gitolite/doc/http.mkd
Thomas Hager 88b4c86c38 Added instructions to make repositories available via http and ssh
This patch adds instructions for configuring Gitolite and Apache 2.x
to make repositories available to both ssh and http clients.

[minor fixups by committer]
2012-04-28 22:58:09 +05:30

5.4 KiB

how to setup gitolite to use smart http mode

Note: "smart http" refers to the feature that came with git 1.6.6, late 2009 or so. The base documentation for this is man git-http-backend. Do NOT read Documentation/howto/setup-git-server-over-http.txt and think that is the same or even relevant -- that is from 2006 and is quite different (and arguably obsolete).

WARNINGS and important notes

  • Please read [authentication versus authorisation][auth] first, and make sure you understand what is gitolite's responsibility and what isn't.

  • I have tested this only on stock Fedora 16; YDMV.

assumptions:

  • Apache 2.x and git installed.
  • Httpd runs under the "apache" userid; adjust instructions below if not.
  • Similarly for "/var/www" and other file names/locations.

instructions

The detailed instructions I used to have in g2 have now been replaced by a script called t/smart-http.root-setup. Do NOT run this script as is -- it is actually meant for my testing setup and deletes stuff. However, it does provide an excellent (and working!) narration of what you need to do to install gitolite in smart http mode.

Make a copy of the script, go through it carefully, (possibly removing lines that delete files etc.), change values per your system, and only then run it.

Note that the GIT_PROJECT_ROOT variable (see "man git-http-backend") is no longer optional. Make sure you set it to some place outside apache's DOCUMENT_ROOT.

Making repositories available to both ssh and http mode clients

This section has been contributed by Thomas Hager (duke at sigsegv dot at).

Assumptions:

  • Apache 2.x with CGI and Suexec support installed.
  • Git and Gitolite installed with user "git" and group "git", and pubkey SSH access configured and working.
  • Git plumbing installed to /usr/libexec/git-core
  • Gitolite base located at /opt/git
  • Apache DOCUMENT_ROOT set to /var/www
  • Apache runs with user www and group www

Please adjust the instructions below to reflect your setup (users and paths).

Edit your .gitolite.rc and add

$ENV{GIT_HTTP_BACKEND} = "/usr/libexec/git-core/git-http-backend";
$ENV{PATH} .= ":/opt/git/bin";

at the very top (as described in t/smart-http.root-setup).

Next, check which document root your Apache's suexec accepts:

# suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www"
 -D AP_LOG_EXEC="/var/log/apache/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

We're interested in AP_DOC_ROOT, which is set to /var/www in our case.

Create a bin and a git directory in AP_DOC_ROOT:

install -d -m 0755 -o git -g git /var/www/bin
install -d -m 0755 -o www -g www /var/www/git

/var/www/git is just a dummy directory used as Apache's document root (see below).

Next, create a shell script inside /var/www/bin named gitolite-suexec-wrapper.sh, with mode 0700 and owned by user and group git. Add the following content:

#!/bin/bash
#
# Suexec wrapper for gitolite-shell
#

export GIT_PROJECT_ROOT="/opt/git/repositories"
export GITOLITE_HTTP_HOME="/opt/git"

exec ${GITOLITE_HTTP_HOME}/gitolite-source/src/gitolite-shell

Edit your Apache's config to add http pull/push support, preferably in a dedicated VirtualHost section:

<VirtualHost *:80>
    ServerName        git.example.com
    ServerAlias       git
    ServerAdmin       you@example.com

    DocumentRoot /var/www/git
    <Directory /var/www/git>
        Options       None
        AllowOverride none
        Order         allow,deny
        Allow         from all
    </Directory>

    SuexecUserGroup git git
    ScriptAlias /git/ /var/www/bin/gitolite-suexec-wrapper.sh/
    ScriptAlias /gitmob/ /var/www/bin/gitolite-suexec-wrapper.sh/

    <Location /git>
        AuthType Basic
        AuthName "Git Access"
        Require valid-user
        AuthUserFile /etc/apache/git.passwd
    </Location>
</VirtualHost>

This Apache config is just an example, you probably should adapt the authentication section and use https instead of http!

Finally, add an R = daemon access rule to all repositories you want to make available via http.

usage

client side

Git URLs look like http://user:password@server/git/reponame.git.

The custom commands, like "info", "expand" should be handled as follows. The command name will come just after the /git/, followed by a ?, followed by the arguments, with + representing a space. Here are some examples:

# ssh git@server info
curl http://user:password@server/git/info
# ssh git@server info repopatt
curl http://user:password@server/git/info?repopatt
# ssh git@server info repopatt user1 user2
curl http://user:password@server/git/info?repopatt+user1+user2

With a few nice shell aliases, you won't even notice the horrible convolutions here ;-) See t/smart-http for a couple of useful ones.

server side

The 'gitolite' command (for example, 'gitolite compile', 'gitolite query-rc', and so on) can be run on the server, but it's not straightforward. Assuming you installed exactly as given in this document, you should

  • get a shell by using, say, su -s /bin/bash - apache
  • run export HOME=$HOME/gitolite-home
  • run export PATH=$PATH:$HOME/bin

and then you can run gitolite <subcommand>