1GIT-DAEMON(1) Git Manual GIT-DAEMON(1)
2
6 git-daemon - A really simple server for git repositories
7
9 git daemon [--verbose] [--syslog] [--export-all]
10 [--timeout=n] [--init-timeout=n] [--max-connections=n]
11 [--strict-paths] [--base-path=path] [--base-path-relaxed]
12 [--user-path | --user-path=path]
13 [--interpolated-path=pathtemplate]
14 [--reuseaddr] [--detach] [--pid-file=file]
15 [--enable=service] [--disable=service]
16 [--allow-override=service] [--forbid-override=service]
17 [--inetd | [--listen=host_or_ipaddr] [--port=n] [--user=user [--group=group]]
18 [directory...]
19
22 A really simple TCP git daemon that normally listens on port
23 "DEFAULT_GIT_PORT" aka 9418. It waits for a connection asking for a
24 service, and will serve that service if it is enabled.
25 It verifies that the directory has the magic file
27 "git-daemon-export-ok", and it will refuse to export any git directory
28 that hasn’t explicitly been marked for export this way (unless the
29 --export-all parameter is specified). If you pass some directory paths
30 as git daemon arguments, you can further restrict the offers to a
31 whitelist comprising of those.
32 By default, only upload-pack service is enabled, which serves git
34 fetch-pack and git ls-remote clients, which are invoked from git fetch,
35 git pull, and git clone.
36 This is ideally suited for read-only updates, i.e., pulling from git
38 repositories.
39 An upload-archive also exists to serve git archive.
41
43 --strict-paths
44 Match paths exactly (i.e. don’t allow "/foo/repo" when the real
45 path is "/foo/repo.git" or "/foo/repo/.git") and don’t do
46 user-relative paths. git daemon will refuse to start when this
47 option is enabled and no whitelist is specified.
48 --base-path=path
50 Remap all the path requests as relative to the given path. This is
51 sort of "GIT root" - if you run git daemon with
52 --base-path=/srv/git on example.com, then if you later try to pull
53 git://example.com/hello.git, git daemon will interpret the path as
54 /srv/git/hello.git.
55 --base-path-relaxed
57 If --base-path is enabled and repo lookup fails, with this option
58 git daemon will attempt to lookup without prefixing the base path.
59 This is useful for switching to --base-path usage, while still
60 allowing the old paths.
61 --interpolated-path=pathtemplate
63 To support virtual hosting, an interpolated path template can be
64 used to dynamically construct alternate paths. The template
65 supports %H for the target hostname as supplied by the client but
66 converted to all lowercase, %CH for the canonical hostname, %IP for
67 the server’s IP address, %P for the port number, and %D for the
68 absolute path of the named repository. After interpolation, the
69 path is validated against the directory whitelist.
70 --export-all
72 Allow pulling from all directories that look like GIT repositories
73 (have the objects and refs subdirectories), even if they do not
74 have the git-daemon-export-ok file.
75 --inetd
77 Have the server run as an inetd service. Implies --syslog.
78 Incompatible with --port, --listen, --user and --group options.
79 --listen=host_or_ipaddr
81 Listen on a specific IP address or hostname. IP addresses can be
82 either an IPv4 address or an IPv6 address if supported. If IPv6 is
83 not supported, then --listen=hostname is also not supported and
84 --listen must be given an IPv4 address. Incompatible with --inetd
85 option.
86 --port=n
88 Listen on an alternative port. Incompatible with --inetd option.
89 --init-timeout=n
91 Timeout between the moment the connection is established and the
92 client request is received (typically a rather low value, since
93 that should be basically immediate).
94 --timeout=n
96 Timeout for specific client sub-requests. This includes the time it
97 takes for the server to process the sub-request and the time spent
98 waiting for the next client’s request.
99 --max-connections=n
101 Maximum number of concurrent clients, defaults to 32. Set it to
102 zero for no limit.
103 --syslog
105 Log to syslog instead of stderr. Note that this option does not
106 imply --verbose, thus by default only error conditions will be
107 logged.
108 --user-path, --user-path=path
110 Allow ~user notation to be used in requests. When specified with no
111 parameter, requests to git://host/~alice/foo is taken as a request
112 to access foo repository in the home directory of user alice. If
113 --user-path=path is specified, the same request is taken as a
114 request to access path/foo repository in the home directory of user
115 alice.
116 --verbose
118 Log details about the incoming connections and requested files.
119 --reuseaddr
121 Use SO_REUSEADDR when binding the listening socket. This allows the
122 server to restart without waiting for old connections to time out.
123 --detach
125 Detach from the shell. Implies --syslog.
126 --pid-file=file
128 Save the process id in file. Ignored when the daemon is run under
129 --inetd.
130 --user=user, --group=group
132 Change daemon’s uid and gid before entering the service loop. When
133 only --user is given without --group, the primary group ID for the
134 user is used. The values of the option are given to getpwnam(3) and
135 getgrnam(3) and numeric IDs are not supported.
136 Giving these options is an error when used with --inetd; use the
138 facility of inet daemon to achieve the same before spawning git
139 daemon if needed.
140 --enable=service, --disable=service
142 Enable/disable the service site-wide per default. Note that a
143 service disabled site-wide can still be enabled per repository if
144 it is marked overridable and the repository enables the service
145 with a configuration item.
146 --allow-override=service, --forbid-override=service
148 Allow/forbid overriding the site-wide default with per repository
149 configuration. By default, all the services are overridable.
150 <directory>
152 A directory to add to the whitelist of allowed directories. Unless
153 --strict-paths is specified this will also include subdirectories
154 of each named directory.
155
157 These services can be globally enabled/disabled using the command line
158 options of this command. If a finer-grained control is desired (e.g. to
159 allow git archive to be run against only in a few selected repositories
160 the daemon serves), the per-repository configuration file can be used
161 to enable or disable them.
162 upload-pack
164 This serves git fetch-pack and git ls-remote clients. It is enabled
165 by default, but a repository can disable it by setting
166 daemon.uploadpack configuration item to false.
167 upload-archive
169 This serves git archive --remote. It is disabled by default, but a
170 repository can enable it by setting daemon.uploadarch configuration
171 item to true.
172 receive-pack
174 This serves git send-pack clients, allowing anonymous push. It is
175 disabled by default, as there is no authentication in the protocol
176 (in other words, anybody can push anything into the repository,
177 including removal of refs). This is solely meant for a closed LAN
178 setting where everybody is friendly. This service can be enabled by
179 daemon.receivepack configuration item to true.
180
182 We assume the following in /etc/services
183 $ grep 9418 /etc/services
185 git 9418/tcp # Git Version Control System
186 git daemon as inetd server
189 To set up git daemon as an inetd service that handles any
190 repository under the whitelisted set of directories, /pub/foo and
191 /pub/bar, place an entry like the following into /etc/inetd all on
192 one line:
193 git stream tcp nowait nobody /usr/bin/git
195 git daemon --inetd --verbose --export-all
196 /pub/foo /pub/bar
197 git daemon as inetd server for virtual hosts
200 To set up git daemon as an inetd service that handles repositories
201 for different virtual hosts, www.example.com and www.example.org,
202 place an entry like the following into /etc/inetd all on one line:
203 git stream tcp nowait nobody /usr/bin/git
205 git daemon --inetd --verbose --export-all
206 --interpolated-path=/pub/%H%D
207 /pub/www.example.org/software
208 /pub/www.example.com/software
209 /software
210 In this example, the root-level directory /pub will contain a
212 subdirectory for each virtual host name supported. Further, both
213 hosts advertise repositories simply as
214 git://www.example.com/software/repo.git. For pre-1.4.0 clients, a
215 symlink from /software into the appropriate default repository
216 could be made as well.
217 git daemon as regular daemon for virtual hosts
219 To set up git daemon as a regular, non-inetd service that handles
220 repositories for multiple virtual hosts based on their IP
221 addresses, start the daemon like this:
222 git daemon --verbose --export-all
224 --interpolated-path=/pub/%IP/%D
225 /pub/192.168.1.200/software
226 /pub/10.10.220.23/software
227 In this example, the root-level directory /pub will contain a
229 subdirectory for each virtual host IP address supported.
230 Repositories can still be accessed by hostname though, assuming
231 they correspond to these IP addresses.
232 selectively enable/disable services per repository
234 To enable git archive --remote and disable git fetch against a
235 repository, have the following in the configuration file in the
236 repository (that is the file config next to HEAD, refs and
237 objects).
238 [daemon]
240 uploadpack = false
241 uploadarch = true
242
245 git daemon will set REMOTE_ADDR to the IP address of the client that
246 connected to it, if the IP address is available. REMOTE_ADDR will be
247 available in the environment of hooks called when services are
248 performed.
249
251 Written by Linus Torvalds <torvalds@osdl.org[1]>, YOSHIFUJI Hideaki
252 <yoshfuji@linux-ipv6.org[2]> and the git-list <git@vger.kernel.org[3]>
253
255 Documentation by Junio C Hamano and the git-list
256 <git@vger.kernel.org[3]>.
257
259 Part of the git(1) suite
260
262 1. torvalds@osdl.org
263 mailto:torvalds@osdl.org
264 2. yoshfuji@linux-ipv6.org
266 mailto:yoshfuji@linux-ipv6.org
267 3. git@vger.kernel.org
269 mailto:git@vger.kernel.org
270Git 1.7.1 08/16/2017 GIT-DAEMON(1)