Friday, October 19, 2012

Gitweb & git-http-backend on Ubuntu apache2

I just began to learn git, and the web interface looked pretty good, but it was quite confusing to set up a git web host.
The main confusion was between gitweb and git-http-backend script. They are completely different scripts. If you need only to browse the git contents without pushing by http/https, then you do not need git-http-backend script, and it is really simple to setup.
Another main issue is the git package itself does not have an access control system. So a lot of tutorials on how to setup gitweb are dealing with gitolite together, and it creates more complication. For small projects, apache's auth tools should be good enough to start with.

Let's install git-core, gitweb, highlight (syntax highlight package). My Ubuntu is 12.04 server.
sudo apt-get install git-core gitweb highlight
git-core installs its package at /usr/lib/git-core/
and gitweb installs at /usr/share/gitweb. It also creates gitweb configuration at /etc/apache2/conf.d/gitweb. But we don't want this to be loaded on all apache2 hosts automatically, so let's delete this file.
sudo rm /etc/apache2/conf.d/gitweb
Depending on how to setup the apache host, the configuration may be different. Here is what we want to use
GIT repo location: /srv/git
GIT HTTP URL: git.mydomain.com
clone example from this url: clone http://git.mydomain.com/myrepo.git
First, create a GIT repo.
mkdir /srv/git
cd /srv/git
git init --bare --shared myrepo.git
Now we need to edit /etc/gitweb.conf to update the git repo location and add the highlight option at the end of the file.
sudo vim /etc/gitweb.conf
#projectroot to /srv/git
$projectroot = "/srv/git";

# Add Highlighting at the end
$feature{'highlight'}{'default'} = [1];
Ok, the first goal is setting up a simple git repo browsing host without push and access control.
sudo vi /etc/apache2/sites-available/git

<virtualhost *:80>
  ServerName git.mydomain.com
  DocumentRoot /usr/share/gitweb
  <Directory /usr/share/gitweb>
    Options FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex gitweb.cgi
  </directory>
</virtualhost>

#After saving the file, make it enabled
sudo a2ensite git
Now reload apache, and see it works. The next step is allowing pushing back to host and add an access control on it. We will use auth_digest apache module, but depending on cases, other mods can be used.
a2enmod auth_digest
Here is the apache host config for that.
<VirtualHost *:80>
  ServerName git.mydomain.com
  DocumentRoot /usr/share/gitweb

  ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \
        /usr/lib/git-core/git-http-backend/$1

  SetEnv GIT_PROJECT_ROOT /srv/git
  SetEnv GIT_HTTP_EXPORT_ALL
  SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER 
  <Directory /usr/share/gitweb>
    Options FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex gitweb.cgi
  </Directory>

  <Location />
    AuthType Digest
    AuthName "Private Git Repository Access"
    AuthUserFile /srv/git/.htpasswd
    Require valid-user
  </Location>
</VirtualHost>
Create .htpasswd and add users
touch /srv/git/.htpasswd
htdigest /srv/git/.htpasswd "Private Git Repository Access" username
Allow apache user, www-data to access /srv/git directory
sudo chown -R www-data:www-data /srv/git
If you use https, make sure you have installed a valid certificate, otherwise you will get https validation error. If you want to skip this, run this on the client side.
git config --global http.sslVerify false
To enable anonymous read access but authenticated write access, replace the <Location /> directive to this.
<LocationMatch "^/.*/git-receive-pack$">
    AuthType Digest
    AuthName "Private Git Repository Access"
    AuthUserFile /srv/git/.htpasswd
    Require valid-user
</LocationMatch>
Also make sure that the git repo's name should end with ".git"

Further References



  • git-http-backend Manual
  • gitweb-theme by kogakure
  • No comments:

    Post a Comment