Documentation / howto / setup-git-server-over-http.txton commit Merge branch 'jc/push-cert' into maint (b1cffbf)
   1From: Rutger Nijlunsing <rutger@nospam.com>
   2Subject: Setting up a Git repository which can be pushed into and pulled from over HTTP(S).
   3Date: Thu, 10 Aug 2006 22:00:26 +0200
   4Content-type: text/asciidoc
   5
   6How to setup Git server over http
   7=================================
   8
   9NOTE: This document is from 2006.  A lot has happened since then, and this
  10document is now relevant mainly if your web host is not CGI capable.
  11Almost everyone else should instead look at linkgit:git-http-backend[1].
  12
  13Since Apache is one of those packages people like to compile
  14themselves while others prefer the bureaucrat's dream Debian, it is
  15impossible to give guidelines which will work for everyone. Just send
  16some feedback to the mailing list at git@vger.kernel.org to get this
  17document tailored to your favorite distro.
  18
  19
  20What's needed:
  21
  22- Have an Apache web-server
  23
  24  On Debian:
  25    $ apt-get install apache2
  26    To get apache2 by default started,
  27    edit /etc/default/apache2 and set NO_START=0
  28
  29- can edit the configuration of it.
  30
  31  This could be found under /etc/httpd, or refer to your Apache documentation.
  32
  33  On Debian: this means being able to edit files under /etc/apache2
  34
  35- can restart it.
  36
  37  'apachectl --graceful' might do. If it doesn't, just stop and
  38  restart apache. Be warning that active connections to your server
  39  might be aborted by this.
  40
  41  On Debian:
  42    $ /etc/init.d/apache2 restart
  43  or
  44    $ /etc/init.d/apache2 force-reload
  45    (which seems to do the same)
  46  This adds symlinks from the /etc/apache2/mods-enabled to
  47  /etc/apache2/mods-available.
  48
  49- have permissions to chown a directory
  50
  51- have Git installed on the client, and
  52
  53- either have Git installed on the server or have a webdav client on
  54  the client.
  55
  56In effect, this means you're going to be root, or that you're using a
  57preconfigured WebDAV server.
  58
  59
  60Step 1: setup a bare Git repository
  61-----------------------------------
  62
  63At the time of writing, git-http-push cannot remotely create a Git
  64repository. So we have to do that at the server side with Git. Another
  65option is to generate an empty bare repository at the client and copy
  66it to the server with a WebDAV client (which is the only option if Git
  67is not installed on the server).
  68
  69Create the directory under the DocumentRoot of the directories served
  70by Apache. As an example we take /usr/local/apache2, but try "grep
  71DocumentRoot /where/ever/httpd.conf" to find your root:
  72
  73    $ cd /usr/local/apache/htdocs
  74    $ mkdir my-new-repo.git
  75
  76  On Debian:
  77
  78    $ cd /var/www
  79    $ mkdir my-new-repo.git
  80
  81
  82Initialize a bare repository
  83
  84    $ cd my-new-repo.git
  85    $ git --bare init
  86
  87
  88Change the ownership to your web-server's credentials. Use `"grep ^User
  89httpd.conf"` and `"grep ^Group httpd.conf"` to find out:
  90
  91    $ chown -R www.www .
  92
  93  On Debian:
  94
  95    $ chown -R www-data.www-data .
  96
  97
  98If you do not know which user Apache runs as, you can alternatively do
  99a "chmod -R a+w .", inspect the files which are created later on, and
 100set the permissions appropriately.
 101
 102Restart apache2, and check whether http://server/my-new-repo.git gives
 103a directory listing. If not, check whether apache started up
 104successfully.
 105
 106
 107Step 2: enable DAV on this repository
 108-------------------------------------
 109
 110First make sure the dav_module is loaded. For this, insert in httpd.conf:
 111
 112    LoadModule dav_module libexec/httpd/libdav.so
 113    AddModule mod_dav.c
 114
 115Also make sure that this line exists which is the file used for
 116locking DAV operations:
 117
 118  DAVLockDB "/usr/local/apache2/temp/DAV.lock"
 119
 120  On Debian these steps can be performed with:
 121
 122    Enable the dav and dav_fs modules of apache:
 123    $ a2enmod dav_fs
 124    (just to be sure. dav_fs might be unneeded, I don't know)
 125    $ a2enmod dav
 126    The DAV lock is located in /etc/apache2/mods-available/dav_fs.conf:
 127      DAVLockDB /var/lock/apache2/DAVLock
 128
 129Of course, it can point somewhere else, but the string is actually just a
 130prefix in some Apache configurations, and therefore the _directory_ has to
 131be writable by the user Apache runs as.
 132
 133Then, add something like this to your httpd.conf
 134
 135  <Location /my-new-repo.git>
 136     DAV on
 137     AuthType Basic
 138     AuthName "Git"
 139     AuthUserFile /usr/local/apache2/conf/passwd.git
 140     Require valid-user
 141  </Location>
 142
 143  On Debian:
 144    Create (or add to) /etc/apache2/conf.d/git.conf :
 145
 146    <Location /my-new-repo.git>
 147       DAV on
 148       AuthType Basic
 149       AuthName "Git"
 150       AuthUserFile /etc/apache2/passwd.git
 151       Require valid-user
 152    </Location>
 153
 154    Debian automatically reads all files under /etc/apache2/conf.d.
 155
 156The password file can be somewhere else, but it has to be readable by
 157Apache and preferably not readable by the world.
 158
 159Create this file by
 160    $ htpasswd -c /usr/local/apache2/conf/passwd.git <user>
 161
 162    On Debian:
 163      $ htpasswd -c /etc/apache2/passwd.git <user>
 164
 165You will be asked a password, and the file is created. Subsequent calls
 166to htpasswd should omit the '-c' option, since you want to append to the
 167existing file.
 168
 169You need to restart Apache.
 170
 171Now go to http://<username>@<servername>/my-new-repo.git in your
 172browser to check whether it asks for a password and accepts the right
 173password.
 174
 175On Debian:
 176
 177   To test the WebDAV part, do:
 178
 179   $ apt-get install litmus
 180   $ litmus http://<servername>/my-new-repo.git <username> <password>
 181
 182   Most tests should pass.
 183
 184A command-line tool to test WebDAV is cadaver. If you prefer GUIs, for
 185example, konqueror can open WebDAV URLs as "webdav://..." or
 186"webdavs://...".
 187
 188If you're into Windows, from XP onwards Internet Explorer supports
 189WebDAV. For this, do Internet Explorer -> Open Location ->
 190http://<servername>/my-new-repo.git [x] Open as webfolder -> login .
 191
 192
 193Step 3: setup the client
 194------------------------
 195
 196Make sure that you have HTTP support, i.e. your Git was built with
 197libcurl (version more recent than 7.10). The command 'git http-push' with
 198no argument should display a usage message.
 199
 200Then, add the following to your $HOME/.netrc (you can do without, but will be
 201asked to input your password a _lot_ of times):
 202
 203    machine <servername>
 204    login <username>
 205    password <password>
 206
 207...and set permissions:
 208     chmod 600 ~/.netrc
 209
 210If you want to access the web-server by its IP, you have to type that in,
 211instead of the server name.
 212
 213To check whether all is OK, do:
 214
 215   curl --netrc --location -v http://<username>@<servername>/my-new-repo.git/HEAD
 216
 217...this should give something like 'ref: refs/heads/master', which is
 218the content of the file HEAD on the server.
 219
 220Now, add the remote in your existing repository which contains the project
 221you want to export:
 222
 223   $ git-config remote.upload.url \
 224       http://<username>@<servername>/my-new-repo.git/
 225
 226It is important to put the last '/'; Without it, the server will send
 227a redirect which git-http-push does not (yet) understand, and git-http-push
 228will repeat the request infinitely.
 229
 230
 231Step 4: make the initial push
 232-----------------------------
 233
 234From your client repository, do
 235
 236   $ git push upload master
 237
 238This pushes branch 'master' (which is assumed to be the branch you
 239want to export) to repository called 'upload', which we previously
 240defined with git-config.
 241
 242
 243Using a proxy:
 244--------------
 245
 246If you have to access the WebDAV server from behind an HTTP(S) proxy,
 247set the variable 'all_proxy' to 'http://proxy-host.com:port', or
 248'http://login-on-proxy:passwd-on-proxy@proxy-host.com:port'. See 'man
 249curl' for details.
 250
 251
 252Troubleshooting:
 253----------------
 254
 255If git-http-push says
 256
 257   Error: no DAV locking support on remote repo http://...
 258
 259then it means the web-server did not accept your authentication. Make sure
 260that the user name and password matches in httpd.conf, .netrc and the URL
 261you are uploading to.
 262
 263If git-http-push shows you an error (22/502) when trying to MOVE a blob,
 264it means that your web-server somehow does not recognize its name in the
 265request; This can happen when you start Apache, but then disable the
 266network interface. A simple restart of Apache helps.
 267
 268Errors like (22/502) are of format (curl error code/http error
 269code). So (22/404) means something like 'not found' at the server.
 270
 271Reading /usr/local/apache2/logs/error_log is often helpful.
 272
 273  On Debian: Read /var/log/apache2/error.log instead.
 274
 275If you access HTTPS locations, Git may fail verifying the SSL
 276certificate (this is return code 60). Setting http.sslVerify=false can
 277help diagnosing the problem, but removes security checks.
 278
 279
 280Debian References: http://www.debian-administration.org/articles/285
 281
 282Authors
 283  Johannes Schindelin <Johannes.Schindelin@gmx.de>
 284  Rutger Nijlunsing <git@wingding.demon.nl>
 285  Matthieu Moy <Matthieu.Moy@imag.fr>