 Create (or add to) /etc/apache2/conf.d/git.conf : 141 142 <Location /my-new-repo.git> 143 DAV on 144 AuthType Basic 145 AuthName "Git" 146 AuthUserFile /etc/apache2/passwd.git 147 Require valid-user 148 </Location> 149 150 Debian automatically reads all files under /etc/apache2/conf.d. 151 152The password file can be somewhere else, but it has to be readable by 153Apache and preferably not readable by the world. 154 155Create this file by 156 $ htpasswd -c /usr/local/apache2/conf/passwd.git <user> 157 158 On Debian: 159 $ htpasswd -c /etc/apache2/passwd.git <user> 160 161You will be asked a password, and the file is created. Subsequent calls 162to htpasswd should omit the '-c' option, since you want to append to the 163existing file. 164 165You need to restart Apache. 166 167Now go to http://<username>@<servername>/my-new-repo.git in your 168browser to check whether it asks for a password and accepts the right 169password. 170 171On Debian: 172 173 To test the WebDAV part, do: 174 175 $ apt-get install litmus 176 $ litmus http://<servername>/my-new-repo.git <username> <password> 177 178 Most tests should pass. 179 180A command line tool to test WebDAV is cadaver. If you prefer GUIs, for 181example, konqueror can open WebDAV URLs as "webdav://..." or 182"webdavs://...". 183 184If you're into Windows, from XP onwards Internet Explorer supports 185WebDAV. For this, do Internet Explorer -> Open Location -> 186http://<servername>/my-new-repo.git [x] Open as webfolder -> login . 187 188 189Step 3: setup the client 190------------------------ 191 192Make sure that you have HTTP support, i.e. your Git was built with 193libcurl (version more recent than 7.10). The command 'git http-push' with 194no argument should display a usage message. 195 196Then, add the following to your $HOME/.netrc (you can do without, but will be 197asked to input your password a _lot_ of times): 198 199 machine <servername> 200 login <username> 201 password <password> 202 203...and set permissions: 204 chmod 600 ~/.netrc 205 206If you want to access the web-server by its IP, you have to type that in, 207instead of the server name. 208 209To check whether all is OK, do: 210 211 curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD 212 213...this should give something like 'ref: refs/heads/master', which is 214the content of the file HEAD on the server. 215 216Now, add the remote in your existing repository which contains the project 217you want to export: 218 219 $ git-config remote.upload.url \ 220 http://<username>@<servername>/my-new-repo.git/ 221 222It is important to put the last '/'; Without it, the server will send 223a redirect which git-http-push does not (yet) understand, and git-http-push 224will repeat the request infinitely. 225 226 227Step 4: make the initial push 228----------------------------- 229 230From your client repository, do 231 232 $ git push upload master 233 234This pushes branch 'master' (which is assumed to be the branch you 235want to export) to repository called 'upload', which we previously 236defined with git-config. 237 238 239Using a proxy: 240-------------- 241 242If you have to access the WebDAV server from behind an HTTP(S) proxy, 243set the variable 'all_proxy' to 'http://proxy-host.com:port', or 244'http://login-on-proxy:passwd-on-proxy@proxy-host.com:port'. See 'man 245curl' for details. 246 247 248Troubleshooting: 249---------------- 250 251If git-http-push says 252 253 Error: no DAV locking support on remote repo http://... 254 255then it means the web-server did not accept your authentication. Make sure 256that the user name and password matches in httpd.conf, .netrc and the URL 257you are uploading to. 258 259If git-http-push shows you an error (22/502) when trying to MOVE a blob, 260it means that your web-server somehow does not recognize its name in the 261request; This can happen when you start Apache, but then disable the 262network interface. A simple restart of Apache helps. 263 264Errors like (22/502) are of format (curl error code/http error 265code). So (22/404) means something like 'not found' at the server. 266 267Reading /usr/local/apache2/logs/error_log is often helpful. 268 269 On Debian: Read /var/log/apache2/error.log instead. 270 271If you access HTTPS locations, Git may fail verifying the SSL 272certificate (this is return code 60). Setting http.sslVerify=false can 273help diagnosing the problem, but removes security checks. 274 275 276Debian References: http://www.debian-administration.org/articles/285 277 278Authors 279 Johannes Schindelin <Johannes.Schindelin@gmx.de> 280 Rutger Nijlunsing <git@wingding.demon.nl> 281 Matthieu Moy <Matthieu.Moy@imag.fr>