I found really annoying that all Git guides I found talked about using Git over SSH, thats because I googled until I found that Git now comes with git-http-backend, which lets you to configure your webserver to serve git over HTTP/HTTPS.
Here is a little guide how to setup git-http-backend using apache. First of all we need to install git on our server:
apt-get install git-core
Once git is installed we will found git-http-backend under /usr/lib/git-core/git-http-backend. Next step is to setup the Apache configuration:
SSLEngine on
SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ServerName git.example.com
ErrorLog /var/log/apache2/git-error.log
CustomLog /var/log/apache2/git-access.log combined
# GIT Config
SetEnv GIT_PROJECT_ROOT /opt/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
# Route Git-Http-Backend
ScriptAlias / /usr/lib/git-core/git-http-backend/
# Require Acces for all resources
AuthType Basic
AuthName "Private"
Require valid-user
AuthUserFile /opt/git/user.passwd
Now we only need to create our repositories under /opt/git/repositories (The repositories must be owned by the apache user to work):
cd /opt/git/repositories git --bare init test.git chown -R www-data:www-data /opt/git/repositories
And thats all, now we can checkout the repository using the url https://git.example.com/test.git:
git clone https://[email protected]/test.git cd test mkdir testdir touch testdir/README git add . git commit -m 'test commit' git push origin master
This environment variable is useful for testing and debug the request to your repository:
# Activates verbosity for HTTP Requests export GIT_CURL_VERBOSE=1
If you have a Self-Signed Certificate and you haven’t imported your Root CA to your computer (which is the better option), you will get an SSL error. To avoid this you can use following Environment variable (CAUTION: With this you will not detect Man-In-The-Middle Attacks!)
# Do not verify Certificate export GIT_SSL_NO_VERIFY=true
“export GIT_SSL_NO_VERIFY=true” – you must be kidding! Why use SSL at all if you set it open to hackers like this? This has nothing to do with self-signed certificates. If you don’t know what you are talking about at least don’t give others bad advice.
I read again the post and you are right, it is not clearly explained, it seems that I recommend using GIT_SSL_NO_VERIFY=true, but that was not my intention. I updated the post and I think now it is better explained.