1

I have a git repository in Apache server. How can allow my developers to have full access i.e read and write access to the repository. I am working on windows platform.

user3053286
  • 23
  • 3

1 Answers1

0

The idea is to call git directly from the httpd Apache config file using the git-http-backend exe.
This is part of the smart http protocol, that I mention in this answer.

Env GIT_PROJECT_ROOT C:/GIT/Apache/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAliasMatch \
    "(?x)^/(.*/(HEAD | \
                    info/refs | \
                    objects/(info/[^/]+ | \
                             [0-9a-f]{2}/[0-9a-f]{38} | \
                             pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                    git-(upload|receive)-pack))$" \
                    "C:/Program Files/git/libexec/git-core/git-http-backend.exe/$1"

That script (which is in any Git distribution) will be able to get a git query over http and return the result.

You can find a complete example in "Setting up Git Server on Windows With git-http-backend.exe"

For a finer-grained access level control, you can add an authorization layer like gitolite in your httpd.conf (gitolite will then call hit-http-backend if it authorizes the git query).
I use it in cunjunction with an LDAP (for the authentication part), but you don't have to use an LDAP, just make sure your Apache config is set up to authenticate users first, in order for gitolite to have an user id to work with (allow or deny).

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Is it possible to achieve anonymous pull and authenticated push. Any example of this would be a great help – user3053286 Jun 12 '14 at 14:26
  • @user3053286 easy with gitolite (http://stackoverflow.com/a/13796467/6309). Without gitolite: http://tommi.org/2012/01/git-through-apache-anonymous-pull-but-authenticated-push/ – VonC Jun 12 '14 at 14:28
  • but gitolite makes use of ssh key which is not firewall friendly. – user3053286 Jun 12 '14 at 14:47
  • @user3053286 no, gitolite can use Apache user authentication, not just ssh. It is an authorization layer (http://gitolite.com/gitolite/auth.html), not an authentication one. – VonC Jun 12 '14 at 14:47
  • Hi can you please explain these commands RewriteCond %{QUERY_STRING} service=git-receive-pack [OR,NC] RewriteCond %{REQUEST_URI} ^/git/.*/git-receive-pack$ [NC] RewriteRule .* - [E=AUTHREQUIRED:yes] Is it same for apache 2.4 – user3053286 Jun 18 '14 at 12:39
  • @user3053286 where did you see that config? – VonC Jun 18 '14 at 13:19
  • In [this link](http://tommi.org/2012/01/git-through-apache-anonymous-pull-but-authenticated-push/) – user3053286 Jun 18 '14 at 14:58
  • @user3053286 that seems to call `git-receive-pack` on `git push`. Note that this is a good question on its own that you could ask on Stack Overflow, instead of asking in the comment section of an existing question. – VonC Jun 18 '14 at 15:00
  • @user3053286 it is best to ask on Stack Overflow, that way other specialists (not just me) can help too. – VonC Jun 18 '14 at 15:13
  • I tried with [this](http://tommi.org/2012/01/git-through-apache-anonymous-pull-but-authenticated-push/) but no success – user3053286 Jun 18 '14 at 15:22
  • @user3053286 surely you have a question to ask then, where you would refer to that article, but also details the OS, version of git and apache used, as well as what you saw in apache logs. – VonC Jun 18 '14 at 15:25