master TOC | chapter TOC | support | license

WARNING: This is not the latest gitolite; please see the README

how to setup gitolite to use smart http mode

Note: "smart http" refers to the feature that came with git 1.6.6, late 2009 or so. The base documentation for this is man git-http-backend. Do NOT read Documentation/howto/setup-git-server-over-http.txt and think that is the same or even relevant -- that is from 2006 and is quite different (and arguably obsolete).

WARNINGS, plus stuff I need help with

additional requirements

detailed instructions

I assume you've installed apache 2.x and git on the server.

I assume your httpd runs under the "apache" userid; adjust instructions below if it does not. Similarly for "/var/www" and other file names/locations.

I assume you have read the "please read this first" section of the main install document to get an idea of the general concepts and terminology (just ignore anything that is specific to ssh).

install gitolite under "apache"

Follow the "non-root" method, but since you can't even "su - apache", make the following variations when doing this as root:

setup apache

You will need to setup certain values in the httpd conf, as given in man git-http-backend. You can put all them into, for instance, /etc/httpd/conf.d/gitolite.conf and apache [at least on Fedora 14] will pick it up. These are the values to use; note that these are somewhat different from those in the manpage cited above, plus we have one extra variable:

SetEnv GIT_PROJECT_ROOT /var/www/gitolite-home/repositories
SetEnv GIT_HTTP_EXPORT_ALL
    # please see notes below on ssh+http access
ScriptAlias /git/ /var/www/gitolite-home/bin/gl-auth-command/
    # note trailing slash

SetEnv GITOLITE_HTTP_HOME /var/www/gitolite-home

<Location /git>
    AuthType Basic
    AuthName "Private Git Access"
    Require valid-user
    AuthUserFile /path/to/some/passwdfile
</Location>

Now create/update the password file in /path/to/some/passwdfile using the htpasswd command, and you're all done for the setup!

usage

Git URLs look like http://user:password@server/git/reponame.git.

The custom commands, like "info", "expand" should be handled as follows. The command name will come just after the /git/, followed by a ?, followed by the arguments, with + representing a space. Here are some examples:

# ssh git@server info
curl http://user:password@server/git/info
# ssh git@server info repopatt
curl http://user:password@server/git/info?repopatt
# ssh git@server info repopatt user1 user2
curl http://user:password@server/git/info?repopatt+user1+user2

It gets even more interesting for the setperms command, which expects STDIN. I didn't want to get too much into the code here, so I found that the following works and I'm leaving it at that:

(echo R user1 user2; echo RW user3 user4) |
    curl --data-binary @- http://user:password@server/git/setperms?reponame.git

With a few nice shell aliases, you won't even notice the horrible convolutions here ;-)

allowing anonymous access

Like mob branches with ssh, you can allow completely un-authenticated users to still have some rights specified in gitolite. Briefly, here's how:

URLs (in this example) will then look like http://server/gitmob/reponame.git -- we lose the userid:passwd part and change 'git' to 'gitmob'.

ssh + http access and the GIT_HTTP_EXPORT_ALL variable

This document only talks about setting up access to a set of git repositories purely via smart http. The GIT_HTTP_EXPORT_ALL variable must be set for such environments.

However, it is possible to allow both ssh as well as http access, perhaps using suexec to make the CGI run under the 'git' user [detailed documentation patches welcome!] For those environments, this variable is not mandatory.

If you omit that variable, you can decide which repo is accessible via http by setting R = daemon just for those repos.

Please note that there is no way to use "deny" rules for read access. Do not try:

    repo gitolite-admin
        -   =   daemon

    repo @all
        R   =   daemon

to achieve the (possibly common) need for disallowing http access to the admin repo.


Enjoy!