1From: Rutger Nijlunsing <rutger@nospam.com> 2Subject: Setting up a git repository which can be pushed into and pulled from over HTTP(S). 3Date: Thu, 10 Aug 2006 22:00:26 +0200 4 5Since Apache is one of those packages people like to compile 6themselves while others prefer the bureaucrat's dream Debian, it is 7impossible to give guidelines which will work for everyone. Just send 8some feedback to the mailing list at git@vger.kernel.org to get this 9document tailored to your favorite distro. 10 11 12What's needed: 13 14- Have an Apache web-server 15 16 On Debian: 17 $ apt-get install apache2 18 To get apache2 by default started, 19 edit /etc/default/apache2 and set NO_START=0 20 21- can edit the configuration of it. 22 23 This could be found under /etc/httpd, or refer to your Apache documentation. 24 25 On Debian: this means being able to edit files under /etc/apache2 26 27- can restart it. 28 29 'apachectl --graceful' might do. If it doesn't, just stop and 30 restart apache. Be warning that active connections to your server 31 might be aborted by this. 32 33 On Debian: 34 $ /etc/init.d/apache2 restart 35 or 36 $ /etc/init.d/apache2 force-reload 37 (which seems to do the same) 38 This adds symlinks from the /etc/apache2/mods-enabled to 39 /etc/apache2/mods-available. 40 41- have permissions to chown a directory 42 43- have git installed on the client, and 44 45- either have git installed on the server or have a webdav client on 46 the client. 47 48In effect, this means you're going to be root, or that you're using a 49preconfigured WebDAV server. 50 51 52Step 1: setup a bare GIT repository 53----------------------------------- 54 55At the time of writing, git-http-push cannot remotely create a GIT 56repository. So we have to do that at the server side with git. Another 57option is to generate an empty bare repository at the client and copy 58it to the server with a WebDAV client (which is the only option if Git 59is not installed on the server). 60 61Create the directory under the DocumentRoot of the directories served 62by Apache. As an example we take /usr/local/apache2, but try "grep 63DocumentRoot /where/ever/httpd.conf" to find your root: 64 65 $ cd /usr/local/apache/htdocs 66 $ mkdir my-new-repo.git 67 68 On Debian: 69 70 $ cd /var/www 71 $ mkdir my-new-repo.git 72 73 74Initialize a bare repository 75 76 $ cd my-new-repo.git 77 $ git --bare init 78 79 80Change the ownership to your web-server's credentials. Use "grep ^User 81httpd.conf" and "grep ^Group httpd.conf" to find out: 82 83 $ chown -R www.www . 84 85 On Debian: 86 87 $ chown -R www-data.www-data . 88 89 90If you do not know which user Apache runs as, you can alternatively do 91a "chmod -R a+w .", inspect the files which are created later on, and 92set the permissions appropriately. 93 94Restart apache2, and check whether http://server/my-new-repo.git gives 95a directory listing. If not, check whether apache started up 96successfully. 97 98 99Step 2: enable DAV on this repository 100------------------------------------- 101 102First make sure the dav_module is loaded. For this, insert in httpd.conf: 103 104 LoadModule dav_module libexec/httpd/libdav.so 105 AddModule mod_dav.c 106 107Also make sure that this line exists which is the file used for 108locking DAV operations: 109 110 DAVLockDB "/usr/local/apache2/temp/DAV.lock" 111 112 On Debian these steps can be performed with: 113 114 Enable the dav and dav_fs modules of apache: 115 $ a2enmod dav_fs 116 (just to be sure. dav_fs might be unneeded, I don't know) 117 $ a2enmod dav 118 The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf: 119 DAVLockDB /var/lock/apache2/DAVLock 120 121Of course, it can point somewhere else, but the string is actually just a 122prefix in some Apache configurations, and therefore the _directory_ has to 123be writable by the user Apache runs as. 124 125Then, add something like this to your httpd.conf 126 127 <Location /my-new-repo.git> 128 DAV on 129 AuthType Basic 130 AuthName "Git" 131 AuthUserFile /usr/local/apache2/conf/passwd.git 132 Require valid-user 133 </Location> 134 135 On Debian: 136 Create (or add to) /etc/apache2/conf.d/git.conf : 137 138 <Location /my-new-repo.git> 139 DAV on 140 AuthType Basic 141 AuthName "Git" 142 AuthUserFile /etc/apache2/passwd.git 143 Require valid-user 144 </Location> 145 146 Debian automatically reads all files under /etc/apach2/conf.d. 147 148The password file can be somewhere else, but it has to be readable by 149Apache and preferably not readable by the world. 150 151Create this file by 152 $ htpasswd -c /usr/local/apache2/conf/passwd.git <user> 153 154 On Debian: 155 $ htpasswd -c /etc/apache2/passwd.git <user> 156 157You will be asked a password, and the file is created. Subsequent calls 158to htpasswd should omit the '-c' option, since you want to append to the 159existing file. 160 161You need to restart Apache. 162 163Now go to http://<username>@<servername>/my-new-repo.git in your 164browser to check whether it asks for a password and accepts the right 165password. 166 167On Debian: 168 169 To test the WebDAV part, do: 170 171 $ apt-get install litmus 172 $ litmus http://<servername>/my-new-repo.git <username> <password> 173 174 Most tests should pass. 175 176A command line tool to test WebDAV is cadaver. If you prefer GUIs, for 177example, konqueror can open WebDAV URLs as "webdav://..." or 178"webdavs://...". 179 180If you're into Windows, from XP onwards Internet Explorer supports 181WebDAV. For this, do Internet Explorer -> Open Location -> 182http://<servername>/my-new-repo.git [x] Open as webfolder -> login . 183 184 185Step 3: setup the client 186------------------------ 187 188Make sure that you have HTTP support, i.e. your git was built with 189libcurl (version more recent than 7.10). The command 'git http-push' with 190no argument should display a usage message. 191 192Then, add the following to your $HOME/.netrc (you can do without, but will be 193asked to input your password a _lot_ of times): 194 195 machine <servername> 196 login <username> 197 password <password> 198 199...and set permissions: 200 chmod 600 ~/.netrc 201 202If you want to access the web-server by its IP, you have to type that in, 203instead of the server name. 204 205To check whether all is OK, do: 206 207 curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD 208 209...this should give something like 'ref: refs/heads/master', which is 210the content of the file HEAD on the server. 211 212Now, add the remote in your existing repository which contains the project 213you want to export: 214 215 $ git-config remote.upload.url \ 216 http://<username>@<servername>/my-new-repo.git/ 217 218It is important to put the last '/'; Without it, the server will send 219a redirect which git-http-push does not (yet) understand, and git-http-push 220will repeat the request infinitely. 221 222 223Step 4: make the initial push 224----------------------------- 225 226From your client repository, do 227 228 $ git push upload master 229 230This pushes branch 'master' (which is assumed to be the branch you 231want to export) to repository called 'upload', which we previously 232defined with git-config. 233 234 235Using a proxy: 236-------------- 237 238If you have to access the WebDAV server from behind an HTTP(S) proxy, 239set the variable 'all_proxy' to 'http://proxy-host.com:port', or 240'http://login-on-proxy:passwd-on-proxy@proxy-host.com:port'. See 'man 241curl' for details. 242 243 244Troubleshooting: 245---------------- 246 247If git-http-push says 248 249 Error: no DAV locking support on remote repo http://... 250 251then it means the web-server did not accept your authentication. Make sure 252that the user name and password matches in httpd.conf, .netrc and the URL 253you are uploading to. 254 255If git-http-push shows you an error (22/502) when trying to MOVE a blob, 256it means that your web-server somehow does not recognize its name in the 257request; This can happen when you start Apache, but then disable the 258network interface. A simple restart of Apache helps. 259 260Errors like (22/502) are of format (curl error code/http error 261code). So (22/404) means something like 'not found' at the server. 262 263Reading /usr/local/apache2/logs/error_log is often helpful. 264 265 On Debian: Read /var/log/apache2/error.log instead. 266 267If you access HTTPS locations, git may fail verifying the SSL 268certificate (this is return code 60). Setting http.sslVerify=false can 269help diagnosing the problem, but removes security checks. 270 271 272Debian References: http://www.debian-administration.org/articles/285 273 274Authors 275 Johannes Schindelin <Johannes.Schindelin@gmx.de> 276 Rutger Nijlunsing <git@wingding.demon.nl> 277 Matthieu Moy <Matthieu.Moy@imag.fr>