Hello Konstantin,
Thank you for your reply.
In answer to your last question I am seeing information in the access
log indicating atempts to push files but they're getting either 401 or
404 messages.
I have temporarily commented out the require valid-user directive and
restarted apache. I am getting the same error.
If you've got a working git/gitweb configuration can I get a look at
it? I'd like to compare your working setup to my non-working one.
Thanks.
Dave.
On 11/8/19, Konstantin Kolinko <knst.kolinko@xxxxxxxxx> wrote:
> пт, 8 нояб. 2019 г. в 21:16, David Mehler <dave.mehler@xxxxxxxxx>:
>
>> 'm trying to run git on FreeBSD with Apache 2.4 as the web server. My
>> issue is I can pull/clone from the repo via remote:
>>
>> git clone https://git.example.com/myrepo.git
>
> 1. Looking at you 'ScriptAlias' directive, I think that for your
> configuration the correct URL for your repository is actually
>
> https://git.example.com/git/myrepo.git
>
> You also have gitweb configured at
>
> https://git.example.com/gitweb/myrepo.git
>
>> DocumentRoot /usr/local/www/git/repos
>
> 2. With your DocumentRoot directive you directly expose your Git
> repository files as a static website at the root URL of your site.
> That is the reason why
>
> git clone https://git.example.com/myrepo.git
>
> works, but Git uses an old dump version of protocol for that access,
> directly reading files one-by-one from the repository. Such access is
> read-only and does not use the "smart" protocol supported by
> git-http-backend executable.
>
> A correct configuration would be to point DocumentRoot to some empty
> directory, explicitly configured to serve as a root of your web server
> (e.g. with a simple index.html).
>
> [...]
>
>> <Directory "/usr/local/www/git/repos">
>> Options +ExecCGI
>> SSLRequireSSL
>> AllowOverride None
>>
>> AuthType Basic
>> AuthName "Private Git Access"
>> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
>> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
>> Require valid-user
>> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
>> =~ m#/git-receive-pack$#">
>> Require group gitwrite
>> </If>
>> </Directory>
>
> 3. I think that "Require" cannot be used twice in the same section
> like you are using it above. From the docs the first 'Require' wins,
> the second one is ignored.
>
> I think that the first 'Require' can be moved into an "<Else>" section,
>
> http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
> http://httpd.apache.org/docs/2.4/mod/core.html#else
>
> 4. Personally, I prefer to use <LocationMatch> instead of <Directory>.
>
> In you case I think that will be
>
> <LocationMatch "^/git/">
>
>
>> ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
>> <Directory "/usr/local/libexec/git-core">
>> SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
>> SetEnv GIT_HTTP_EXPORT_ALL
>> # For anonymous write
>> #SetEnv REMOTE_USER anonymousweb
>> Options +ExecCGI
>> SSLRequireSSL
>>
>> AuthType Basic
>> AuthName "Private Git Access"
>> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
>> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
>> Require valid-user
>> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
>> =~ m#/git-receive-pack$#">
>> Require group gitwrite
>> </If>
>> </Directory>
>
> 5. The "Require" directive is used twice here as well.
>
>
>> I am not getting anything in the apache log files.
>
> 6. There is nothing in your access log file?
>
>> CustomLog /var/log/git-httpd-access.log combined
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|