Setting up Git Server on Windows With git-http-backend.exe

Question

I am in the process of setting up a Git server (1.7.2.3) on a WS 2008 machine using Apache and git-http-backend.exe. I have been following a good tut here. I have the GUI working, I can annoymously clone and if I put the following in the config of a repo I can annoymously push:

[http]  receivepack = true 

I have added the following to the httpd.conf file:

SetEnv GIT_PROJECT_ROOT C:/GIT/Repositories SetEnv GIT_HTTP_EXPORT_ALL ScriptAliasMatch \         "(?x)^/(.*/(HEAD | \                     info/refs | \                     objects/(info/[^/]+ | \                              [0-9a-f]{2}/[0-9a-f]{38} | \                              pack/pack-[0-9a-f]{40}\.(pack|idx)) | \                     git-(upload|receive)-pack))$" \                     "C:/Program Files (x86)/git/libexec/git-core/git-http-backend.exe/$1"  <Directory />   Allow from all </Directory>  <LocationMatch "^/git/.*/git-receive-pack$">         AuthType Basic         AuthName "Git Access"   AuthUserFile C:/GIT/ApacheConfig/users   AuthGroupFile  C:/GIT/ApacheConfig/groups         Require group repogeneral         </LocationMatch> 

When I add the "LocationMatch" I can still clone annoymously or by specifying a name in the URL, git clone http://[email protected]

It will prompt for a password and clone.

but when I try to push back to the repo I get the following:

error: Cannot access URL http://[email protected]/newtestrepo.git/, return code 22 fatal: git-http-push failed

I have been looking at the http-backend.exe man page for examples but can not get them to work.

here is my groups file, (this is just testing out examples so nothing that would be used in prod):

admin: jon steve admin webview: jon steve web repogeneral: jon steve testrepo: jon admin testrepo2: jon steve web 

here is the users file:

jon:$apr1$kEKVExYx$guIF9oYV8buGhFLZr16XN0 steve:$apr1$jvgjF9nv$PvWsHH.cSOBN5ymk6NT1B0 admin:$apr1$vzXgDskN$oszCei3tkHNUgtLj2HkHF/ web:$apr1$wS0do7hb$VA9tsc9c9LwY5PcjfhdwK0 

I know the username jon works as if I put the directory requirement on the gui section I can login with the username jon no problem, (points at the same user and group files as the locationmatch does).

I am not sure what configuration I have missed off at this point, (assuming its a configuration issue).

Any advice on getting over this last hurdle would be fantastic.

EDIT

I have been playing some more and here is the information I have:

if I clone a repo with:

git clone http://[email protected]/remotetest.git 

I can get the repository out, but when I try and push back with:

git push origin master

I get asked for my password, I enter it, then it asks for it again, then I get the following error:

C:\temp\remotetest\remotetest>git push origin master Password: Password: error: Cannot access URL http://[email protected]/remotetest.git/, return code 22 fatal: git-http-push failed

In my Apache access.log I get the following:

192.168.1.2 - - [29/Sep/2010:21:58:19 +0100] "GET /remotetest.git/info/refs?service=git-upload-pack HTTP/1.1" 200 38 192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/info/refs?service=git-receive-pack HTTP/1.1" 403 - 192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/info/refs HTTP/1.1" 200 - 192.168.1.2 - - [29/Sep/2010:21:58:51 +0100] "GET /remotetest.git/HEAD HTTP/1.1" 200 23 

Interestingly when I clone with the username in the URL it doesn't matter what password I put in, it will still work. I am assuming this is because I should be able to pull anonymously. Not sure why it asks for a password at all at that point.

I also see this in the logs error:

[Wed Sep 29 22:33:00 2010] [error] [client 192.168.1.2] client denied by server configuration: C:/Program Files (x86)/Git/libexec/git-core/git-http-backend.exe [Wed Sep 29 22:33:00 2010] [error] [client 192.168.1.2] client denied by server configuration: C:/Program Files (x86)/Git/libexec/git-core/git-http-backend.exe 

EDIT 2

I tried recreating the password file by doing:

htpasswd -c -m C:/git/apacheconfig/users jon 

but this didn't help.

EDIT 3

the PHP config in httpd.conf where it uses the same users file for basic auth:

<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">     AuthName "GitUsers"     AuthType Basic     AuthUserFile C:/GIT/ApacheConfig/users AuthGroupFile  C:/GIT/ApacheConfig/groups      require group webview </Directory> 

EDIT 4

OK so I can get to cloning and pushing in annoymous mode happily, but authentication fails for the push.

C:\temp\test2\temp\test>git push origin master Password: Password: error: Cannot access URL http://[email protected]:8000/repositories/test.git/, return code 22 fatal: git-http-push failed 

I changed the httpd.conf to use the following:

<VirtualHost *:80>     SetEnv GIT_PROJECT_ROOT "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories"     SetEnv GIT_HTTP_EXPORT_ALL      <Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories">        Options Indexes FollowSymLinks MultiViews Includes ExecCGI        AllowOverride None        Order allow,deny        Allow from all     </Directory>      <LocationMatch "^/repositories/.*/git-receive-pack$">         AuthType Basic         AuthName "Git Access"         AuthUserFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/repositories/.htpasswd"         Require valid-user     </LocationMatch>     ScriptAliasMatch \             "(?x)^/repositories/(.*/(HEAD | \                             info/refs | \                             objects/(info/[^/]+ | \                                      [0-9a-f]{2}/[0-9a-f]{38} | \                                      pack/pack-[0-9a-f]{40}\.(pack|idx)) | \                             git-(upload|receive)-pack))$" \             "C:/Program Files (x86)/Git/libexec/git-core/git-http-backend/$1"      ErrorLog C:/GIT/error_log     CustomLog C:/GIT/access_log combined </VirtualHost> 

Interestingly, when I created a new repo (git init --bare newrepo.git) It didn't create a info/refs file. I had to do the "git update-server-info" command to create that.

The Apache Access logs have something interesting that could be a clue:

192.168.10.97 - - [05/Oct/2010:22:48:26 +0100] "GET /repositories/test.git/info/refs?service=git-receive-pack HTTP/1.1" 200 - 192.168.10.97 - - [05/Oct/2010:22:48:26 +0100] "GET /repositories/test.git/HEAD HTTP/1.1" 200 23 192.168.10.97 - - [05/Oct/2010:22:48:28 +0100] "PROPFIND /repositories/test.git/ HTTP/1.1" 405 248 

That is when I was trying to "push" back to the repo, but they are GET commands and no POST. not sure what the PROPFIND is, not found much info on that yet. I think, (reading around), there might be some sort of rewrite going on, that is changing the POST to a GET and killing it, or something. I am out of my depth at this point though.

Thanks

Answer 1

OK, so hell has frozen over and I have finally got this working!

I believe there were two things that were fundamentally wrong with my setup.

1) The user was not getting authentication passed through, I found this helped:

SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER 

Secondly I couldn't get the physical "Directory" to work.

<Directory "C:/GIT/Apache/repositories"> Options +ExecCGI AuthType Basic AuthName intranet AuthUserFile "C:/GIT/Apache/config/users" Require valid-user </Directory> 

To resolve this I used locationMatch for both the pull and push. This means you have to authenticate to pull and push. If you wanted annoy pulling you can remove the "git-upload-pack" section.

Hope this may help someone else.

Here is my final httpd.conf file:

DocumentRoot "C:/GIT/Apache/www"  <Directory /> Options +ExecCGI Allow from all   </Directory>  <Directory "C:/GIT/Apache/www">   Allow from all </Directory>  <Directory "C:/GIT/Apache/www/secure"> AuthType Basic AuthName intranet AuthUserFile "C:/GIT/Apache/config/users" require valid-user </Directory>  SetEnv GIT_PROJECT_ROOT C:/GIT/Apache/repositories SetEnv GIT_HTTP_EXPORT_ALL SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER ScriptAliasMatch \     "(?x)^/(.*/(HEAD | \                     info/refs | \                     objects/(info/[^/]+ | \                              [0-9a-f]{2}/[0-9a-f]{38} | \                              pack/pack-[0-9a-f]{40}\.(pack|idx)) | \                     git-(upload|receive)-pack))$" \                     "C:/Program Files/git/libexec/git-core/git-http-backend.exe/$1"   <LocationMatch "^/.*/git-receive-pack$"> Options +ExecCGI AuthType Basic AuthName intranet AuthUserFile "C:/GIT/Apache/config/users" Require valid-user </LocationMatch>  <LocationMatch "^/.*/git-upload-pack$"> Options +ExecCGI AuthType Basic AuthName intranet AuthUserFile "C:/GIT/Apache/config/users" Require valid-user </LocationMatch>