I found really annoying that all Git guides I found talked about using Git over SSH, thats because I googled until I found that Git now comes with git-http-backend, which lets you to configure your webserver to serve git over HTTP/HTTPS.



Here is a little guide how to setup git-http-backend using apache. First of all we need to install git on our server:

apt-get install git-core

Once git is installed we will found git-http-backend under /usr/lib/git-core/git-http-backend. Next step is to setup the Apache configuration:



    SSLEngine on

    SSLCertificateFile /etc/ssl/server.crt
    SSLCertificateKeyFile /etc/ssl/server.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    ServerName git.example.com
    ErrorLog /var/log/apache2/git-error.log
    CustomLog /var/log/apache2/git-access.log combined

    # GIT Config
    SetEnv GIT_PROJECT_ROOT /opt/git/repositories
    SetEnv GIT_HTTP_EXPORT_ALL

    # Route Git-Http-Backend
    ScriptAlias / /usr/lib/git-core/git-http-backend/

    # Require Acces for all resources
    
        AuthType Basic
        AuthName "Private"
        Require valid-user
        AuthUserFile /opt/git/user.passwd

Now we only need to create our repositories under /opt/git/repositories (The repositories must be owned by the apache user to work):

cd /opt/git/repositories
git --bare init test.git
chown -R www-data:www-data /opt/git/repositories

And thats all, now we can checkout the repository using the url https://git.example.com/test.git:

git clone https://[email protected]/test.git
cd test
mkdir testdir
touch testdir/README
git add .
git commit -m 'test commit'
git push origin master

This environment variable is useful for testing and debug the request to your repository:

# Activates verbosity for HTTP Requests
export GIT_CURL_VERBOSE=1

If you have a Self-Signed Certificate and you haven’t imported your Root CA to your computer (which is the better option), you will get an SSL error. To avoid this you can use following Environment variable (CAUTION: With this you will not detect Man-In-The-Middle Attacks!)

# Do not verify Certificate
export GIT_SSL_NO_VERIFY=true

3 thoughts on “Git Over HTTP (git-http-backend)

  1. “export GIT_SSL_NO_VERIFY=true” – you must be kidding! Why use SSL at all if you set it open to hackers like this? This has nothing to do with self-signed certificates. If you don’t know what you are talking about at least don’t give others bad advice.

    Reply

    1. I read again the post and you are right, it is not clearly explained, it seems that I recommend using GIT_SSL_NO_VERIFY=true, but that was not my intention. I updated the post and I think now it is better explained.

      Reply
  2. Pingback: git-http-backend on CentOS 6.5 | tech 4 research

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.