1GIT-HTTP-BACKEND(1)               Git Manual               GIT-HTTP-BACKEND(1)
2
3
4

NAME

6       git-http-backend - Server side implementation of Git over HTTP
7

SYNOPSIS

9       git http-backend
10
11

DESCRIPTION

13       A simple CGI program to serve the contents of a Git repository to Git
14       clients accessing the repository over http:// and https:// protocols.
15       The program supports clients fetching using both the smart HTTP
16       protocol and the backwards-compatible dumb HTTP protocol, as well as
17       clients pushing using the smart HTTP protocol.
18
19       It verifies that the directory has the magic file
20       "git-daemon-export-ok", and it will refuse to export any Git directory
21       that hasn’t explicitly been marked for export this way (unless the
22       GIT_HTTP_EXPORT_ALL environmental variable is set).
23
24       By default, only the upload-pack service is enabled, which serves git
25       fetch-pack and git ls-remote clients, which are invoked from git fetch,
26       git pull, and git clone. If the client is authenticated, the
27       receive-pack service is enabled, which serves git send-pack clients,
28       which is invoked from git push.
29

SERVICES

31       These services can be enabled/disabled using the per-repository
32       configuration file:
33
34       http.getanyfile
35           This serves Git clients older than version 1.6.6 that are unable to
36           use the upload pack service. When enabled, clients are able to read
37           any file within the repository, including objects that are no
38           longer reachable from a branch but are still present. It is enabled
39           by default, but a repository can disable it by setting this
40           configuration item to false.
41
42       http.uploadpack
43           This serves git fetch-pack and git ls-remote clients. It is enabled
44           by default, but a repository can disable it by setting this
45           configuration item to false.
46
47       http.receivepack
48           This serves git send-pack clients, allowing push. It is disabled by
49           default for anonymous users, and enabled by default for users
50           authenticated by the web server. It can be disabled by setting this
51           item to false, or enabled for all users, including anonymous users,
52           by setting it to true.
53

URL TRANSLATION

55       To determine the location of the repository on disk, git http-backend
56       concatenates the environment variables PATH_INFO, which is set
57       automatically by the web server, and GIT_PROJECT_ROOT, which must be
58       set manually in the web server configuration. If GIT_PROJECT_ROOT is
59       not set, git http-backend reads PATH_TRANSLATED, which is also set
60       automatically by the web server.
61

EXAMPLES

63       All of the following examples map http://$hostname/git/foo/bar.git to
64       /var/www/git/foo/bar.git.
65
66       Apache 2.x
67           Ensure mod_cgi, mod_alias, and mod_env are enabled, set
68           GIT_PROJECT_ROOT (or DocumentRoot) appropriately, and create a
69           ScriptAlias to the CGI:
70
71               SetEnv GIT_PROJECT_ROOT /var/www/git
72               SetEnv GIT_HTTP_EXPORT_ALL
73               ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
74
75           To enable anonymous read access but authenticated write access,
76           require authorization for both the initial ref advertisement (which
77           we detect as a push via the service parameter in the query string),
78           and the receive-pack invocation itself:
79
80               RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
81               RewriteCond %{REQUEST_URI} /git-receive-pack$
82               RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
83
84               <LocationMatch "^/git/">
85                       Order Deny,Allow
86                       Deny from env=AUTHREQUIRED
87
88                       AuthType Basic
89                       AuthName "Git Access"
90                       Require group committers
91                       Satisfy Any
92                       ...
93               </LocationMatch>
94
95           If you do not have mod_rewrite available to match against the query
96           string, it is sufficient to just protect git-receive-pack itself,
97           like:
98
99               <LocationMatch "^/git/.*/git-receive-pack$">
100                       AuthType Basic
101                       AuthName "Git Access"
102                       Require group committers
103                       ...
104               </LocationMatch>
105
106           In this mode, the server will not request authentication until the
107           client actually starts the object negotiation phase of the push,
108           rather than during the initial contact. For this reason, you must
109           also enable the http.receivepack config option in any repositories
110           that should accept a push. The default behavior, if
111           http.receivepack is not set, is to reject any pushes by
112           unauthenticated users; the initial request will therefore report
113           403 Forbidden to the client, without even giving an opportunity for
114           authentication.
115
116           To require authentication for both reads and writes, use a Location
117           directive around the repository, or one of its parent directories:
118
119               <Location /git/private>
120                       AuthType Basic
121                       AuthName "Private Git Access"
122                       Require group committers
123                       ...
124               </Location>
125
126           To serve gitweb at the same url, use a ScriptAliasMatch to only
127           those URLs that git http-backend can handle, and forward the rest
128           to gitweb:
129
130               ScriptAliasMatch \
131                       "(?x)^/git/(.*/(HEAD | \
132                                       info/refs | \
133                                       objects/(info/[^/]+ | \
134                                                [0-9a-f]{2}/[0-9a-f]{38} | \
135                                                pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
136                                       git-(upload|receive)-pack))$" \
137                       /usr/libexec/git-core/git-http-backend/$1
138
139               ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/
140
141           To serve multiple repositories from different gitnamespaces(7) in a
142           single repository:
143
144               SetEnvIf Request_URI "^/git/([^/]*)" GIT_NAMESPACE=$1
145               ScriptAliasMatch ^/git/[^/]*(.*) /usr/libexec/git-core/git-http-backend/storage.git$1
146
147
148       Accelerated static Apache 2.x
149           Similar to the above, but Apache can be used to return static files
150           that are stored on disk. On many systems this may be more efficient
151           as Apache can ask the kernel to copy the file contents from the
152           file system directly to the network:
153
154               SetEnv GIT_PROJECT_ROOT /var/www/git
155
156               AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /var/www/git/$1
157               AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1
158               ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
159
160           This can be combined with the gitweb configuration:
161
162               SetEnv GIT_PROJECT_ROOT /var/www/git
163
164               AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /var/www/git/$1
165               AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1
166               ScriptAliasMatch \
167                       "(?x)^/git/(.*/(HEAD | \
168                                       info/refs | \
169                                       objects/info/[^/]+ | \
170                                       git-(upload|receive)-pack))$" \
171                       /usr/libexec/git-core/git-http-backend/$1
172               ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/
173
174
175       Lighttpd
176           Ensure that mod_cgi, mod_alias, mod_auth, mod_setenv are loaded,
177           then set GIT_PROJECT_ROOT appropriately and redirect all requests
178           to the CGI:
179
180               alias.url += ( "/git" => "/usr/lib/git-core/git-http-backend" )
181               $HTTP["url"] =~ "^/git" {
182                       cgi.assign = ("" => "")
183                       setenv.add-environment = (
184                               "GIT_PROJECT_ROOT" => "/var/www/git",
185                               "GIT_HTTP_EXPORT_ALL" => ""
186                       )
187               }
188
189           To enable anonymous read access but authenticated write access:
190
191               $HTTP["querystring"] =~ "service=git-receive-pack" {
192                       include "git-auth.conf"
193               }
194               $HTTP["url"] =~ "^/git/.*/git-receive-pack$" {
195                       include "git-auth.conf"
196               }
197
198           where git-auth.conf looks something like:
199
200               auth.require = (
201                       "/" => (
202                               "method" => "basic",
203                               "realm" => "Git Access",
204                               "require" => "valid-user"
205                              )
206               )
207               # ...and set up auth.backend here
208
209           To require authentication for both reads and writes:
210
211               $HTTP["url"] =~ "^/git/private" {
212                       include "git-auth.conf"
213               }
214
215

ENVIRONMENT

217       git http-backend relies upon the CGI environment variables set by the
218       invoking web server, including:
219
220       ·   PATH_INFO (if GIT_PROJECT_ROOT is set, otherwise PATH_TRANSLATED)
221
222       ·   REMOTE_USER
223
224       ·   REMOTE_ADDR
225
226       ·   CONTENT_TYPE
227
228       ·   QUERY_STRING
229
230       ·   REQUEST_METHOD
231
232       The GIT_HTTP_EXPORT_ALL environmental variable may be passed to
233       git-http-backend to bypass the check for the "git-daemon-export-ok"
234       file in each repository before allowing export of that repository.
235
236       The GIT_HTTP_MAX_REQUEST_BUFFER environment variable (or the
237       http.maxRequestBuffer config variable) may be set to change the largest
238       ref negotiation request that git will handle during a fetch; any fetch
239       requiring a larger buffer will not succeed. This value should not
240       normally need to be changed, but may be helpful if you are fetching
241       from a repository with an extremely large number of refs. The value can
242       be specified with a unit (e.g., 100M for 100 megabytes). The default is
243       10 megabytes.
244
245       The backend process sets GIT_COMMITTER_NAME to $REMOTE_USER and
246       GIT_COMMITTER_EMAIL to ${REMOTE_USER}@http.${REMOTE_ADDR}, ensuring
247       that any reflogs created by git-receive-pack contain some identifying
248       information of the remote user who performed the push.
249
250       All CGI environment variables are available to each of the hooks
251       invoked by the git-receive-pack.
252

GIT

254       Part of the git(1) suite
255
256
257
258Git 2.21.0                        02/24/2019               GIT-HTTP-BACKEND(1)
Impressum