参考http://gitolite.com/gitolite/g2/ggshb.html
Suse linux enterprise server 11.
git
gitolite
apache
how to set upgitolite+gitweb+ssh+http-backend
gitolite-gitweb-http-backend
You've been tasked with rolling outgitolite and git-web in your corporate environment and your requirements are asfollows:
1. git access must be via both ssh andhttp[s]
2. browsable via git-web
3. your web server must run as a userdifferent from that of the git user
4. The repository has its own virtual host
Note that these instructions are gearedtoward OpenSuSE 11.4. Feel free to modify the examples below to yourenvironment.
The following assumptions are made for thepurposes of example:
· The server name will be git.example.com
· Repositories are located in /home/git and are owned by the git user
· Apache 2.2.* running as wwwrun:www will be used as the web server
· gitolite has been installed via package management (yum,zypper, apt-get, etc)
· gitweb browsing is via http://git.example.com/
· The repositories can be cloned from the following URLs:
o git@git.example.com:<repo-name>
o http://git.example.com/<repo-name>.git
· HTTP authentication is handled via a local htpasswd file
htpasswd2 –c /home/git/passfile git密码也为git
· http://git.example.com will be a virtual host
· Two git repositories will be created:
o engineering
o operations
Install gitolite via your packagemanagement tools. Under OpenSuSE, this will install repositories in /home/git. Follow the instructions found here for initial set up.
You will need to tell gitolite.rc aboutsome additional keys that will be needed for each repository. Make sure thefollowing config option is set in /home/git/.gitolite.rc:
$GL_GITCONFIG_KEYS ="gitweb.url receive.denyNonFastforwards receive.denyDeletes";
These options tell gitolite to allow theuser to set these values in gitolite.conf, which in turn will be propagated to eachrepositories git config.
For the purposes of example, we assumethat we have two groups accessing each repository: engineering and operations.So, our gitolite.conf file will look something like this:
#
# Group Definitions
#
@engineering = daniel erik alex jose mark
@operations = james chris long bora dmitriy
@gladmin = james chris
#
# RepositoryDefinitions
#
# Note that we giveaccess to the daemon user, thus enabling
#git-daemon-export-ok (see
#https://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd#gwd)
repo gitolite-admin
RW = @sysops daemon
R = @all
repo engineering
RW = @engineering @gladmin daemon
R = @all
config gitweb.url =git@git.example.com:engineering
config receive.denyNonFastforwards = true
config receive.denyDeletes = true
repo operations
RW = @operations @engineering @gladmin daemon
R = @all
config gitweb.url =git@git.example.com:operations
config receive.denyNonFastforwards = true
config receive.denyDeletes = true
repo @all
R = daemon gitweb
# additionalconfiguration ...
Save, commit, and push your changes to thegitolite-admin repo as described here.
Under OpenSuSE 11.4, Apache runs as user wwwrun group www (see /etc/apache2/uid.conf). But wait! How can Apache running as wwwrun commit to git repositories, whichare owned by git?
Enter SuExec. This is an apache modulethat allows apache to run under the auspicious of a different user. For this towork, we need to do some setup ahead of time. First, we need to make sure the suexec program has the right permissions:
# OpenSuSE 11.4 putsthe suexec program under /usr/sbin/suexec2
$ chgrp www/usr/sbin/suexec2
$ chmod 4750/usr/sbin/suexec2
# Verify permissions
$ ls -al/usr/sbin/suexec2
-rwsr-x--- 1 root www14944 Feb 18 20:53 /usr/sbin/suexec2
Next, we need to create a wrapper scriptfor the suexec program and place that under the correct directory. To find outthe where to place the wrapper script, do the following:
$ /usr/sbin/suexec2-V
-D AP_DOC_ROOT="/srv/www"
-D AP_GID_MIN=96
-D AP_HTTPD_USER="wwwrun"
-DAP_LOG_EXEC="/var/log/apache2/suexec.log"
-DAP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=96
-D AP_USERDIR_SUFFIX="public_html"
The variable we are interested in is AP_DOC_ROOT which is /srv/www. So, we place the wrapper script in/srv/www/bin/gitolite-suexec-wrapper.sh (需要mkdir /srv/www/bin/ )with the following contents:
#!/bin/bash
#
# Wrapper forgl-auth-command
#
USER=$1
exportGIT_PROJECT_ROOT="/home/git/repositories"
exportGITOLITE_HTTP_HOME="/home/git"
# OpenSuSE gitoliteRPM places gl-auth-command in /usr/bin
exec/usr/bin/gl-auth-command $USER
# End
For security purposes, this file MUSTexist under /srv/www!
Finally, make sure Apache loads the suexecmodule. Under OpenSuSE, this would mean adding "suexec" toAPACHE_MODULES in /etc/sysconfig/apache2.
As gitweb will now be run under the git user, all files must be under /srv/www as well.
# Under OpenSuSe,git-web installs in /usr/share/gitweb
$ cp -r/usr/share/git-web /srv/www
$ chown -R git:git/srv/www/git-web
Do not forget to point $projectroot in /srv/www/git-web/gitweb.cgi to /home/git/repositories!
our $export_ok = "";
这个保持空就可以,如果资源库中有不希望别人通过gitweb就可以看到的项目,那么可以写上GITWEB_EXPORT_OK。之后在资源库中想要显示的文件夹中的.git下使用touch GITWEB_EXPORT_OK,它就会显示在gitweb中了。
如果要用域名,需要先将域名加到DNS中。
/etc/apache2/listen.conf 需要添加如下两行:
Listen 1234
NameVirtualHost *:1234
我们这里用的是1234的端口
Configure your virtual host as follows(/etc/apache2/vhosts.d,新建个gitserver.conf,名字随便起。)
<VirtualHostgit.example.com:1234>
ServerName git.example.com
ServerAlias git
# By default, use gitweb
DocumentRoot /srv/www/git-web
# Suexec setup
SuexecUserGroup git git
# Set up appropriate GIT environments
SetEnv GIT_PROJECT_ROOT /home/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
# Set up appropriate gitolite environment
SetEnv GITOLITE_HTTP_HOME /home/git
# To serve gitweb at the same url, use aScriptAliasMatch to
# only those URLs that git http-backend canhandle, and
# forward the rest to gitweb:
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+| \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$"\
/srv/www/bin/gitolite-suexec-wrapper.sh/$1
# Make sure we can execute gitweb okay
<Directory "/srv/www/git-web">
Options ExecCGI
AllowOverride None
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
Order allow,deny
Allow from all
</Directory>
# We need gl-auth-command executable
<Directory "/srv/www/bin">
<Files "gitolite-suexec-wrapper.sh">
Order allow,deny
Allow from all
</Files>
</Directory>
# Set up authentication to taste
<Location />
AuthType Basic
AuthName "Private Git Access"
Require valid-user
AuthUserFile /home/git/passfile
</Location>
</VirtualHost>
Once apache has been restarted (/etc/init.d/apache2restart), verify your configuration:
- Repository browsable via gitweb
- Check out repository via ssh
- Check out repository via http
- Commit over ssh git@git.example.com
http://git.example.com:1234/ 然后会要你输入帐号密码,输入git ,git。