Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
340 views
in Technique[技术] by (71.8m points)

apache2 - Setting up Git Server on Windows With git-http-backend.exe

I am in the process of setting up a Git server (1.7.2.3) on a WS 2008 machine using Apache and git-http-backend.exe. I have been following a good tut here. I have the GUI working, I can annoymously clone and if I put the following in the config of a repo I can annoymously push:

[http]
 receivepack = true

I have added the following to the httpd.conf file:

SetEnv GIT_PROJECT_ROOT C:/GIT/Repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch 
        "(?x)^/(.*/(HEAD | 
                    info/refs | 
                    objects/(info/[^/]+ | 
                             [0-9a-f]{2}/[0-9a-f]{38} | 
                             pack/pack-[0-9a-f]{40}.(pack|idx)) | 
                    git-(upload|receive)-pack))$" 
                    "C:/Program Files (x86)/git/libexec/git-core/git-http-backend.exe/$1"

<Directory />
  Allow from all
</Directory>

<LocationMatch "^/git/.*/git-receive-pack$">
        AuthType Basic
        AuthName "Git Access"
  AuthUserFile C:/GIT/ApacheConfig/users
  AuthGroupFile  C:/GIT/ApacheConfig/groups
        Require group repogeneral        
</LocationMatch>

When I add the "LocationMatch" I can still clone annoymously or by specifying a name in the URL, git clone http://jon@myserver.com

It will prompt for a password and clone.

but when I try to push back to the repo I get the following:

error: Cannot access URL http://jon@myserver.com/newtestrepo.git/, return code 22 fatal: git-http-push failed

I have been looking at the http-backend.exe man page for examples but can not get them to work.

here is my groups file, (this is just testing out examples so nothing that would be used in prod):

admin: jon steve admin
webview: jon steve web
repogeneral: jon steve
testrepo: jon admin
testrepo2: jon steve web

here is the users file:

jon:$apr1$kEKVExYx$guIF9oYV8buGhFLZr16XN0
steve:$apr1$jvgjF9nv$PvWsHH.cSOBN5ymk6NT1B0
admin:$apr1$vzXgDskN$oszCei3tkHNUgtLj2HkHF/
web:$apr1$wS0do7hb$VA9tsc9c9LwY5PcjfhdwK0

I know the username jon works as if I put the directory requirement on the gui section I can login with the username jon no problem, (points at the same user and group files as the locationmatch does).

I am not sure what configuration I have missed off at this point, (assuming its a configuration issue).

Any advice on getting over this last hurdle would be fantastic.

EDIT

I have been playing some more and here is the information I have:

if I clone a repo with:

git clone http://jon@myserver.com/remotetest.git

I can get the repository out, but when I try and push back with:

git push origin master

I get asked for my password, I enter it, then it asks for it again, then I get the following error:

C:emp emotetest emotetest>git push origin master Password: Password: error: Cannot access URL http://jon@myserver.com/remotetest.git/, return code 22 fatal: git-http-push failed

In my Apache access.log I get the following:

192.168.1.2 - - [29/Sep/2010:21:58:19 +0100] "GET /remotetest.git/info/refs?service=git-upload-pack HTTP/1.1" 200 38
192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/info/refs?service=git-receive-pack HTTP/1.1" 403 -
192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/info/refs HTTP/1.1" 200 -
192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/HEAD HTTP/1.1" 200 23

Interestingly when I clone with the username in the URL it doesn't matter what password I put in, it will still work. I am assuming this is because I should be able to pull anonymously. Not sure why it asks for a password at all at that point.

I also see this in the logs error:

[Wed Sep 29 22:33:00 2010] [error] [client 192.168.1.2] client denied by server configuration: C:/Program Files (x86)/Git/libexec/git-core/git-http-backend.exe
[Wed Sep 29 22:33:00 2010] [error] [client 192.168.1.2] client denied by server configuration: C:/Program Files (x86)/Git/libexec/git-core/git-http-backend.exe

EDIT 2

I tried recreating the password file by doing:

htpasswd -c -m C:/git/apacheconfig/users jon

but this didn't help.

EDIT 3

the PHP config in httpd.conf where it uses the same users file for basic auth:

<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
    AuthName "GitUsers"
    AuthType Basic
    AuthUserFile C:/GIT/ApacheConfig/users
AuthGroupFile  C:/GIT/ApacheConfig/groups

    require group webview
</Directory>

EDIT 4

OK so I can get to cloning and pushing in annoymous mode happily, but authentication fails for the push.

C:empest2empest>git push origin master
Password:
Password:
error: Cannot access URL http://jon@192.168.10.97:8000/repositories/test.git/, return code 22
fatal: git-http-push failed

I changed the httpd.conf to use the following:

<VirtualHost *:80>
    SetEnv GIT_PROJECT_ROOT "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories"
    SetEnv GIT_HTTP_EXPORT_ALL

    <Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories">
       Options Indexes FollowSymLinks MultiViews Includes ExecCGI
       AllowOverride None
       Order allow,deny
       Allow from all
    </Directory>

    <LocationMatch "^/repositories/.*/git-receive-pack$">
        AuthType Basic
        AuthName "Git Access"
        AuthUserFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories/.htpasswd"
        Require valid-user
    </LocationMatch>
    ScriptAliasMatch 
            "(?x)^/repositories/(.*/(HEAD | 
                            info/refs | 
                            objects/(info/[^/]+ | 
                                     [0-9a-f]{2}/[0-9a-f]{38} | 
                                     pack/pack-[0-9a-f]{40}.(pack|idx)) | 
                            git-(upload|receive)-pack))$" 
            "C:/Program Files (x86)/Git/libexec/git-core/git-http-backend/$1"

    ErrorLog C:/GIT/error_log
    CustomLog C:/GIT/access_log combined
</VirtualHost>

Interestingly, when I created a new repo (git init --bare newrepo.git) It didn't create a info/refs file. I had to do the "git update-server-info" command to create that.

The Apache Access logs have something interesting that could be a clue:

192.168.10.97 - - [05/Oct/2010:22:48:26 +0100] "GET /repositories/test.git/info/refs?service=git-receive-pack HTTP/1.1" 200 -
192.168.10.97 - - [05/Oct/2010:22:48:26 +0100] "GET /repositories/test.git/HEAD HTTP/1.1" 200 23
192.168.10.97 - - [05/Oct/2010:22:48:28 +0100] "PROPFIND /repositories/test.git/ HTTP/1.1" 405 248

That is when I was trying to "push" back to the repo, but they are GET commands and no POST. not sure what the PROPFIND is, not found much info on that yet. I think, (reading around), there might be some sort of rewrite going on, that is changing the POST to a GET and killing it, or something. I am out of my depth at this point though.

Thanks

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

OK, so hell has frozen over and I have finally got this working!

I believe there were two things that were fundamentally wrong with my setup.

1) The user was not getting authentication passed through, I found this helped:

SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

Secondly I couldn't get the physical "Directory" to work.

<Directory "C:/GIT/Apache/repositories">
Options +ExecCGI
AuthType Basic
AuthName intranet
AuthUserFile "C:/GIT/Apache/config/users"
Require valid-user
</Directory>

To resolve this I used locationMatch for both the pull and push. This means you have to authenticate to pull and push. If you wanted annoy pulling you can remove the "git-upload-pack" section.

Hope this may help someone else.

Here is my final httpd.conf file:

DocumentRoot "C:/GIT/Apache/www"

<Directory />
Options +ExecCGI
Allow from all  
</Directory>

<Directory "C:/GIT/Apache/www">
  Allow from all
</Directory>

<Directory "C:/GIT/Apache/www/secure">
AuthType Basic
AuthName intranet
AuthUserFile "C:/GIT/Apache/config/users"
require valid-user
</Directory>

SetEnv GIT_PROJECT_ROOT C:/GIT/Apache/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAliasMatch 
    "(?x)^/(.*/(HEAD | 
                    info/refs | 
                    objects/(info/[^/]+ | 
                             [0-9a-f]{2}/[0-9a-f]{38} | 
                             pack/pack-[0-9a-f]{40}.(pack|idx)) | 
                    git-(upload|receive)-pack))$" 
                    "C:/Program Files/git/libexec/git-core/git-http-backend.exe/$1"


<LocationMatch "^/.*/git-receive-pack$">
Options +ExecCGI
AuthType Basic
AuthName intranet
AuthUserFile "C:/GIT/Apache/config/users"
Require valid-user
</LocationMatch>

<LocationMatch "^/.*/git-upload-pack$">
Options +ExecCGI
AuthType Basic
AuthName intranet
AuthUserFile "C:/GIT/Apache/config/users"
Require valid-user
</LocationMatch>

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...