Secure push and pull with git-http-backend
Secure push and pull with git-http-backend

I am setting up a new repository machine for my code. I will be setting it up with Active Directory later on, but I figured my basic setup would be a good starting point for most people.

My new repo box is on CentOS. I installed Git on my server from the EPEL repository. All the commands in this tutorial will be done from sudo.

I created a simple password file on my server using this command.

$ htpasswd -c path/to/file/passwords user-name

To add a user to the existing password file do:

$ htpasswd path/to/file/passwords new-user-name

If you want to add repository level permissions to your repositories add a groups file:

$ vim path/to/file/groups

then add:

new_repo: user-name

Then I setup my Apache config to include.

NameVirtualHost *:80

<VirtualHost *:80>
  SetEnv GIT_PROJECT_ROOT /path/to/repos
  SetEnv GIT_HTTP_EXPORT_ALL
  SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
  ScriptAlias / /usr/bin/git-http-backend/

  ServerName example.com
  ServerAlias www.example.com

  DocumentRoot "/path/to/repos"

  <Directory "/path/to/repos">
  Options None
  AllowOverride None
  Order allow,deny
  Allow from all
  </Directory>

  <Location />
  AuthType Basic
  AuthName "Git Access"
  AuthUserFile path/to/file/passwords
  Require valid-user
  </Location>

  # Only required if you are using repository level permissions
  <Location /new_repo.git>
  AuthType Basic
  AuthName "New Repo Access"
  AuthUserFile path/to/file/passwords
  AuthGroupFile path/to/file/groups
  Require group new_repo
  </Location>

  ErrorLog /path/to/log/httpd/repo/repo-error_log
  CustomLog /path/to/log/httpd/repo/repo-access_log combined
  ServerSignature Off
</VirtualHost>

Now to add your code, do the following on the server in: /path/to/repos

$ git init --bare new_repo.git
$ chown -R apache:apache new_repo.git
$ mv new_repo.git/hooks/post-update.sample new_repo.git/hooks/post-update
$ cd new_repo.git
$ git update-server-info

Now you can access your repo with:

$ git clone http://user-name@example.com/new_repo.git

Or associate this new remote repository with an existing repository, do this to your existing repository:

$ git remote add origin http://user-name@example.com/new_repo.git

You should be all set…

September 26, 2011
275 words

Tags
Apache Git git-http-backend

Similar Posts

Will Stevens (swill)

Find me online...