In the process of converting a ubuntu private git repo from ssh access to smart http via apache.
Currently client .git/config contains:
url = https://some-domain/git/my-project.git
When assessed via:
git remote -v show origin
The server reports:
.../apache2/error.log
AH00027: No authentication done but request not allowed without authentication for /git/my-project.git/info/refs. Authentication not configured?
.../apache2/access.log
"GET /git/my-project.git/info/refs?service=git-upload-pack HTTP/1.1" 500 5387 "-" "git/2.30.0"
Apache configuration git relevant parts:
SetEnv GIT_PROJECT_ROOT /path-to-repo
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
Alias /git /path-to-repo
RewriteRule ^/repo-root/ - [E=AUTHREQUIRED:yes]
<Directory "/path-to-repo/">
AuthType Basic
AuthName "Private Git Access"
AuthUserFile /path-to-auth-file
Require valid-user
</Directory>
<Directory /usr/lib/git-core>
Options ExecCGI -MultiViews SymLinksIfOwnerMatch
AllowOverride None
AuthUserFile /path-to-auth-file
Require valid-user
</Directory>
The auth file exists and is world-readable.
Questions:
- Why doesn't it prompt for a user and pw?
- What is the difference between requiring a valid user for the git repo directory, and the git-core directory? Are both needed?
- If validated by apache, will the credentials be passed to git?
- The "Require valid-user" directives are requiring authentication for access to the apache server; but if I want to use a git credential helper, should the apache access be to allow any?
CodePudding user response:
To complement my previous answer, the AuthUserFile
I usually set up is in a Location directive, for /git
, not Directory /path-to-repo
.
See this as an example.
<Location /git>
AuthType Basic
AuthName "Private Git Access"
AuthUserFile "/etc/git-auth-file"
Require valid-user
</Location>
CodePudding user response:
Ok, my solution, arrived at thanks to help from VonC above, just so it's a little clearer for others:
In the case where the git repository is not in the normal apache web page tree, this is what is required:
SetEnv GIT_PROJECT_ROOT /path-to-git-repo
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
Alias /git /path-to-git-repo
<Location "/git">
AuthType Basic
AuthName "git-developers-private"
AuthUserFile /path-to-auth-file
Require valid-user
</Location>