Added instructions to make repositories available via http and ssh

This patch adds instructions for configuring Gitolite and Apache 2.x to make repositories available to both ssh and http clients. [minor fixups by committer]
2012-04-20 15:28:05 +02:00 · 2012-04-20 15:28:05 +02:00 · 88b4c86c38
parent 48ed4deb8f
commit 88b4c86c38
1 changed files with 90 additions and 4 deletions
--- a/doc/http.mkd
+++ b/doc/http.mkd
@ -13,10 +13,6 @@ that is the same or even relevant -- that is from 2006 and is quite different

  * I have tested this only on stock Fedora 16; YDMV.

-  * As before, I have not tried making repos available to both ssh *and* http
-    mode clients but it ought to work.  If you managed it, I'd appreciate a
-    doc patch describing how you did it.
-
 ## assumptions:

  * Apache 2.x and git installed.
@ -38,6 +34,96 @@ that delete files etc.), change values per your system, and only then run it.
 git-http-backend") is no longer optional.  Make sure you set it to some place
 outside apache's `DOCUMENT_ROOT`.</font>

+## Making repositories available to both ssh and http mode clients
+
+This section has been contributed by Thomas Hager (duke at sigsegv dot at).
+
+Assumptions:
+
+  * Apache 2.x with CGI and Suexec support installed.
+  * Git and Gitolite installed with user "git" and group "git", and pubkey SSH
+    access configured and working.
+  * Git plumbing installed to /usr/libexec/git-core
+  * Gitolite base located at /opt/git
+  * Apache `DOCUMENT_ROOT` set to /var/www
+  * Apache runs with user www and group www
+
+Please adjust the instructions below to reflect your setup (users and paths).
+
+Edit your .gitolite.rc and add
+
+    $ENV{GIT_HTTP_BACKEND} = "/usr/libexec/git-core/git-http-backend";
+    $ENV{PATH} .= ":/opt/git/bin";
+
+at the very top (as described in `t/smart-http.root-setup`).
+
+Next, check which document root your Apache's suexec accepts:
+
+    # suexec -V
+     -D AP_DOC_ROOT="/var/www"
+     -D AP_GID_MIN=100
+     -D AP_HTTPD_USER="www"
+     -D AP_LOG_EXEC="/var/log/apache/suexec.log"
+     -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
+     -D AP_UID_MIN=100
+     -D AP_USERDIR_SUFFIX="public_html"
+
+We're interested in `AP_DOC_ROOT`, which is set to `/var/www` in our case.
+
+Create a `bin` and a `git` directory in `AP_DOC_ROOT`:
+
+    install -d -m 0755 -o git -g git /var/www/bin
+    install -d -m 0755 -o www -g www /var/www/git
+
+`/var/www/git` is just a dummy directory used as Apache's document root (see below).
+
+Next, create a shell script inside `/var/www/bin` named `gitolite-suexec-wrapper.sh`,
+with mode **0700** and owned by user and group **git**. Add the following content:
+
+    #!/bin/bash
+    #
+    # Suexec wrapper for gitolite-shell
+    #
+
+    export GIT_PROJECT_ROOT="/opt/git/repositories"
+    export GITOLITE_HTTP_HOME="/opt/git"
+
+    exec ${GITOLITE_HTTP_HOME}/gitolite-source/src/gitolite-shell
+
+Edit your Apache's config to add http pull/push support, preferably in
+a dedicated `VirtualHost` section:
+
+    <VirtualHost *:80>
+        ServerName        git.example.com
+        ServerAlias       git
+        ServerAdmin       you@example.com
+
+        DocumentRoot /var/www/git
+        <Directory /var/www/git>
+            Options       None
+            AllowOverride none
+            Order         allow,deny
+            Allow         from all
+        </Directory>
+
+        SuexecUserGroup git git
+        ScriptAlias /git/ /var/www/bin/gitolite-suexec-wrapper.sh/
+        ScriptAlias /gitmob/ /var/www/bin/gitolite-suexec-wrapper.sh/
+
+        <Location /git>
+            AuthType Basic
+            AuthName "Git Access"
+            Require valid-user
+            AuthUserFile /etc/apache/git.passwd
+        </Location>
+    </VirtualHost>
+
+This Apache config is just an example, you probably should adapt the authentication
+section and use https instead of http!
+
+Finally, add an `R = daemon` access rule to all repositories you want to
+make available via http.
+
 ## usage

 ### client side