Secure push and pull with git-http-backend
Secure push and pull with git-http-backend
I am setting up a new repository machine for my code. I will be setting it up with Active Directory later on, but I figured my basic setup would be a good starting point for most people.
My new repo box is on CentOS. I installed Git on my server from the
EPEL repository. All the commands in
this tutorial will be done from sudo
.
I created a simple password file on my server using this command.
$ htpasswd -c path/to/file/passwords user-name
To add a user to the existing password file do:
$ htpasswd path/to/file/passwords new-user-name
If you want to add repository level permissions to your repositories add a groups file:
$ vim path/to/file/groups
then add:
new_repo: user-name
Then I setup my Apache config to include.
NameVirtualHost *:80
<VirtualHost *:80>
SetEnv GIT_PROJECT_ROOT /path/to/repos
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias / /usr/bin/git-http-backend/
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/path/to/repos"
<Directory "/path/to/repos">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Location />
AuthType Basic
AuthName "Git Access"
AuthUserFile path/to/file/passwords
Require valid-user
</Location>
# Only required if you are using repository level permissions
<Location /new_repo.git>
AuthType Basic
AuthName "New Repo Access"
AuthUserFile path/to/file/passwords
AuthGroupFile path/to/file/groups
Require group new_repo
</Location>
ErrorLog /path/to/log/httpd/repo/repo-error_log
CustomLog /path/to/log/httpd/repo/repo-access_log combined
ServerSignature Off
</VirtualHost>
Now to add your code, do the following on the server in: /path/to/repos
$ git init --bare new_repo.git
$ chown -R apache:apache new_repo.git
$ mv new_repo.git/hooks/post-update.sample new_repo.git/hooks/post-update
$ cd new_repo.git
$ git update-server-info
Now you can access your repo with:
$ git clone http://user-name@example.com/new_repo.git
Or associate this new remote repository with an existing repository, do this to your existing repository:
$ git remote add origin http://user-name@example.com/new_repo.git
You should be all set…