<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" | |
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> | |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> | |
<head> | |
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8" /> | |
<meta name="generator" content="AsciiDoc 8.6.9" /> | |
<title>git-http-backend(1)</title> | |
<style type="text/css"> | |
/* Shared CSS for AsciiDoc xhtml11 and html5 backends */ | |
/* Default font. */ | |
body { | |
font-family: Georgia,serif; | |
} | |
/* Title font. */ | |
h1, h2, h3, h4, h5, h6, | |
div.title, caption.title, | |
thead, p.table.header, | |
#toctitle, | |
#author, #revnumber, #revdate, #revremark, | |
#footer { | |
font-family: Arial,Helvetica,sans-serif; | |
} | |
body { | |
margin: 1em 5% 1em 5%; | |
} | |
a { | |
color: blue; | |
text-decoration: underline; | |
} | |
a:visited { | |
color: fuchsia; | |
} | |
em { | |
font-style: italic; | |
color: navy; | |
} | |
strong { | |
font-weight: bold; | |
color: #083194; | |
} | |
h1, h2, h3, h4, h5, h6 { | |
color: #527bbd; | |
margin-top: 1.2em; | |
margin-bottom: 0.5em; | |
line-height: 1.3; | |
} | |
h1, h2, h3 { | |
border-bottom: 2px solid silver; | |
} | |
h2 { | |
padding-top: 0.5em; | |
} | |
h3 { | |
float: left; | |
} | |
h3 + * { | |
clear: left; | |
} | |
h5 { | |
font-size: 1.0em; | |
} | |
div.sectionbody { | |
margin-left: 0; | |
} | |
hr { | |
border: 1px solid silver; | |
} | |
p { | |
margin-top: 0.5em; | |
margin-bottom: 0.5em; | |
} | |
ul, ol, li > p { | |
margin-top: 0; | |
} | |
ul > li { color: #aaa; } | |
ul > li > * { color: black; } | |
.monospaced, code, pre { | |
font-family: "Courier New", Courier, monospace; | |
font-size: inherit; | |
color: navy; | |
padding: 0; | |
margin: 0; | |
} | |
pre { | |
white-space: pre-wrap; | |
} | |
#author { | |
color: #527bbd; | |
font-weight: bold; | |
font-size: 1.1em; | |
} | |
#email { | |
} | |
#revnumber, #revdate, #revremark { | |
} | |
#footer { | |
font-size: small; | |
border-top: 2px solid silver; | |
padding-top: 0.5em; | |
margin-top: 4.0em; | |
} | |
#footer-text { | |
float: left; | |
padding-bottom: 0.5em; | |
} | |
#footer-badges { | |
float: right; | |
padding-bottom: 0.5em; | |
} | |
#preamble { | |
margin-top: 1.5em; | |
margin-bottom: 1.5em; | |
} | |
div.imageblock, div.exampleblock, div.verseblock, | |
div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock, | |
div.admonitionblock { | |
margin-top: 1.0em; | |
margin-bottom: 1.5em; | |
} | |
div.admonitionblock { | |
margin-top: 2.0em; | |
margin-bottom: 2.0em; | |
margin-right: 10%; | |
color: #606060; | |
} | |
div.content { /* Block element content. */ | |
padding: 0; | |
} | |
/* Block element titles. */ | |
div.title, caption.title { | |
color: #527bbd; | |
font-weight: bold; | |
text-align: left; | |
margin-top: 1.0em; | |
margin-bottom: 0.5em; | |
} | |
div.title + * { | |
margin-top: 0; | |
} | |
td div.title:first-child { | |
margin-top: 0.0em; | |
} | |
div.content div.title:first-child { | |
margin-top: 0.0em; | |
} | |
div.content + div.title { | |
margin-top: 0.0em; | |
} | |
div.sidebarblock > div.content { | |
background: #ffffee; | |
border: 1px solid #dddddd; | |
border-left: 4px solid #f0f0f0; | |
padding: 0.5em; | |
} | |
div.listingblock > div.content { | |
border: 1px solid #dddddd; | |
border-left: 5px solid #f0f0f0; | |
background: #f8f8f8; | |
padding: 0.5em; | |
} | |
div.quoteblock, div.verseblock { | |
padding-left: 1.0em; | |
margin-left: 1.0em; | |
margin-right: 10%; | |
border-left: 5px solid #f0f0f0; | |
color: #888; | |
} | |
div.quoteblock > div.attribution { | |
padding-top: 0.5em; | |
text-align: right; | |
} | |
div.verseblock > pre.content { | |
font-family: inherit; | |
font-size: inherit; | |
} | |
div.verseblock > div.attribution { | |
padding-top: 0.75em; | |
text-align: left; | |
} | |
/* DEPRECATED: Pre version 8.2.7 verse style literal block. */ | |
div.verseblock + div.attribution { | |
text-align: left; | |
} | |
div.admonitionblock .icon { | |
vertical-align: top; | |
font-size: 1.1em; | |
font-weight: bold; | |
text-decoration: underline; | |
color: #527bbd; | |
padding-right: 0.5em; | |
} | |
div.admonitionblock td.content { | |
padding-left: 0.5em; | |
border-left: 3px solid #dddddd; | |
} | |
div.exampleblock > div.content { | |
border-left: 3px solid #dddddd; | |
padding-left: 0.5em; | |
} | |
div.imageblock div.content { padding-left: 0; } | |
span.image img { border-style: none; vertical-align: text-bottom; } | |
a.image:visited { color: white; } | |
dl { | |
margin-top: 0.8em; | |
margin-bottom: 0.8em; | |
} | |
dt { | |
margin-top: 0.5em; | |
margin-bottom: 0; | |
font-style: normal; | |
color: navy; | |
} | |
dd > *:first-child { | |
margin-top: 0.1em; | |
} | |
ul, ol { | |
list-style-position: outside; | |
} | |
ol.arabic { | |
list-style-type: decimal; | |
} | |
ol.loweralpha { | |
list-style-type: lower-alpha; | |
} | |
ol.upperalpha { | |
list-style-type: upper-alpha; | |
} | |
ol.lowerroman { | |
list-style-type: lower-roman; | |
} | |
ol.upperroman { | |
list-style-type: upper-roman; | |
} | |
div.compact ul, div.compact ol, | |
div.compact p, div.compact p, | |
div.compact div, div.compact div { | |
margin-top: 0.1em; | |
margin-bottom: 0.1em; | |
} | |
tfoot { | |
font-weight: bold; | |
} | |
td > div.verse { | |
white-space: pre; | |
} | |
div.hdlist { | |
margin-top: 0.8em; | |
margin-bottom: 0.8em; | |
} | |
div.hdlist tr { | |
padding-bottom: 15px; | |
} | |
dt.hdlist1.strong, td.hdlist1.strong { | |
font-weight: bold; | |
} | |
td.hdlist1 { | |
vertical-align: top; | |
font-style: normal; | |
padding-right: 0.8em; | |
color: navy; | |
} | |
td.hdlist2 { | |
vertical-align: top; | |
} | |
div.hdlist.compact tr { | |
margin: 0; | |
padding-bottom: 0; | |
} | |
.comment { | |
background: yellow; | |
} | |
.footnote, .footnoteref { | |
font-size: 0.8em; | |
} | |
span.footnote, span.footnoteref { | |
vertical-align: super; | |
} | |
#footnotes { | |
margin: 20px 0 20px 0; | |
padding: 7px 0 0 0; | |
} | |
#footnotes div.footnote { | |
margin: 0 0 5px 0; | |
} | |
#footnotes hr { | |
border: none; | |
border-top: 1px solid silver; | |
height: 1px; | |
text-align: left; | |
margin-left: 0; | |
width: 20%; | |
min-width: 100px; | |
} | |
div.colist td { | |
padding-right: 0.5em; | |
padding-bottom: 0.3em; | |
vertical-align: top; | |
} | |
div.colist td img { | |
margin-top: 0.3em; | |
} | |
@media print { | |
#footer-badges { display: none; } | |
} | |
#toc { | |
margin-bottom: 2.5em; | |
} | |
#toctitle { | |
color: #527bbd; | |
font-size: 1.1em; | |
font-weight: bold; | |
margin-top: 1.0em; | |
margin-bottom: 0.1em; | |
} | |
div.toclevel0, div.toclevel1, div.toclevel2, div.toclevel3, div.toclevel4 { | |
margin-top: 0; | |
margin-bottom: 0; | |
} | |
div.toclevel2 { | |
margin-left: 2em; | |
font-size: 0.9em; | |
} | |
div.toclevel3 { | |
margin-left: 4em; | |
font-size: 0.9em; | |
} | |
div.toclevel4 { | |
margin-left: 6em; | |
font-size: 0.9em; | |
} | |
span.aqua { color: aqua; } | |
span.black { color: black; } | |
span.blue { color: blue; } | |
span.fuchsia { color: fuchsia; } | |
span.gray { color: gray; } | |
span.green { color: green; } | |
span.lime { color: lime; } | |
span.maroon { color: maroon; } | |
span.navy { color: navy; } | |
span.olive { color: olive; } | |
span.purple { color: purple; } | |
span.red { color: red; } | |
span.silver { color: silver; } | |
span.teal { color: teal; } | |
span.white { color: white; } | |
span.yellow { color: yellow; } | |
span.aqua-background { background: aqua; } | |
span.black-background { background: black; } | |
span.blue-background { background: blue; } | |
span.fuchsia-background { background: fuchsia; } | |
span.gray-background { background: gray; } | |
span.green-background { background: green; } | |
span.lime-background { background: lime; } | |
span.maroon-background { background: maroon; } | |
span.navy-background { background: navy; } | |
span.olive-background { background: olive; } | |
span.purple-background { background: purple; } | |
span.red-background { background: red; } | |
span.silver-background { background: silver; } | |
span.teal-background { background: teal; } | |
span.white-background { background: white; } | |
span.yellow-background { background: yellow; } | |
span.big { font-size: 2em; } | |
span.small { font-size: 0.6em; } | |
span.underline { text-decoration: underline; } | |
span.overline { text-decoration: overline; } | |
span.line-through { text-decoration: line-through; } | |
div.unbreakable { page-break-inside: avoid; } | |
/* | |
* xhtml11 specific | |
* | |
* */ | |
div.tableblock { | |
margin-top: 1.0em; | |
margin-bottom: 1.5em; | |
} | |
div.tableblock > table { | |
border: 3px solid #527bbd; | |
} | |
thead, p.table.header { | |
font-weight: bold; | |
color: #527bbd; | |
} | |
p.table { | |
margin-top: 0; | |
} | |
/* Because the table frame attribute is overriden by CSS in most browsers. */ | |
div.tableblock > table[frame="void"] { | |
border-style: none; | |
} | |
div.tableblock > table[frame="hsides"] { | |
border-left-style: none; | |
border-right-style: none; | |
} | |
div.tableblock > table[frame="vsides"] { | |
border-top-style: none; | |
border-bottom-style: none; | |
} | |
/* | |
* html5 specific | |
* | |
* */ | |
table.tableblock { | |
margin-top: 1.0em; | |
margin-bottom: 1.5em; | |
} | |
thead, p.tableblock.header { | |
font-weight: bold; | |
color: #527bbd; | |
} | |
p.tableblock { | |
margin-top: 0; | |
} | |
table.tableblock { | |
border-width: 3px; | |
border-spacing: 0px; | |
border-style: solid; | |
border-color: #527bbd; | |
border-collapse: collapse; | |
} | |
th.tableblock, td.tableblock { | |
border-width: 1px; | |
padding: 4px; | |
border-style: solid; | |
border-color: #527bbd; | |
} | |
table.tableblock.frame-topbot { | |
border-left-style: hidden; | |
border-right-style: hidden; | |
} | |
table.tableblock.frame-sides { | |
border-top-style: hidden; | |
border-bottom-style: hidden; | |
} | |
table.tableblock.frame-none { | |
border-style: hidden; | |
} | |
th.tableblock.halign-left, td.tableblock.halign-left { | |
text-align: left; | |
} | |
th.tableblock.halign-center, td.tableblock.halign-center { | |
text-align: center; | |
} | |
th.tableblock.halign-right, td.tableblock.halign-right { | |
text-align: right; | |
} | |
th.tableblock.valign-top, td.tableblock.valign-top { | |
vertical-align: top; | |
} | |
th.tableblock.valign-middle, td.tableblock.valign-middle { | |
vertical-align: middle; | |
} | |
th.tableblock.valign-bottom, td.tableblock.valign-bottom { | |
vertical-align: bottom; | |
} | |
/* | |
* manpage specific | |
* | |
* */ | |
body.manpage h1 { | |
padding-top: 0.5em; | |
padding-bottom: 0.5em; | |
border-top: 2px solid silver; | |
border-bottom: 2px solid silver; | |
} | |
body.manpage h2 { | |
border-style: none; | |
} | |
body.manpage div.sectionbody { | |
margin-left: 3em; | |
} | |
@media print { | |
body.manpage div#toc { display: none; } | |
} | |
</style> | |
<script type="text/javascript"> | |
/*<![CDATA[*/ | |
var asciidoc = { // Namespace. | |
///////////////////////////////////////////////////////////////////// | |
// Table Of Contents generator | |
///////////////////////////////////////////////////////////////////// | |
/* Author: Mihai Bazon, September 2002 | |
* http://students.infoiasi.ro/~mishoo | |
* | |
* Table Of Content generator | |
* Version: 0.4 | |
* | |
* Feel free to use this script under the terms of the GNU General Public | |
* License, as long as you do not remove or alter this notice. | |
*/ | |
/* modified by Troy D. Hanson, September 2006. License: GPL */ | |
/* modified by Stuart Rackham, 2006, 2009. License: GPL */ | |
// toclevels = 1..4. | |
toc: function (toclevels) { | |
function getText(el) { | |
var text = ""; | |
for (var i = el.firstChild; i != null; i = i.nextSibling) { | |
if (i.nodeType == 3 /* Node.TEXT_NODE */) // IE doesn't speak constants. | |
text += i.data; | |
else if (i.firstChild != null) | |
text += getText(i); | |
} | |
return text; | |
} | |
function TocEntry(el, text, toclevel) { | |
this.element = el; | |
this.text = text; | |
this.toclevel = toclevel; | |
} | |
function tocEntries(el, toclevels) { | |
var result = new Array; | |
var re = new RegExp('[hH]([1-'+(toclevels+1)+'])'); | |
// Function that scans the DOM tree for header elements (the DOM2 | |
// nodeIterator API would be a better technique but not supported by all | |
// browsers). | |
var iterate = function (el) { | |
for (var i = el.firstChild; i != null; i = i.nextSibling) { | |
if (i.nodeType == 1 /* Node.ELEMENT_NODE */) { | |
var mo = re.exec(i.tagName); | |
if (mo && (i.getAttribute("class") || i.getAttribute("className")) != "float") { | |
result[result.length] = new TocEntry(i, getText(i), mo[1]-1); | |
} | |
iterate(i); | |
} | |
} | |
} | |
iterate(el); | |
return result; | |
} | |
var toc = document.getElementById("toc"); | |
if (!toc) { | |
return; | |
} | |
// Delete existing TOC entries in case we're reloading the TOC. | |
var tocEntriesToRemove = []; | |
var i; | |
for (i = 0; i < toc.childNodes.length; i++) { | |
var entry = toc.childNodes[i]; | |
if (entry.nodeName.toLowerCase() == 'div' | |
&& entry.getAttribute("class") | |
&& entry.getAttribute("class").match(/^toclevel/)) | |
tocEntriesToRemove.push(entry); | |
} | |
for (i = 0; i < tocEntriesToRemove.length; i++) { | |
toc.removeChild(tocEntriesToRemove[i]); | |
} | |
// Rebuild TOC entries. | |
var entries = tocEntries(document.getElementById("content"), toclevels); | |
for (var i = 0; i < entries.length; ++i) { | |
var entry = entries[i]; | |
if (entry.element.id == "") | |
entry.element.id = "_toc_" + i; | |
var a = document.createElement("a"); | |
a.href = "#" + entry.element.id; | |
a.appendChild(document.createTextNode(entry.text)); | |
var div = document.createElement("div"); | |
div.appendChild(a); | |
div.className = "toclevel" + entry.toclevel; | |
toc.appendChild(div); | |
} | |
if (entries.length == 0) | |
toc.parentNode.removeChild(toc); | |
}, | |
///////////////////////////////////////////////////////////////////// | |
// Footnotes generator | |
///////////////////////////////////////////////////////////////////// | |
/* Based on footnote generation code from: | |
* http://www.brandspankingnew.net/archive/2005/07/format_footnote.html | |
*/ | |
footnotes: function () { | |
// Delete existing footnote entries in case we're reloading the footnodes. | |
var i; | |
var noteholder = document.getElementById("footnotes"); | |
if (!noteholder) { | |
return; | |
} | |
var entriesToRemove = []; | |
for (i = 0; i < noteholder.childNodes.length; i++) { | |
var entry = noteholder.childNodes[i]; | |
if (entry.nodeName.toLowerCase() == 'div' && entry.getAttribute("class") == "footnote") | |
entriesToRemove.push(entry); | |
} | |
for (i = 0; i < entriesToRemove.length; i++) { | |
noteholder.removeChild(entriesToRemove[i]); | |
} | |
// Rebuild footnote entries. | |
var cont = document.getElementById("content"); | |
var spans = cont.getElementsByTagName("span"); | |
var refs = {}; | |
var n = 0; | |
for (i=0; i<spans.length; i++) { | |
if (spans[i].className == "footnote") { | |
n++; | |
var note = spans[i].getAttribute("data-note"); | |
if (!note) { | |
// Use [\s\S] in place of . so multi-line matches work. | |
// Because JavaScript has no s (dotall) regex flag. | |
note = spans[i].innerHTML.match(/\s*\[([\s\S]*)]\s*/)[1]; | |
spans[i].innerHTML = | |
"[<a id='_footnoteref_" + n + "' href='#_footnote_" + n + | |
"' title='View footnote' class='footnote'>" + n + "</a>]"; | |
spans[i].setAttribute("data-note", note); | |
} | |
noteholder.innerHTML += | |
"<div class='footnote' id='_footnote_" + n + "'>" + | |
"<a href='#_footnoteref_" + n + "' title='Return to text'>" + | |
n + "</a>. " + note + "</div>"; | |
var id =spans[i].getAttribute("id"); | |
if (id != null) refs["#"+id] = n; | |
} | |
} | |
if (n == 0) | |
noteholder.parentNode.removeChild(noteholder); | |
else { | |
// Process footnoterefs. | |
for (i=0; i<spans.length; i++) { | |
if (spans[i].className == "footnoteref") { | |
var href = spans[i].getElementsByTagName("a")[0].getAttribute("href"); | |
href = href.match(/#.*/)[0]; // Because IE return full URL. | |
n = refs[href]; | |
spans[i].innerHTML = | |
"[<a href='#_footnote_" + n + | |
"' title='View footnote' class='footnote'>" + n + "</a>]"; | |
} | |
} | |
} | |
}, | |
install: function(toclevels) { | |
var timerId; | |
function reinstall() { | |
asciidoc.footnotes(); | |
if (toclevels) { | |
asciidoc.toc(toclevels); | |
} | |
} | |
function reinstallAndRemoveTimer() { | |
clearInterval(timerId); | |
reinstall(); | |
} | |
timerId = setInterval(reinstall, 500); | |
if (document.addEventListener) | |
document.addEventListener("DOMContentLoaded", reinstallAndRemoveTimer, false); | |
else | |
window.onload = reinstallAndRemoveTimer; | |
} | |
} | |
asciidoc.install(); | |
/*]]>*/ | |
</script> | |
</head> | |
<body class="manpage"> | |
<div id="header"> | |
<h1> | |
git-http-backend(1) Manual Page | |
</h1> | |
<h2>NAME</h2> | |
<div class="sectionbody"> | |
<p>git-http-backend - | |
Server side implementation of Git over HTTP | |
</p> | |
</div> | |
</div> | |
<div id="content"> | |
<div class="sect1"> | |
<h2 id="_synopsis">SYNOPSIS</h2> | |
<div class="sectionbody"> | |
<div class="verseblock"> | |
<pre class="content"><em>git http-backend</em></pre> | |
<div class="attribution"> | |
</div></div> | |
</div> | |
</div> | |
<div class="sect1"> | |
<h2 id="_description">DESCRIPTION</h2> | |
<div class="sectionbody"> | |
<div class="paragraph"><p>A simple CGI program to serve the contents of a Git repository to Git | |
clients accessing the repository over http:// and https:// protocols. | |
The program supports clients fetching using both the smart HTTP protocol | |
and the backwards-compatible dumb HTTP protocol, as well as clients | |
pushing using the smart HTTP protocol.</p></div> | |
<div class="paragraph"><p>It verifies that the directory has the magic file | |
"git-daemon-export-ok", and it will refuse to export any Git directory | |
that hasn’t explicitly been marked for export this way (unless the | |
<code>GIT_HTTP_EXPORT_ALL</code> environmental variable is set).</p></div> | |
<div class="paragraph"><p>By default, only the <code>upload-pack</code> service is enabled, which serves | |
<em>git fetch-pack</em> and <em>git ls-remote</em> clients, which are invoked from | |
<em>git fetch</em>, <em>git pull</em>, and <em>git clone</em>. If the client is authenticated, | |
the <code>receive-pack</code> service is enabled, which serves <em>git send-pack</em> | |
clients, which is invoked from <em>git push</em>.</p></div> | |
</div> | |
</div> | |
<div class="sect1"> | |
<h2 id="_services">SERVICES</h2> | |
<div class="sectionbody"> | |
<div class="paragraph"><p>These services can be enabled/disabled using the per-repository | |
configuration file:</p></div> | |
<div class="dlist"><dl> | |
<dt class="hdlist1"> | |
http.getanyfile | |
</dt> | |
<dd> | |
<p> | |
This serves Git clients older than version 1.6.6 that are unable to use the | |
upload pack service. When enabled, clients are able to read | |
any file within the repository, including objects that are | |
no longer reachable from a branch but are still present. | |
It is enabled by default, but a repository can disable it | |
by setting this configuration item to <code>false</code>. | |
</p> | |
</dd> | |
<dt class="hdlist1"> | |
http.uploadpack | |
</dt> | |
<dd> | |
<p> | |
This serves <em>git fetch-pack</em> and <em>git ls-remote</em> clients. | |
It is enabled by default, but a repository can disable it | |
by setting this configuration item to <code>false</code>. | |
</p> | |
</dd> | |
<dt class="hdlist1"> | |
http.receivepack | |
</dt> | |
<dd> | |
<p> | |
This serves <em>git send-pack</em> clients, allowing push. It is | |
disabled by default for anonymous users, and enabled by | |
default for users authenticated by the web server. It can be | |
disabled by setting this item to <code>false</code>, or enabled for all | |
users, including anonymous users, by setting it to <code>true</code>. | |
</p> | |
</dd> | |
</dl></div> | |
</div> | |
</div> | |
<div class="sect1"> | |
<h2 id="_url_translation">URL TRANSLATION</h2> | |
<div class="sectionbody"> | |
<div class="paragraph"><p>To determine the location of the repository on disk, <em>git http-backend</em> | |
concatenates the environment variables PATH_INFO, which is set | |
automatically by the web server, and GIT_PROJECT_ROOT, which must be set | |
manually in the web server configuration. If GIT_PROJECT_ROOT is not | |
set, <em>git http-backend</em> reads PATH_TRANSLATED, which is also set | |
automatically by the web server.</p></div> | |
</div> | |
</div> | |
<div class="sect1"> | |
<h2 id="_examples">EXAMPLES</h2> | |
<div class="sectionbody"> | |
<div class="paragraph"><p>All of the following examples map <code>http://$hostname/git/foo/bar.git</code> | |
to <code>/var/www/git/foo/bar.git</code>.</p></div> | |
<div class="dlist"><dl> | |
<dt class="hdlist1"> | |
Apache 2.x | |
</dt> | |
<dd> | |
<p> | |
Ensure mod_cgi, mod_alias, and mod_env are enabled, set | |
GIT_PROJECT_ROOT (or DocumentRoot) appropriately, and | |
create a ScriptAlias to the CGI: | |
</p> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>SetEnv GIT_PROJECT_ROOT /var/www/git | |
SetEnv GIT_HTTP_EXPORT_ALL | |
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/</code></pre> | |
</div></div> | |
<div class="paragraph"><p>To enable anonymous read access but authenticated write access, | |
require authorization for both the initial ref advertisement (which we | |
detect as a push via the service parameter in the query string), and the | |
receive-pack invocation itself:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>RewriteCond %{QUERY_STRING} service=git-receive-pack [OR] | |
RewriteCond %{REQUEST_URI} /git-receive-pack$ | |
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes] | |
<LocationMatch "^/git/"> | |
Order Deny,Allow | |
Deny from env=AUTHREQUIRED | |
AuthType Basic | |
AuthName "Git Access" | |
Require group committers | |
Satisfy Any | |
... | |
</LocationMatch></code></pre> | |
</div></div> | |
<div class="paragraph"><p>If you do not have <code>mod_rewrite</code> available to match against the query | |
string, it is sufficient to just protect <code>git-receive-pack</code> itself, | |
like:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code><LocationMatch "^/git/.*/git-receive-pack$"> | |
AuthType Basic | |
AuthName "Git Access" | |
Require group committers | |
... | |
</LocationMatch></code></pre> | |
</div></div> | |
<div class="paragraph"><p>In this mode, the server will not request authentication until the | |
client actually starts the object negotiation phase of the push, rather | |
than during the initial contact. For this reason, you must also enable | |
the <code>http.receivepack</code> config option in any repositories that should | |
accept a push. The default behavior, if <code>http.receivepack</code> is not set, | |
is to reject any pushes by unauthenticated users; the initial request | |
will therefore report <code>403 Forbidden</code> to the client, without even giving | |
an opportunity for authentication.</p></div> | |
<div class="paragraph"><p>To require authentication for both reads and writes, use a Location | |
directive around the repository, or one of its parent directories:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code><Location /git/private> | |
AuthType Basic | |
AuthName "Private Git Access" | |
Require group committers | |
... | |
</Location></code></pre> | |
</div></div> | |
<div class="paragraph"><p>To serve gitweb at the same url, use a ScriptAliasMatch to only | |
those URLs that <em>git http-backend</em> can handle, and forward the | |
rest to gitweb:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>ScriptAliasMatch \ | |
"(?x)^/git/(.*/(HEAD | \ | |
info/refs | \ | |
objects/(info/[^/]+ | \ | |
[0-9a-f]{2}/[0-9a-f]{38} | \ | |
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ | |
git-(upload|receive)-pack))$" \ | |
/usr/libexec/git-core/git-http-backend/$1 | |
ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/</code></pre> | |
</div></div> | |
<div class="paragraph"><p>To serve multiple repositories from different <a href="gitnamespaces.html">gitnamespaces(7)</a> in a | |
single repository:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>SetEnvIf Request_URI "^/git/([^/]*)" GIT_NAMESPACE=$1 | |
ScriptAliasMatch ^/git/[^/]*(.*) /usr/libexec/git-core/git-http-backend/storage.git$1</code></pre> | |
</div></div> | |
</dd> | |
<dt class="hdlist1"> | |
Accelerated static Apache 2.x | |
</dt> | |
<dd> | |
<p> | |
Similar to the above, but Apache can be used to return static | |
files that are stored on disk. On many systems this may | |
be more efficient as Apache can ask the kernel to copy the | |
file contents from the file system directly to the network: | |
</p> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>SetEnv GIT_PROJECT_ROOT /var/www/git | |
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/www/git/$1 | |
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1 | |
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/</code></pre> | |
</div></div> | |
<div class="paragraph"><p>This can be combined with the gitweb configuration:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>SetEnv GIT_PROJECT_ROOT /var/www/git | |
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/www/git/$1 | |
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1 | |
ScriptAliasMatch \ | |
"(?x)^/git/(.*/(HEAD | \ | |
info/refs | \ | |
objects/info/[^/]+ | \ | |
git-(upload|receive)-pack))$" \ | |
/usr/libexec/git-core/git-http-backend/$1 | |
ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/</code></pre> | |
</div></div> | |
</dd> | |
<dt class="hdlist1"> | |
Lighttpd | |
</dt> | |
<dd> | |
<p> | |
Ensure that <code>mod_cgi</code>, <code>mod_alias</code>, <code>mod_auth</code>, <code>mod_setenv</code> are | |
loaded, then set <code>GIT_PROJECT_ROOT</code> appropriately and redirect | |
all requests to the CGI: | |
</p> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>alias.url += ( "/git" => "/usr/lib/git-core/git-http-backend" ) | |
$HTTP["url"] =~ "^/git" { | |
cgi.assign = ("" => "") | |
setenv.add-environment = ( | |
"GIT_PROJECT_ROOT" => "/var/www/git", | |
"GIT_HTTP_EXPORT_ALL" => "" | |
) | |
}</code></pre> | |
</div></div> | |
<div class="paragraph"><p>To enable anonymous read access but authenticated write access:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>$HTTP["querystring"] =~ "service=git-receive-pack" { | |
include "git-auth.conf" | |
} | |
$HTTP["url"] =~ "^/git/.*/git-receive-pack$" { | |
include "git-auth.conf" | |
}</code></pre> | |
</div></div> | |
<div class="paragraph"><p>where <code>git-auth.conf</code> looks something like:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>auth.require = ( | |
"/" => ( | |
"method" => "basic", | |
"realm" => "Git Access", | |
"require" => "valid-user" | |
) | |
) | |
# ...and set up auth.backend here</code></pre> | |
</div></div> | |
<div class="paragraph"><p>To require authentication for both reads and writes:</p></div> | |
<div class="listingblock"> | |
<div class="content"> | |
<pre><code>$HTTP["url"] =~ "^/git/private" { | |
include "git-auth.conf" | |
}</code></pre> | |
</div></div> | |
</dd> | |
</dl></div> | |
</div> | |
</div> | |
<div class="sect1"> | |
<h2 id="_environment">ENVIRONMENT</h2> | |
<div class="sectionbody"> | |
<div class="paragraph"><p><em>git http-backend</em> relies upon the <code>CGI</code> environment variables set | |
by the invoking web server, including:</p></div> | |
<div class="ulist"><ul> | |
<li> | |
<p> | |
PATH_INFO (if GIT_PROJECT_ROOT is set, otherwise PATH_TRANSLATED) | |
</p> | |
</li> | |
<li> | |
<p> | |
REMOTE_USER | |
</p> | |
</li> | |
<li> | |
<p> | |
REMOTE_ADDR | |
</p> | |
</li> | |
<li> | |
<p> | |
CONTENT_TYPE | |
</p> | |
</li> | |
<li> | |
<p> | |
QUERY_STRING | |
</p> | |
</li> | |
<li> | |
<p> | |
REQUEST_METHOD | |
</p> | |
</li> | |
</ul></div> | |
<div class="paragraph"><p>The <code>GIT_HTTP_EXPORT_ALL</code> environmental variable may be passed to | |
<em>git-http-backend</em> to bypass the check for the "git-daemon-export-ok" | |
file in each repository before allowing export of that repository.</p></div> | |
<div class="paragraph"><p>The <code>GIT_HTTP_MAX_REQUEST_BUFFER</code> environment variable (or the | |
<code>http.maxRequestBuffer</code> config variable) may be set to change the | |
largest ref negotiation request that git will handle during a fetch; any | |
fetch requiring a larger buffer will not succeed. This value should not | |
normally need to be changed, but may be helpful if you are fetching from | |
a repository with an extremely large number of refs. The value can be | |
specified with a unit (e.g., <code>100M</code> for 100 megabytes). The default is | |
10 megabytes.</p></div> | |
<div class="paragraph"><p>The backend process sets GIT_COMMITTER_NAME to <em>$REMOTE_USER</em> and | |
GIT_COMMITTER_EMAIL to <em>${REMOTE_USER}@http.${REMOTE_ADDR}</em>, | |
ensuring that any reflogs created by <em>git-receive-pack</em> contain some | |
identifying information of the remote user who performed the push.</p></div> | |
<div class="paragraph"><p>All <code>CGI</code> environment variables are available to each of the hooks | |
invoked by the <em>git-receive-pack</em>.</p></div> | |
</div> | |
</div> | |
<div class="sect1"> | |
<h2 id="_git">GIT</h2> | |
<div class="sectionbody"> | |
<div class="paragraph"><p>Part of the <a href="git.html">git(1)</a> suite</p></div> | |
</div> | |
</div> | |
</div> | |
<div id="footnotes"><hr /></div> | |
<div id="footer"> | |
<div id="footer-text"> | |
Last updated 2016-06-27 11:04:05 PDT | |
</div> | |
</div> | |
</body> | |
</html> |