Hi all,
I am in the process of setting up a Git server (1.7.2.3) on a WS 2008 machine using Apache and git-http-backend.exe. I have been following a good tut here. I have the GUI working, I can annoymously clone and if I put the following in the config of a repo I can annoymously push:
[http]
receivepack = true
I have added the following to the httpd.conf file:
SetEnv GIT_PROJECT_ROOT C:/GIT/Repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
"C:/Program Files (x86)/git/libexec/git-core/git-http-backend.exe/$1"
<Directory />
Allow from all
</Directory>
<LocationMatch "^/git/.*/git-receive-pack$">
AuthType Basic
AuthName "Git Access"
AuthUserFile C:/GIT/ApacheConfig/users
AuthGroupFile C:/GIT/ApacheConfig/groups
Require group repogeneral
</LocationMatch>
When I add the "LocationMatch" I can still clone annoymously or by specifying a name in the URL, git clone http://[email protected]
It will prompt for a password and clone.
but when I try to push back to the repo I get the following:
error: Cannot access URL http://[email protected]/newtestrepo.git/, return code 22 fatal: git-http-push failed
I have been looking at the http-backend.exe man page for examples but can not get them to work.
here is my groups file, (this is just testing out examples so nothing that would be used in prod):
admin: jon steve admin
webview: jon steve web
repogeneral: jon steve
testrepo: jon admin
testrepo2: jon steve web
here is the users file:
jon:$apr1$kEKVExYx$guIF9oYV8buGhFLZr16XN0
steve:$apr1$jvgjF9nv$PvWsHH.cSOBN5ymk6NT1B0
admin:$apr1$vzXgDskN$oszCei3tkHNUgtLj2HkHF/
web:$apr1$wS0do7hb$VA9tsc9c9LwY5PcjfhdwK0
I know the username jon works as if I put the directory requirement on the gui section I can login with the username jon no problem, (points at the same user and group files as the locationmatch does).
I am not sure what configuration I have missed off at this point, (assuming its a configuration issue).
Any advice on getting over this last hurdle would be fantastic.
EDIT
I have been playing some more and here is the information I have:
if I clone a repo with:
git clone http://[email protected]/remotetest.git
I can get the repository out, but when I try and push back with:
git push origin master
I get asked for my password, I enter it, then it asks for it again, then I get the following error:
C:\temp\remotetest\remotetest>git push origin master Password: Password: error: Cannot access URL http://[email protected]/remotetest.git/, return code 22 fatal: git-http-push failed
In my Apache access.log I get the following:
192.168.1.2 - - [29/Sep/2010:21:58:19 +0100] "GET /remotetest.git/info/refs?service=git-upload-pack HTTP/1.1" 200 38
192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/info/refs?service=git-receive-pack HTTP/1.1" 403 -
192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/info/refs HTTP/1.1" 200 -
192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/HEAD HTTP/1.1" 200 23
Interestingly when I clone with the username in the URL it doesn't matter what password I put in, it will still work. I am assuming this is because I should be able to pull anonymously. Not sure why it asks for a password at all at that point.
I also see this in the logs error:
[Wed Sep 29 22:33:00 2010] [error] [client 192.168.1.2] client denied by server configuration: C:/Program Files (x86)/Git/libexec/git-core/git-http-backend.exe
[Wed Sep 29 22:33:00 2010] [error] [client 192.168.1.2] client denied by server configuration: C:/Program Files (x86)/Git/libexec/git-core/git-http-backend.exe
EDIT 2
I tried recreating the password file by doing:
htpasswd -c -m C:/git/apacheconfig/users jon
but this didn't help.
EDIT 3
the PHP config in httpd.conf where it uses the same users file for basic auth:
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
AuthName "GitUsers"
AuthType Basic
AuthUserFile C:/GIT/ApacheConfig/users
AuthGroupFile C:/GIT/ApacheConfig/groups
require group webview
</Directory>
EDIT 4
OK so I can get to cloning and pushing in annoymous mode happily, but authentication fails for the push.
C:\temp\test2\temp\test>git push origin master
Password:
Password:
error: Cannot access URL http://[email protected]:8000/repositories/test.git/, return code 22
fatal: git-http-push failed
I changed the httpd.conf to use the following:
<VirtualHost *:80>
SetEnv GIT_PROJECT_ROOT "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories"
SetEnv GIT_HTTP_EXPORT_ALL
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories">
Options Indexes FollowSymLinks MultiViews Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<LocationMatch "^/repositories/.*/git-receive-pack$">
AuthType Basic
AuthName "Git Access"
AuthUserFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories/.htpasswd"
Require valid-user
</LocationMatch>
ScriptAliasMatch \
"(?x)^/repositories/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
"C:/Program Files (x86)/Git/libexec/git-core/git-http-backend/$1"
ErrorLog C:/GIT/error_log
CustomLog C:/GIT/access_log combined
</VirtualHost>
Interestingly, when I created a new repo (git init --bare newrepo.git) It didn't create a info/refs file. I had to do the "git update-server-info" command to create that.
The Apache Access logs have something interesting that could be a clue:
192.168.10.97 - - [05/Oct/2010:22:48:26 +0100] "GET /repositories/test.git/info/refs?service=git-receive-pack HTTP/1.1" 200 -
192.168.10.97 - - [05/Oct/2010:22:48:26 +0100] "GET /repositories/test.git/HEAD HTTP/1.1" 200 23
192.168.10.97 - - [05/Oct/2010:22:48:28 +0100] "PROPFIND /repositories/test.git/ HTTP/1.1" 405 248
That is when I was trying to "push" back to the repo, but they are GET commands and no POST. not sure what the PROPFIND is, not found much info on that yet. I think, (reading around), there might be some sort of rewrite going on, that is changing the POST to a GET and killing it, or something. I am out of my depth at this point though.
Thanks