The main confusion was between gitweb and git-http-backend script. They are completely different scripts. If you need only to browse the git contents without pushing by http/https, then you do not need git-http-backend script, and it is really simple to setup.
Another main issue is the git package itself does not have an access control system. So a lot of tutorials on how to setup gitweb are dealing with gitolite together, and it creates more complication. For small projects, apache's auth tools should be good enough to start with.
Let's install git-core, gitweb, highlight (syntax highlight package). My Ubuntu is 12.04 server.
sudo apt-get install git-core gitweb highlightgit-core installs its package at /usr/lib/git-core/
and gitweb installs at /usr/share/gitweb. It also creates gitweb configuration at /etc/apache2/conf.d/gitweb. But we don't want this to be loaded on all apache2 hosts automatically, so let's delete this file.
sudo rm /etc/apache2/conf.d/gitwebDepending on how to setup the apache host, the configuration may be different. Here is what we want to use
GIT repo location: /srv/git GIT HTTP URL: git.mydomain.com clone example from this url: clone http://git.mydomain.com/myrepo.gitFirst, create a GIT repo.
mkdir /srv/git cd /srv/git git init --bare --shared myrepo.gitNow we need to edit /etc/gitweb.conf to update the git repo location and add the highlight option at the end of the file.
sudo vim /etc/gitweb.conf
#projectroot to /srv/git
$projectroot = "/srv/git";
# Add Highlighting at the end
$feature{'highlight'}{'default'} = [1];
Ok, the first goal is setting up a simple git repo browsing host without push and access control.
sudo vi /etc/apache2/sites-available/git
<virtualhost *:80>
ServerName git.mydomain.com
DocumentRoot /usr/share/gitweb
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
</directory>
</virtualhost>
#After saving the file, make it enabled
sudo a2ensite git
Now reload apache, and see it works.
The next step is allowing pushing back to host and add an access control on it.
We will use auth_digest apache module, but depending on cases, other mods can be used.
a2enmod auth_digestHere is the apache host config for that.
<VirtualHost *:80>
ServerName git.mydomain.com
DocumentRoot /usr/share/gitweb
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/usr/lib/git-core/git-http-backend/$1
SetEnv GIT_PROJECT_ROOT /srv/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
</Directory>
<Location />
AuthType Digest
AuthName "Private Git Repository Access"
AuthUserFile /srv/git/.htpasswd
Require valid-user
</Location>
</VirtualHost>
Create .htpasswd and add users
touch /srv/git/.htpasswd htdigest /srv/git/.htpasswd "Private Git Repository Access" usernameAllow apache user, www-data to access /srv/git directory
sudo chown -R www-data:www-data /srv/gitIf you use https, make sure you have installed a valid certificate, otherwise you will get https validation error. If you want to skip this, run this on the client side.
git config --global http.sslVerify falseTo enable anonymous read access but authenticated write access, replace the <Location /> directive to this.
<LocationMatch "^/.*/git-receive-pack$">
AuthType Digest
AuthName "Private Git Repository Access"
AuthUserFile /srv/git/.htpasswd
Require valid-user
</LocationMatch>
Also make sure that the git repo's name should end with ".git"
No comments:
Post a Comment