Documentation / howto / setup-git-server-over-http.txton commit Merge branch 'jk/upload-pack-keepalive' into maint (9432c6a)
   1From: Rutger Nijlunsing <rutger@nospam.com>
   2Subject: Setting up a Git repository which can be pushed into and pulled from over HTTP(S).
   3Date: Thu, 10 Aug 2006 22:00:26 +0200
   4Content-type: text/asciidoc
   5
   6How to setup Git server over http
   7=================================
   8
   9Since Apache is one of those packages people like to compile
  10themselves while others prefer the bureaucrat's dream Debian, it is
  11impossible to give guidelines which will work for everyone. Just send
  12some feedback to the mailing list at git@vger.kernel.org to get this
  13document tailored to your favorite distro.
  14
  15
  16What's needed:
  17
  18- Have an Apache web-server
  19
  20  On Debian:
  21    $ apt-get install apache2
  22    To get apache2 by default started,
  23    edit /etc/default/apache2 and set NO_START=0
  24
  25- can edit the configuration of it.
  26
  27  This could be found under /etc/httpd, or refer to your Apache documentation.
  28
  29  On Debian: this means being able to edit files under /etc/apache2
  30
  31- can restart it.
  32
  33  'apachectl --graceful' might do. If it doesn't, just stop and
  34  restart apache. Be warning that active connections to your server
  35  might be aborted by this.
  36
  37  On Debian:
  38    $ /etc/init.d/apache2 restart
  39  or
  40    $ /etc/init.d/apache2 force-reload
  41    (which seems to do the same)
  42  This adds symlinks from the /etc/apache2/mods-enabled to
  43  /etc/apache2/mods-available.
  44
  45- have permissions to chown a directory
  46
  47- have Git installed on the client, and
  48
  49- either have Git installed on the server or have a webdav client on
  50  the client.
  51
  52In effect, this means you're going to be root, or that you're using a
  53preconfigured WebDAV server.
  54
  55
  56Step 1: setup a bare Git repository
  57-----------------------------------
  58
  59At the time of writing, git-http-push cannot remotely create a Git
  60repository. So we have to do that at the server side with Git. Another
  61option is to generate an empty bare repository at the client and copy
  62it to the server with a WebDAV client (which is the only option if Git
  63is not installed on the server).
  64
  65Create the directory under the DocumentRoot of the directories served
  66by Apache. As an example we take /usr/local/apache2, but try "grep
  67DocumentRoot /where/ever/httpd.conf" to find your root:
  68
  69    $ cd /usr/local/apache/htdocs
  70    $ mkdir my-new-repo.git
  71
  72  On Debian:
  73
  74    $ cd /var/www
  75    $ mkdir my-new-repo.git
  76
  77
  78Initialize a bare repository
  79
  80    $ cd my-new-repo.git
  81    $ git --bare init
  82
  83
  84Change the ownership to your web-server's credentials. Use "grep ^User
  85httpd.conf" and "grep ^Group httpd.conf" to find out:
  86
  87    $ chown -R www.www .
  88
  89  On Debian:
  90
  91    $ chown -R www-data.www-data .
  92
  93
  94If you do not know which user Apache runs as, you can alternatively do
  95a "chmod -R a+w .", inspect the files which are created later on, and
  96set the permissions appropriately.
  97
  98Restart apache2, and check whether http://server/my-new-repo.git gives
  99a directory listing. If not, check whether apache started up
 100successfully.
 101
 102
 103Step 2: enable DAV on this repository
 104-------------------------------------
 105
 106First make sure the dav_module is loaded. For this, insert in httpd.conf:
 107
 108    LoadModule dav_module libexec/httpd/libdav.so
 109    AddModule mod_dav.c
 110
 111Also make sure that this line exists which is the file used for
 112locking DAV operations:
 113
 114  DAVLockDB "/usr/local/apache2/temp/DAV.lock"
 115
 116  On Debian these steps can be performed with:
 117
 118    Enable the dav and dav_fs modules of apache:
 119    $ a2enmod dav_fs
 120    (just to be sure. dav_fs might be unneeded, I don't know)
 121    $ a2enmod dav
 122    The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf:
 123      DAVLockDB /var/lock/apache2/DAVLock
 124
 125Of course, it can point somewhere else, but the string is actually just a
 126prefix in some Apache configurations, and therefore the _directory_ has to
 127be writable by the user Apache runs as.
 128
 129Then, add something like this to your httpd.conf
 130
 131  <Location /my-new-repo.git>
 132     DAV on
 133     AuthType Basic
 134     AuthName "Git"
 135     AuthUserFile /usr/local/apache2/conf/passwd.git
 136     Require valid-user
 137  </Location>
 138
 139  On Debian:
 140    Create (or add to) /etc/apache2/conf.d/git.conf :
 141
 142    <Location /my-new-repo.git>
 143       DAV on
 144       AuthType Basic
 145       AuthName "Git"
 146       AuthUserFile /etc/apache2/passwd.git
 147       Require valid-user
 148    </Location>
 149
 150    Debian automatically reads all files under /etc/apache2/conf.d.
 151
 152The password file can be somewhere else, but it has to be readable by
 153Apache and preferably not readable by the world.
 154
 155Create this file by
 156    $ htpasswd -c /usr/local/apache2/conf/passwd.git <user>
 157
 158    On Debian:
 159      $ htpasswd -c /etc/apache2/passwd.git <user>
 160
 161You will be asked a password, and the file is created. Subsequent calls
 162to htpasswd should omit the '-c' option, since you want to append to the
 163existing file.
 164
 165You need to restart Apache.
 166
 167Now go to http://<username>@<servername>/my-new-repo.git in your
 168browser to check whether it asks for a password and accepts the right
 169password.
 170
 171On Debian:
 172
 173   To test the WebDAV part, do:
 174
 175   $ apt-get install litmus
 176   $ litmus http://<servername>/my-new-repo.git <username> <password>
 177
 178   Most tests should pass.
 179
 180A command line tool to test WebDAV is cadaver. If you prefer GUIs, for
 181example, konqueror can open WebDAV URLs as "webdav://..." or
 182"webdavs://...".
 183
 184If you're into Windows, from XP onwards Internet Explorer supports
 185WebDAV. For this, do Internet Explorer -> Open Location ->
 186http://<servername>/my-new-repo.git [x] Open as webfolder -> login .
 187
 188
 189Step 3: setup the client
 190------------------------
 191
 192Make sure that you have HTTP support, i.e. your Git was built with
 193libcurl (version more recent than 7.10). The command 'git http-push' with
 194no argument should display a usage message.
 195
 196Then, add the following to your $HOME/.netrc (you can do without, but will be
 197asked to input your password a _lot_ of times):
 198
 199    machine <servername>
 200    login <username>
 201    password <password>
 202
 203...and set permissions:
 204     chmod 600 ~/.netrc
 205
 206If you want to access the web-server by its IP, you have to type that in,
 207instead of the server name.
 208
 209To check whether all is OK, do:
 210
 211   curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD
 212
 213...this should give something like 'ref: refs/heads/master', which is
 214the content of the file HEAD on the server.
 215
 216Now, add the remote in your existing repository which contains the project
 217you want to export:
 218
 219   $ git-config remote.upload.url \
 220       http://<username>@<servername>/my-new-repo.git/
 221
 222It is important to put the last '/'; Without it, the server will send
 223a redirect which git-http-push does not (yet) understand, and git-http-push
 224will repeat the request infinitely.
 225
 226
 227Step 4: make the initial push
 228-----------------------------
 229
 230From your client repository, do
 231
 232   $ git push upload master
 233
 234This pushes branch 'master' (which is assumed to be the branch you
 235want to export) to repository called 'upload', which we previously
 236defined with git-config.
 237
 238
 239Using a proxy:
 240--------------
 241
 242If you have to access the WebDAV server from behind an HTTP(S) proxy,
 243set the variable 'all_proxy' to 'http://proxy-host.com:port', or
 244'http://login-on-proxy:passwd-on-proxy@proxy-host.com:port'. See 'man
 245curl' for details.
 246
 247
 248Troubleshooting:
 249----------------
 250
 251If git-http-push says
 252
 253   Error: no DAV locking support on remote repo http://...
 254
 255then it means the web-server did not accept your authentication. Make sure
 256that the user name and password matches in httpd.conf, .netrc and the URL
 257you are uploading to.
 258
 259If git-http-push shows you an error (22/502) when trying to MOVE a blob,
 260it means that your web-server somehow does not recognize its name in the
 261request; This can happen when you start Apache, but then disable the
 262network interface. A simple restart of Apache helps.
 263
 264Errors like (22/502) are of format (curl error code/http error
 265code). So (22/404) means something like 'not found' at the server.
 266
 267Reading /usr/local/apache2/logs/error_log is often helpful.
 268
 269  On Debian: Read /var/log/apache2/error.log instead.
 270
 271If you access HTTPS locations, Git may fail verifying the SSL
 272certificate (this is return code 60). Setting http.sslVerify=false can
 273help diagnosing the problem, but removes security checks.
 274
 275
 276Debian References: http://www.debian-administration.org/articles/285
 277
 278Authors
 279  Johannes Schindelin <Johannes.Schindelin@gmx.de>
 280  Rutger Nijlunsing <git@wingding.demon.nl>
 281  Matthieu Moy <Matthieu.Moy@imag.fr>