Home > Development, Linux, RedHat > Git over HTTP on CentOS 6

Git over HTTP on CentOS 6

Total war is here
Face it without fear
Age of sword, age of spear
Fight for honor, glory, death in fire!
(Amon Amarth – Death in Fire)

There is already a bunch of posts about setting up Git over HTTP(S), but this one is specificaly targeted at setting it up under CentOS as cleanly as possible. There was bunch of errors that I saw along the way, so I will try to explain the process step by step.

First, you have to install Apache and Git.:

# yum -y install httpd git
# /etc/init.d/httpd start

Now, lets create directories for git and create our first repo:

# mkdir /var/www/gitrepos
# cd /var/www/gitrepos
# mkdir repo01 && cd repo01
# git --bare init
# git update-server-info
# cd /var/www
# chown -R apache: gitrepos

We are using ‘git –bare’, so that online repository doesn’t have files but only git metadata. That will enable users to push directly to online repository, otherwise they wouldn’t be able to push thier changes. This was the first error I did, I created repo with ‘git init’ and was not able to push later. After the repo is set up and chowned, lets set up apache. This is my configuration for vhost:

#
# vhost for git repositories (http)
#
<VirtualHost *:80>
    ServerName     git
    DocumentRoot    /var/www/gitrepos

    <Location />
        DAV on

        # general auth settings
        AuthName "Git login:"
        AuthType Basic

        # file authentication
        AuthUserFile  /var/www/htpasswd
        AuthGroupFile /var/www/htgroup

        <LimitExcept PROPFIND>
            Require valid-user
        </LimitExcept> 
    </Location>

    <Location /repo01>
        <LimitExcept PROPFIND>
            Require group adminlinux
        </LimitExcept> 
    </Location>

    LogLevel warn
    ErrorLog  /var/log/httpd/git_error.log
    CustomLog /var/log/httpd/git_access.log combined
</VirtualHost>

If you wonder why is PROPFIND method treated differently from all other http/dav methods – it’s because webserver runs PROPFIND without user authentication, so if it’s not excluded from limit, it will get rejected and you will see a message similar to this one when trying to push from the client:

error: Cannot access URL https://git/puppet-adriatic/, return code 22
fatal: git-http-push failed

We can fill up htpasswd file with – tadddaaa htpasswd command 🙂

# htpasswd -c /var/www/htpasswd user1
# htpasswd -c /var/www/htpasswd user2
# htpasswd -c /var/www/htpasswd user3

And htgroup with:

# echo "adminlinux: user1 user2" >> /var/www/htgroup

Now, on the client side, do a:

% git clone http://user1@git/repo01

And that’s it! After the first change/commit you do, be careful when you push those changes for the first time. This is the command I used for the first push:

% git push --set-upstream origin master

You may also encounter a 22/502 error on a MOVE command, like:

MOVE 12486a9c101c613c075d59b5cf61329f96f9ae12 failed, aborting (22/502)
MOVE 0c306c54862ae8c21226281e6e4f47c8339ed132 failed, aborting (22/502)
MOVE ce4c4fc9d1e4daf3a59516829a0e1bd6c66d4066 failed, aborting (22/502

This happened to me because I used http to https forwarding in apache, and I had a http specified in my .git/config on a client machine. After changing the destination to https, MOVE command did it’s magic. It seems that this error is result of server name/location being different in client repo and on a server side.

Note: I recommend using SSL and not plain text http, even with self-signed certificates. In that scenario you’ll probably want to use env variable GIT_SSL_NO_VERIFY=true.

Note2: CentOS ships with old version of git, 1.7.x so I recommend either using git from IUS repo (git2x packages) or backporting git from newer Fedora releases.

Advertisements
Categories: Development, Linux, RedHat Tags: , , ,
  1. zonirunner
    December 1, 2014 at 7:43 pm

    Thank you. Very helpful. Many posts our there for Debian systems. Also posts out there for gitweb/gitolite. Not a lot for just git with HTTP basic auth on httpd.

  2. Gabriel
    May 11, 2015 at 9:24 am

    Only say that the correct sintax of “htpasswd” is “htpasswd -c ” like “htpasswd -c /var/www/htpasswd user1”. Great toturial!

  3. June 28, 2016 at 6:57 am

    This seems to come from this bug still not fixed :
    https://bz.apache.org/bugzilla/show_bug.cgi?id=45449
    http://svn.haxx.se/users/archive-2003-08/0763.shtml
    http://svn.haxx.se/users/archive-2006-03/0549.shtml

    Quickfix is test how behave your server with :
    export GIT_CURL_VERBOSE=1
    Look last failing move urls (both MOVE url and Destination header of the request).

    Then test with :
    curl –user ‘user:pass’ –basic -X MOVE –header ‘Destination:DEST_URI’ ‘MOVE_URI’

    See result.

    If it works by replacing https: with http: in Destination it is that bug, I have it with latest apache 2.4.20 and git 2.9.0, still not fixed…

    A workaround from 2008 :
    RequestHeader edit Destination ^https: http: early

  4. axianet
    November 25, 2016 at 8:01 pm

    Your tuto is just perfect! Thanks, i just spend 4 hours on every corner of the internet because of a 401 error on PROPFIND… Just add DirectoryIndex disabled… Just do it and it works… ❤

  5. Peter
    August 3, 2017 at 7:49 am

    Nice Post. I tried this out and could not get basic authentication to work from the command line when cloning the repo. The auth works in the browser. Any suggestions on what could be the problem?

    • Peter
      August 3, 2017 at 9:39 am

      My Mistake. The git credential manager stores it by default and therefore does not ask for basic authentication. All works fine.

  1. April 12, 2017 at 11:02 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: