git-http-backend

Michael Pfeuti picture Michael Pfeuti · Aug 28, 2011 · Viewed 19.8k times · Source

I tried to set up a git server with git-http-backend and everything works pretty much as I want but there is one little thing.

The config

<VirtualHost *:80>
ServerName git.server.com
SetEnv GIT_PROJECT_ROOT /srv/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /git /usr/lib/git-core/git-http-backend/

<Directory "/usr/lib/git-core*">
   Options ExecCGI Indexes
   Order allow,deny
   Allow from all
</Directory>

<LocationMatch "^/git/repos/git-receive-pack$">
  AuthType Digest
  AuthName "Git Repositories"
  AuthUserFile /srv/git/.git-auth-file
  AuthGroupFile /srv/git/.git-group-file
  Require valid-user
</LocationMatch>
</VirtualHost>

This allows everybody to read the repos but only valid users to write. The thing that bugs me is that the url is http://git.server.com/git/repos. I would like to get rid of the git in the URL like http://git.server.com/repos. When I change the config to

<VirtualHost *:80>
ServerName git.server.com
SetEnv GIT_PROJECT_ROOT /srv/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias / /usr/lib/git-core/git-http-backend/

<Directory "/usr/lib/git-core*">
   Options ExecCGI Indexes
   Order allow,deny
   Allow from all
</Directory>

<LocationMatch "^/repos/git-receive-pack$">
  AuthType Digest
  AuthName "Git Repositories"
  AuthUserFile /srv/git/.git-auth-file
  AuthGroupFile /srv/git/.git-group-file
  Require valid-user
</LocationMatch>
</VirtualHost>

The authentication fails. I can still read the repos but git push fails. I couldn't figure out why this happens.

* About to connect() to git.server.com port 80 (#0)
*   Trying MYIP... * Connected to git.server.com (MYIP) port 80 (#0)
> GET /iocaste/info/refs?service=git-receive-pack HTTP/1.1
User-Agent: git/1.7.6
Host: git.server.com
Accept: */*
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Sun, 28 Aug 2011 18:17:27 GMT
< Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/1.0.0d DAV/2 PHP/5.3.8 with Suhosin-Patch SVN/1.6.17
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Transfer-Encoding: chunked
< Content-Type: application/x-git-receive-pack-advertisement
< 
* Connection #0 to host git.server.com left intact
Counting objects: 4, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 257 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
* About to connect() to git.server.com port 80 (#0)
*   Trying MYIP... * connected
* Connected to git.server.com (MYIP) port 80 (#0)
> POST /iocaste/git-receive-pack HTTP/1.1
User-Agent: git/1.7.6
Host: git.server.com
Accept-Encoding: deflate, gzip
Content-Type: application/x-git-receive-pack-request
Accept: application/x-git-receive-pack-result
Content-Length: 393

* The requested URL returned error: 404
* Closing connection #0
error: RPC failed; result=22, HTTP code = 404
fatal: The remote end hung up unexpectedly
fatal: The remote end hung up unexpectedly

Can someone help me understand why the latter fails? I assume it must be that the ScriptAlias kicks in during the authentication.

EDIT 1 The logging of apache didn't give me much information. Just that the authentication fail for some reason.

The access_log says:

MYIP - - [29/Aug/2011:19:03:18 +0200] "GET /repos/info/refs?service=git-receive-pack HTTP/1.1" 200 153
MYIP - - [29/Aug/2011:19:03:18 +0200] "POST /repos/git-receive-pack HTTP/1.1" 404 - 

and the error_log says:

[Mon Aug 29 19:03:18 2011] [error] [client MYIP] Request not supported:   '/srv/git/error/HTTP_UNAUTHORIZED.html.var'

Answer

Thach Mai picture Thach Mai · Apr 17, 2012

Try changing

ScriptAlias / /usr/lib/git-core/git-http-backend/

to a more intelligent match that only directs git requests to git-http-backend:

ScriptAliasMatch \
    "(?x)^/(.*/(HEAD | \
                    info/refs | \
                    objects/(info/[^/]+ | \
                             [0-9a-f]{2}/[0-9a-f]{38} | \
                             pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                             git-(upload|receive)-pack))$" \
     /usr/lib/git-core/git-http-backend/