Secure push and pull with git-http-backend
09/26/2011
I am setting up a new repository machine for my code. I will be setting it up with Active Directory later on, but I figured my basic setup would be a good starting point for most people.
My new repo box is on CentOS. I installed Git on my server from the EPEL repository. All the commands in this tutorial will be done from sudo.
I created a simple password file on my server using this command.
htpasswd -c path/to/file/passwords user-name
To add a user to the existing password file do:
htpasswd path/to/file/passwords new-user-name
If you want to add repository level permissions to your repositories add a groups file:
vim path/to/file/groups
then add: new_repo: user-name
Then I setup my Apache config to include.
NameVirtualHost *:80
<VirtualHost *:80>
SetEnv GIT_PROJECT_ROOT /path/to/repos
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias / /usr/bin/git-http-backend/
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/path/to/repos"
<Directory "/path/to/repos">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Location />
AuthType Basic
AuthName "Git Access"
AuthUserFile path/to/file/passwords
Require valid-user
</Location>
# Only required if you are using repository level permissions
<Location /new_repo.git>
AuthType Basic
AuthName "New Repo Access"
AuthUserFile path/to/file/passwords
AuthGroupFile path/to/file/groups
Require group new_repo
</Location>
ErrorLog /path/to/log/httpd/repo/repo-error_log
CustomLog /path/to/log/httpd/repo/repo-access_log combined
ServerSignature Off
</VirtualHost>
Now to add your code, do the following on the server in: /path/to/repos
git init --bare new_repo.git
chown -R apache:apache new_repo.git
mv new_repo.git/hooks/post-update.sample new_repo.git/hooks/post-update
cd new_repo.git
git update-server-info
Now you can access your repo with:
git clone http://user-name@example.com/new_repo.git
Or associate this new remote repository with an existing repository, do this to your existing repository:
git remote add origin http://user-name@example.com/new_repo.git
You should be all set...
Tags
1and1
Apache
Audio
Austin Hill
Automator
Budget Travel
Career
cloud foundry
Community
Consulting
Cyberduck
Debian
Development
Drupal
EC2
European Travel
Eurotrip
ffmpegx
Framework
Git
git-http-backend
github
GiveMeaning
Image
Mac
Macports
Memcached
Mesh Conference
mod_python
Mongrel
Mongrel Cluster
Mouse Gestures
MySQL
NginX
node.js
Package Management
Parallels
Philanthropy
PHP
Preview
Python
Rails
Rapid Development
Relational Scaling
Resize
Rip
RoR
Ruby On Rails
S3
Satchmo
SimpleDB
SQS
Textmate
Tom Williams
Trends
Ubuntu
Web
Web Services
Wordpress
Workflow
Will Stevens
I am a software developer with a primary focus on web applications. I am always trying to find new and better ways to solve business problems with elegant software.