how to install git server

  • how to create a new git repository
sudo apt install git
sudo mkdir /mnt/git
sudo chown mslee:mslee /mnt/git
git init --bare --shared /mnt/git/<git-name>.git

  • how to clone the created git on a client PC via ssh
git clone mslee@<git-server-IP>:/mnt/git/<git-name>.git

  • how to support http for accessing git
sudo apt install gitweb apache2 libapache2-mod-fcgid libcgi-session-perl
sudo a2enmod env alias fcgid
sudo service apache2 restart
sudo adduser www-data mslee
sudo chmod 775 /mnt/git
sudo vi /etc/gitweb.conf
+$projectroot = "/mnt/git";
htpasswd -c /mnt/git/.htpasswd <user-name>
htpasswd /mnt/git/.htpasswd <another-user-name>

  • how to configure apache2 for gitweb
sudo vi /etc/apache2/ports.conf
sudo vi /etc/apache2/sites-available/git.kairoson.org
sudo a2ensite git.kairoson.org
sudo a2dismod mpm_event
sudo a2enmod mpm_prefork
sudo a2enmod cgi
sudo service apache2 restart

cat /etc/apache2/ports.conf

Listen 80
Listen 8080

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

cat /etc/apache2/sites-available/git.kairoson.org

<VirtualHost *:8080>
        ServerName localhost
        DocumentRoot /usr/share/gitweb

    ErrorLog ${APACHE_LOG_DIR}/error-gitweb.log
    CustomLog ${APACHE_LOG_DIR}/access-gitweb.log combined

    <Directory /usr/share/gitweb>
        Options +FollowSymLinks +ExecCGI
        AddHandler cgi-script .cgi
        DirectoryIndex gitweb.cgi
    </Directory>

    ScriptAliasMatch "(?x)^/(.*/(HEAD | \
        info/refs | \
        objects/(info/[^/]+ | \
                [0-9a-f]{2}/[0-9a-f]{38} | \
                pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
        git-(upload|receive)-pack))$" /usr/lib/git-core/git-http-backend/$1

    SetEnv GIT_PROJECT_ROOT /mnt/git
    SetEnv GIT_HTTP_EXPORT_ALL
    SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

    <Location />
        AllowOverride All
        Options All

        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /mnt/git/.htpasswd
        Require valid-user
    </Location>
</VirtualHost>

  • how to clone the created git on a client PC via http
git clone http://mslee@<git-server-IP>:8080/test.git
vi ~/.netrc
chmod 600 ~/.netrc

cat ~/.netrc

machine <IP or hostname>
login mslee
password <passwd for htaccess>

  • how to support https for accessing git
openssl genrsa -out ca-private.pem 2048
chmod 600 ca-private.pem
openssl rsa -in ca-private.pem -out ca-public.pem -outform PEM -pubout
openssl req -new -key ca-private.pem -out rootca.csr
openssl x509 -req -days 3650 -extensions v3_ca -in rootca.csr \
        -signkey ca-private.pem -out rootca.crt
openssl x509 -text -in rootca.crt

openssl genrsa -out git-private.pem 2048
chmod 600 git-private.pem
openssl rsa -in git-private.pem -out git-public.pem -outform PEM -pubout
openssl req -new -key git-private.pem -out git.csr
openssl x509 -req -days 3650 -extensions v3_ca -in git.csr \
        -signkey git-private.pem -out git.crt
openssl x509 -text -in git.crt

sudo mkdir /etc/apache2/ssl
sudo chmod 700 /etc/apache2/ssl
sudo mv * /etc/apache2/ssl/
sudo chmod 600 /etc/apache2/ssl/*
sudo cp /etc/apache2/site-available/default-ssl.conf \
        /etc/apache2/site-available/git.kairoson.org-ssl.conf

sudo a2enmod ssl
sudo a2ensite git.kairoson.org-ssl.conf
sudo service apache2 restart

cat git.kairoson.org-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost _default_:8443>
        ServerAdmin sang0627@gmail.com
        ServerName localhost
        DocumentRoot /usr/share/gitweb

        ErrorLog ${APACHE_LOG_DIR}/error-gitweb-ssl.log
        CustomLog ${APACHE_LOG_DIR}/access-gitweb-ssl.log combined

        <Directory /usr/share/gitweb>
            Options +FollowSymLinks +ExecCGI
            AddHandler cgi-script .cgi
            DirectoryIndex gitweb.cgi
        </Directory>

        ScriptAliasMatch "(?x)^/(.*/(HEAD | \
            info/refs | \
            objects/(info/[^/]+ | \
                [0-9a-f]{2}/[0-9a-f]{38} | \
                pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
            git-(upload|receive)-pack))$" /usr/lib/git-core/git-http-backend/$1

        SetEnv GIT_PROJECT_ROOT /mnt/git
        SetEnv GIT_HTTP_EXPORT_ALL
        SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

        <Location />
            AllowOverride All
            Options All

            AuthType Basic
            AuthName "Restricted Content"
            AuthUserFile /mnt/git/.htpasswd
            Require valid-user
        </Location>

        SSLEngine on

        SSLCertificateFile  /etc/apache2/ssl/git.crt
        SSLCertificateKeyFile /etc/apache2/ssl/git-private.pem

        SSLCACertificateFile /etc/apache2/ssl/rootca.crt

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
    </VirtualHost>
</IfModule>

  • how to turn off server certificate verification
git config --global http.sslVerify false
# or
export GIT_SSL_NO_VERIFY=1

how to add server certificate to curl’s certificate bundle file, but this seems to require domain name.

openssl s_client -connect <git-server-IP>:8443 |tee certlog
openssl x509 -inform PEM -in certlog -text -out certdata
sudo cp /etc/ssl/certs/ca-certificates.crt \
        /etc/ssl/certs/ca-certificates.crt.backup
sudo cat certdata >> /etc/ssl/certs/ca-certificates.crt
git clone https://<git-server-IP>:8443/test.git

how to find curl’s certificate bundle file

curl -v https://google.com

reference
https://hiseon.me/linux/ubuntu/ubuntu-git-server/
https://hiseon.me/server/apache-ssl-setting/
https://www.lesstif.com/gitbook/git-https-repository-ssl-14090808.html
https://www.lesstif.com/gitbook/https-ssl-curl-web-browser-16744456.html

Leave a Reply

Your email address will not be published.