diff --git a/doc/http.mkd b/doc/http.mkd index 1c935db..bfc7544 100644 --- a/doc/http.mkd +++ b/doc/http.mkd @@ -13,10 +13,6 @@ that is the same or even relevant -- that is from 2006 and is quite different * I have tested this only on stock Fedora 16; YDMV. - * As before, I have not tried making repos available to both ssh *and* http - mode clients but it ought to work. If you managed it, I'd appreciate a - doc patch describing how you did it. - ## assumptions: * Apache 2.x and git installed. @@ -38,6 +34,96 @@ that delete files etc.), change values per your system, and only then run it. git-http-backend") is no longer optional. Make sure you set it to some place outside apache's `DOCUMENT_ROOT`. +## Making repositories available to both ssh and http mode clients + +This section has been contributed by Thomas Hager (duke at sigsegv dot at). + +Assumptions: + + * Apache 2.x with CGI and Suexec support installed. + * Git and Gitolite installed with user "git" and group "git", and pubkey SSH + access configured and working. + * Git plumbing installed to /usr/libexec/git-core + * Gitolite base located at /opt/git + * Apache `DOCUMENT_ROOT` set to /var/www + * Apache runs with user www and group www + +Please adjust the instructions below to reflect your setup (users and paths). + +Edit your .gitolite.rc and add + + $ENV{GIT_HTTP_BACKEND} = "/usr/libexec/git-core/git-http-backend"; + $ENV{PATH} .= ":/opt/git/bin"; + +at the very top (as described in `t/smart-http.root-setup`). + +Next, check which document root your Apache's suexec accepts: + + # suexec -V + -D AP_DOC_ROOT="/var/www" + -D AP_GID_MIN=100 + -D AP_HTTPD_USER="www" + -D AP_LOG_EXEC="/var/log/apache/suexec.log" + -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" + -D AP_UID_MIN=100 + -D AP_USERDIR_SUFFIX="public_html" + +We're interested in `AP_DOC_ROOT`, which is set to `/var/www` in our case. + +Create a `bin` and a `git` directory in `AP_DOC_ROOT`: + + install -d -m 0755 -o git -g git /var/www/bin + install -d -m 0755 -o www -g www /var/www/git + +`/var/www/git` is just a dummy directory used as Apache's document root (see below). + +Next, create a shell script inside `/var/www/bin` named `gitolite-suexec-wrapper.sh`, +with mode **0700** and owned by user and group **git**. Add the following content: + + #!/bin/bash + # + # Suexec wrapper for gitolite-shell + # + + export GIT_PROJECT_ROOT="/opt/git/repositories" + export GITOLITE_HTTP_HOME="/opt/git" + + exec ${GITOLITE_HTTP_HOME}/gitolite-source/src/gitolite-shell + +Edit your Apache's config to add http pull/push support, preferably in +a dedicated `VirtualHost` section: + + + ServerName git.example.com + ServerAlias git + ServerAdmin you@example.com + + DocumentRoot /var/www/git + + Options None + AllowOverride none + Order allow,deny + Allow from all + + + SuexecUserGroup git git + ScriptAlias /git/ /var/www/bin/gitolite-suexec-wrapper.sh/ + ScriptAlias /gitmob/ /var/www/bin/gitolite-suexec-wrapper.sh/ + + + AuthType Basic + AuthName "Git Access" + Require valid-user + AuthUserFile /etc/apache/git.passwd + + + +This Apache config is just an example, you probably should adapt the authentication +section and use https instead of http! + +Finally, add an `R = daemon` access rule to all repositories you want to +make available via http. + ## usage ### client side