I need to set up Git repositories on a Windows server. Requirements are:
I've done a standard Git installation and added these lines to Apache's httpd.conf
file:
SetEnv GIT_PROJECT_ROOT "D:/srv/git"
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ "C:/Program Files/Git/mingw64/libexec/git-core/git-http-backend/"
<Location "/git/testproject.git">
AuthType Basic
require group developers
AuthName "Git test project"
AuthUserFile D:/srv/gitauth/auth.txt
AuthGroupFile D:/srv/gitauth/groups.txt
</Location>
"C:/Program Files/Git/mingw64/libexec/git-core/git-http-backend/"
is the place where I found the git-http-backend
executable on Windows. auth.txt
is a file created with htpasswd
containing a username/password for my user, and groups.txt
contains a line defining that my user is in a group named developers
.
For testing I've set up a repository in D:/srv/git/testproject.git
.
From my client computer, I tried to clone this repository and got this error:
git clone https://[serverurl]/git/testproject.git
Cloning into 'testproject'...
fatal: unable to access 'https://[serverurl]/git/testproject.git/': The requested URL returned error: 403
Apache's error.log has this error message:
[Wed Aug 23 18:39:10 2017] [error] [client 192.168.130.80] client denied by server configuration: C:/Program Files/Git/mingw64/libexec/git-core/git-http-backend
I did not find a way to make this work. I'm also not very familiar with Apache, unfortunately.
Is this configuration correct?
I'm not even sure if the SetEnv
and ScriptAlias
commands are good in httpd.conf
or if they should be placed somewhere else. I've read various tutorials and blog posts, most suggesting different places which do not exist on my Apache installation (maybe the Windows environment is different...?).
Any help would be greatly appreciated!
After some more hours of research and testing, I finally got it running and managed to set it up to meet my requirements.
Here's what I had to add to Apache's configuration to make this work:
# 1. allow access to CGI directory, where git-http-backend.exe is located
<Directory "C:/Progra~1/Git/mingw64/libexec/git-core/">
Options +ExecCGI
Allow From All
</Directory>
# 2. Define where GIT projects are located and create /git/ script alias
SetEnv GIT_PROJECT_ROOT "D:/srv/git"
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ "C:/Progra~1/Git/mingw64/libexec/git-core/git-http-backend.exe/"
# 3. Restricting access to /git/ root, otherwise not yet defined projects could be read
# without restriction.
<Location "/git/">
AuthType Basic
AuthName "git"
AuthUserFile D:/srv/auth_files/htpasswd.txt
Require all denied
</Location>
# 4. For every project a section like this must be created in order to allow access to it.
<Location "/git/testproject.git/">
AuthType Basic
AuthName "git test repository"
AuthUserFile D:/srv/auth_files/htpasswd.txt
AuthGroupFile D:/srv/auth_files/git_groups.txt
Require group developers
</Location>
<Location "/git/other_project.git/">
AuthType Basic
AuthName "git test repository"
AuthUserFile D:/srv/auth_files/htpasswd.txt
AuthGroupFile D:/srv/auth_files/git_groups.txt
Require group developers managers
Require user sky
AuthzGroupFileAuthoritative Off
</Location>
other_project.git
allows two groups and a user to have access. Apache 2.2 has the AuthzGroupFileAuthoritative Off
setting, to make this work properly. Without this only user sky in groups developers or managers would have access. In Apache 2.4 this could be done in a nicer way with a <RequireAny>
block.git clone https://[serverurl]/git/testproject.git
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With