httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: [users@httpd] git push to apache produces return code 22
Date Sat, 09 Nov 2019 01:26:26 GMT
пт, 8 нояб. 2019 г. в 21:16, David Mehler <dave.mehler@gmail.com>:

> 'm trying to run git on FreeBSD with Apache 2.4 as the web server. My
> issue is I can pull/clone from the repo via remote:
>
> git clone https://git.example.com/myrepo.git

1. Looking at you 'ScriptAlias' directive, I think that for your
configuration the correct URL for your repository is actually

https://git.example.com/git/myrepo.git

You also have gitweb configured at

https://git.example.com/gitweb/myrepo.git

> DocumentRoot /usr/local/www/git/repos

2. With your DocumentRoot directive you directly expose your Git
repository files as a static website at the root URL of your site.
That is the reason why

git clone https://git.example.com/myrepo.git

works, but Git uses an old dump version of protocol for that access,
directly reading files one-by-one from the repository. Such access is
read-only and does not use the "smart" protocol supported by
git-http-backend executable.

A correct configuration would be to point DocumentRoot to some empty
directory, explicitly configured to serve as a root of your web server
(e.g. with a simple index.html).

[...]

> <Directory "/usr/local/www/git/repos">
> Options +ExecCGI
>   SSLRequireSSL
> AllowOverride None
>
> AuthType Basic
> AuthName "Private Git Access"
> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
> Require valid-user
> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
> =~ m#/git-receive-pack$#">
> Require group gitwrite
> </If>
> </Directory>

3. I think that "Require" cannot be used twice in the same section
like you are using it above. From the docs the first 'Require' wins,
the second one is ignored.

I think that the first 'Require' can be moved into an "<Else>" section,

http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
http://httpd.apache.org/docs/2.4/mod/core.html#else

4. Personally, I prefer to use <LocationMatch> instead of <Directory>.

In you case I think that will be

<LocationMatch "^/git/">


> ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
> <Directory "/usr/local/libexec/git-core">
> SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
> SetEnv GIT_HTTP_EXPORT_ALL
> # For anonymous write
>   #SetEnv REMOTE_USER anonymousweb
> Options +ExecCGI
>   SSLRequireSSL
>
> AuthType Basic
> AuthName "Private Git Access"
> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
> Require valid-user
> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
> =~ m#/git-receive-pack$#">
> Require group gitwrite
> </If>
> </Directory>

5. The "Require" directive is used twice here as well.


> I am not getting anything in the apache log files.

6. There is nothing in your access log file?

> CustomLog /var/log/git-httpd-access.log combined

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message