git-http-backend on CentOS 6.5

It is my aim of having a git-repository hosted on an own server running CentOS 6.5, serving the repositories via https using a self-signed certificate. SELinux is disabled.

This post is concerned with setting up the apache httpd 2.2 server which is shipped with CentOS 6.5 for serving the repositories. The basic steps are:

  1. Configure Apache httpd
  2. Create a bare repository accessible from the web

My environment

  • CentOS 6.5 server
  • latest git version (1.8.X) compiled and installed from source

My aim

I would like to access my repositories at the following URL using http authentification:

http://git.<mydomain>.com/<reponame>.git

 

Steps to follow

These steps are influenced by these great posts (but – at least – updated for recent versions and CentOS 6.5):

Configure Apache httpd

First, determine a location where the git repositories should be located on the server. I will be using /var/www/html/git.mydomain.com/.

Thereafter, configure http(s) by creating a new configuration file stored at /etc/httpd/conf.d/, containing roughly the following:


<VirtualHost git.mydomain.com:443>
ServerAdmin me@git.mydomain.com
DocumentRoot /var/www/html/git.mydomain.com
ServerName git.mydomain.com
ErrorLog logs/git.mydomain.com-error_log
CustomLog logs/git.mydomain.com-access_log common

ServerSignature Off

SetEnv GIT_PROJECT_ROOT /var/www/html/git.mydomain.com
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias / /usr/libexec/git-core/git-http-backend/

SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/git.mydomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf.d/git.mydomain.com.key

<Directory "/var/www/html/git.mydomain.com">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<Directory "/usr/libexec/git-core">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<Location />
AuthType Digest
AuthName "git.mydomain.com"
AuthUserFile /var/www/passwd/git_passwords
AuthGroupFile "/var/www/passwd/git.group"
Require valid-user
</Location>

</VirtualHost>

I assume that you are at least a bit familiar with httpd configuration files. As such, you should be able to adjust the information for your needs appropriately.

Interesting configuration aspects are:

    1. If using only http (instead of https), configure the server to use port 80, and disable SSLEngine by SSLEngine Off
    2. Notice the ScriptAlias ScriptAlias / /usr/libexec/git-core/git-http-backend/ It is used to call the named binary for serving the content behind the URL.
    3. /usr/libexec/git-core does point to the install directory of git

Note also that the final slash (/) is very important as the string is used literally to substitute http requests.

Create a bare repository

As usual, create a new bare repository by creating the corresponding directory and using the familiar command

git init --bare shared=group <reponame>.git

Just to note that the access rights of the directory need to allow the apache process to write (update) contents of the repository. The shared=group part sets the sticky bit to propagate access rights to newly created folders.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: