How To Setup Git Smart HTTP

When working with git repositories, there are some protocol that can be used to manage the repository. We can use SSH or HTTP/HTTPS protocol. SSH is actually great way if there are only few trusted developers who work on the project, but sometimes it has an issue like firewall blocked by some Internet Service Provider and of course, we don’t want to give all the developers access to the server. So, using the HTTP/HTTPS protocol or it can be named as “Smart HTTP Protocol” is great way to replace SSH. The benefit using the HTTP/HTTPS is of course we can use Secure Sockets Layer certificate to secure the connection.

This page will describe how to configure the Git Smart HTTP Protocol. The server is running on CentOS 6.6.

The target from this configuration is, to use https://git.domain.com for the repositories. The final git repository url is something like https://git.domain.com/repositories/project/project.git. So, you may need to create sub domain first.

Server Specifications

To make the Smart HTTP works, make sure you have these following requirements on the server:

• Git version is v.1.6.6 or higher
• Apache 2.x with these mod enabled
  • mod_cgi
  • mod_alias
  • mod_env
  • mod_rewrite

To check installed modules on your apache/httpd (Apache and Httpd is actually the same, Apache is the name used in Ubuntu and Httpd used in CentOS), you can simply run command httpd -M.

Setting up Smart HTTP

We have to modify httpd configuration to setting up Smart HTTP. Go find your httpd.conf and open it. For CentOS, it usually placed at /etc/httpd/conf/httpd.conf. It’s better to backup your httpd.conf before doing any modification.

In some tutorial, its better to include our additional httpd configuration from an external file instead of modify directly the httpd.conf file, because if you rebuild the apache (let say using EasyApache), you may lost your configuration and of course that would be trouble in the future.

Open httpd.conf, you can use vim for this and include this git.conf script. You may need to create that git.conf file manually. And this is the configuration for git.conf:

		
<LocationMatch "^/repositories/.*$">
   AuthType Basic
   AuthName "Private Git Repositories"
   AuthUserFile /home/user/.htpasswds/.htpasswd
   Require valid-user

ScriptAlias /repositories /home/user/public_html/bin/git-http-backend
		
	

Make sure to replace the user with the real user in the server.

I had SuExec enabled when configure the Smart HTTP on the server, so I had to put another configuration (executed bash file) on the web directory (it will not working if the file was located outside the public_html directory).

This is the configuration for file git-http-backend:

		
#!/bin/bash
PATH_INFO=$SCRIPT_URL
GIT_PROJECT_ROOT=/home/user/public_html/git.domain.com
export GIT_HTTP_EXPORT_ALL=true
/usr/libexec/git-core/git-http-backend
		
	

Make sure the git-http-backend file is executable, you can run chmod a+x git-http-backend from /home/user/public_html/bin.

Don’t forget to restart the apache/httpd.

Authentication

We will use htpasswd as the authentication method, so let say we save the .htpasswd file at /home/user/.htpasswds/.htpasswd. You may need to place it anywhere.

To create the .htpasswd file, we can use htpasswd command that already available. If the file is not created yet, you can use command htpasswd -c /home/user/.htpasswds/.htpasswd userone.

If you get an error like "htpasswd command not found", you have to use full path to the htpasswd. It usually placed at /usr/local/apache/bin/htpasswd.

So, you can run the command like /usr/local/apache/bin/htpasswd -c /home/user/.htpasswds/.htpasswd userone.

After the .htpasswd file is created and you want to add more user to it. You can run command htpasswd /home/user/.htpasswds/.htpasswd usertwo.

Troubleshooting

If there’s something wrong, maybe the repositories clone doesn’t work or push isn’t allowed. Here are some suggestion to solve:

• Make sure all directories under git.domain.com not owned by root user.
• When you trying to push and there’s error "not allowed" message, you may need to run git config –file config http.receivepack true for each created git repository.
• Make sure the post-update and post-receive hook is executable.