1From: Rutger Nijlunsing <rutger@nospam.com> 2Subject: Setting up a Git repository which can be pushed into and pulled from over HTTP(S). 3Date: Thu, 10 Aug 2006 22:00:26 +0200 4Content-type: text/asciidoc 5 6How to setup Git server over http 7================================= 8 9NOTE: This document is from 2006. A lot has happened since then, and this 10document is now relevant mainly if your web host is not CGI capable. 11Almost everyone else should instead look at linkgit:git-http-backend[1]. 12 13Since Apache is one of those packages people like to compile 14themselves while others prefer the bureaucrat's dream Debian, it is 15impossible to give guidelines which will work for everyone. Just send 16some feedback to the mailing list at git@vger.kernel.org to get this 17document tailored to your favorite distro. 18 19 20What's needed: 21 22- Have an Apache web-server 23 24 On Debian: 25 $ apt-get install apache2 26 To get apache2 by default started, 27 edit /etc/default/apache2 and set NO_START=0 28 29- can edit the configuration of it. 30 31 This could be found under /etc/httpd, or refer to your Apache documentation. 32 33 On Debian: this means being able to edit files under /etc/apache2 34 35- can restart it. 36 37 'apachectl --graceful' might do. If it doesn't, just stop and 38 restart apache. Be warning that active connections to your server 39 might be aborted by this. 40 41 On Debian: 42 $ /etc/init.d/apache2 restart 43 or 44 $ /etc/init.d/apache2 force-reload 45 (which seems to do the same) 46 This adds symlinks from the /etc/apache2/mods-enabled to 47 /etc/apache2/mods-available. 48 49- have permissions to chown a directory 50 51- have Git installed on the client, and 52 53- either have Git installed on the server or have a webdav client on 54 the client. 55 56In effect, this means you're going to be root, or that you're using a 57preconfigured WebDAV server. 58 59 60Step 1: setup a bare Git repository 61----------------------------------- 62 63At the time of writing, git-http-push cannot remotely create a Git 64repository. So we have to do that at the server side with Git. Another 65option is to generate an empty bare repository at the client and copy 66it to the server with a WebDAV client (which is the only option if Git 67is not installed on the server). 68 69Create the directory under the DocumentRoot of the directories served 70by Apache. As an example we take /usr/local/apache2, but try "grep 71DocumentRoot /where/ever/httpd.conf" to find your root: 72 73 $ cd /usr/local/apache/htdocs 74 $ mkdir my-new-repo.git 75 76 On Debian: 77 78 $ cd /var/www 79 $ mkdir my-new-repo.git 80 81 82Initialize a bare repository 83 84 $ cd my-new-repo.git 85 $ git --bare init 86 87 88Change the ownership to your web-server's credentials. Use "grep ^User 89httpd.conf" and "grep ^Group httpd.conf" to find out: 90 91 $ chown -R www.www . 92 93 On Debian: 94 95 $ chown -R www-data.www-data . 96 97 98If you do not know which user Apache runs as, you can alternatively do 99a "chmod -R a+w .", inspect the files which are created later on, and 100set the permissions appropriately. 101 102Restart apache2, and check whether http://server/my-new-repo.git gives 103a directory listing. If not, check whether apache started up 104successfully. 105 106 107Step 2: enable DAV on this repository 108------------------------------------- 109 110First make sure the dav_module is loaded. For this, insert in httpd.conf: 111 112 LoadModule dav_module libexec/httpd/libdav.so 113 AddModule mod_dav.c 114 115Also make sure that this line exists which is the file used for 116locking DAV operations: 117 118 DAVLockDB "/usr/local/apache2/temp/DAV.lock" 119 120 On Debian these steps can be performed with: 121 122 Enable the dav and dav_fs modules of apache: 123 $ a2enmod dav_fs 124 (just to be sure. dav_fs might be unneeded, I don't know) 125 $ a2enmod dav 126 The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf: 127 DAVLockDB /var/lock/apache2/DAVLock 128 129Of course, it can point somewhere else, but the string is actually just a 130prefix in some Apache configurations, and therefore the _directory_ has to 131be writable by the user Apache runs as. 132 133Then, add something like this to your httpd.conf 134 135 <Location /my-new-repo.git> 136 DAV on 137 AuthType Basic 138 AuthName "Git" 139 AuthUserFile /usr/local/apache2/conf/passwd.git 140 Require valid-user 141 </Location> 142 143 On Debian: 144 Create (or add to) /etc/apache2/conf.d/git.conf : 145 146 <Location /my-new-repo.git> 147 DAV on 148 AuthType Basic 149 AuthName "Git" 150 AuthUserFile /etc/apache2/passwd.git 151 Require valid-user 152 </Location> 153 154 Debian automatically reads all files under /etc/apache2/conf.d. 155 156The password file can be somewhere else, but it has to be readable by 157Apache and preferably not readable by the world. 158 159Create this file by 160 $ htpasswd -c /usr/local/apache2/conf/passwd.git <user> 161 162 On Debian: 163 $ htpasswd -c /etc/apache2/passwd.git <user> 164 165You will be asked a password, and the file is created. Subsequent calls 166to htpasswd should omit the '-c' option, since you want to append to the 167existing file. 168 169You need to restart Apache. 170 171Now go to http://<username>@<servername>/my-new-repo.git in your 172browser to check whether it asks for a password and accepts the right 173password. 174 175On Debian: 176 177 To test the WebDAV part, do: 178 179 $ apt-get install litmus 180 $ litmus http://<servername>/my-new-repo.git <username> <password> 181 182 Most tests should pass. 183 184A command line tool to test WebDAV is cadaver. If you prefer GUIs, for 185example, konqueror can open WebDAV URLs as "webdav://..." or 186"webdavs://...". 187 188If you're into Windows, from XP onwards Internet Explorer supports 189WebDAV. For this, do Internet Explorer -> Open Location -> 190http://<servername>/my-new-repo.git [x] Open as webfolder -> login . 191 192 193Step 3: setup the client 194------------------------ 195 196Make sure that you have HTTP support, i.e. your Git was built with 197libcurl (version more recent than 7.10). The command 'git http-push' with 198no argument should display a usage message. 199 200Then, add the following to your $HOME/.netrc (you can do without, but will be 201asked to input your password a _lot_ of times): 202 203 machine <servername> 204 login <username> 205 password <password> 206 207...and set permissions: 208 chmod 600 ~/.netrc 209 210If you want to access the web-server by its IP, you have to type that in, 211instead of the server name. 212 213To check whether all is OK, do: 214 215 curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD 216 217...this should give something like 'ref: refs/heads/master', which is 218the content of the file HEAD on the server. 219 220Now, add the remote in your existing repository which contains the project 221you want to export: 222 223 $ git-config remote.upload.url \ 224 http://<username>@<servername>/my-new-repo.git/ 225 226It is important to put the last '/'; Without it, the server will send 227a redirect which git-http-push does not (yet) understand, and git-http-push 228will repeat the request infinitely. 229 230 231Step 4: make the initial push 232----------------------------- 233 234From your client repository, do 235 236 $ git push upload master 237 238This pushes branch 'master' (which is assumed to be the branch you 239want to export) to repository called 'upload', which we previously 240defined with git-config. 241 242 243Using a proxy: 244-------------- 245 246If you have to access the WebDAV server from behind an HTTP(S) proxy, 247set the variable 'all_proxy' to 'http://proxy-host.com:port', or 248'http://login-on-proxy:passwd-on-proxy@proxy-host.com:port'. See 'man 249curl' for details. 250 251 252Troubleshooting: 253---------------- 254 255If git-http-push says 256 257 Error: no DAV locking support on remote repo http://... 258 259then it means the web-server did not accept your authentication. Make sure 260that the user name and password matches in httpd.conf, .netrc and the URL 261you are uploading to. 262 263If git-http-push shows you an error (22/502) when trying to MOVE a blob, 264it means that your web-server somehow does not recognize its name in the 265request; This can happen when you start Apache, but then disable the 266network interface. A simple restart of Apache helps. 267 268Errors like (22/502) are of format (curl error code/http error 269code). So (22/404) means something like 'not found' at the server. 270 271Reading /usr/local/apache2/logs/error_log is often helpful. 272 273 On Debian: Read /var/log/apache2/error.log instead. 274 275If you access HTTPS locations, Git may fail verifying the SSL 276certificate (this is return code 60). Setting http.sslVerify=false can 277help diagnosing the problem, but removes security checks. 278 279 280Debian References: http://www.debian-administration.org/articles/285 281 282Authors 283 Johannes Schindelin <Johannes.Schindelin@gmx.de> 284 Rutger Nijlunsing <git@wingding.demon.nl> 285 Matthieu Moy <Matthieu.Moy@imag.fr>