Hello folks,
a couple of days for now I try to setup a "smart HTTP" GIT server and followed several instructions and howto's found on the net, but without any success. Now I'd like to ask for help within the community.
General aim is to move from (well running) subversion repositories (host runs FreeBSD 12-/13-STABLE/CURRENT), Apache 2.4 https with LDAP backend authentication) towards Git with a similar security/ACL profile. The protocols git:// and ssh:// are no options.
I started with the (printed, paper, physical) book "Pro Git" of Scott Chacon and Ben Straub, 2nd edition, chapter 4, "Git on the server", pagus 89. The setup described there doesn't work on our "directory based" Apache setup (most examples use virtual hosts, but that makes, in my opinion, no difference). The printed book does have obvious flaws, so the I followed, after several hours of nonsuccess with the book's setup example, the internet version, which can be reviewed here, https://git-scm.com/book/de/v2/Git-auf-dem-Server-Smart-HTTP .
That specific setup results in an error, when trying to push to the repos. I double and triple checked that the remote orignin URL is exact what is needed, the directory structure on the host is owned by "www:www" and located on a ZFS dataset called /pool/gitbase/test.git - just for the record. http.sslVerify is set to false both in the repo's config and in the local git repo's .git/config to asure that git doesn't authenticate on SSL certs. The server has to encrypt the connection. Again, following the book's and book's URL correction, assuming the proper settings of paths for our repos, it fails and leave me with either
fatal: https://git.host.de/git/test.git/info/refs not valid: could not determine hash algorithm; is this a git repository?
or error 403 (I haven't the exact error code at hand, I moved on and you'll find the last settings below).
Authentication via LDAP always works as it still works on that webserver for any other service which ACL backend is LDAP.
I also tried several other HOWTOs, like
https://stackoverflow.com/questions/26734933/how-to-set-up-git-over-http
The last one I tried to follow is
http://wiki.flat.cl/index.php?title=Git,_Apache_and_HTTPS_with_a_free_certificate
and my /usrLocal/etc/apache24/Includes/httpd-git.conf looks
https://stackoverflow.com/questions/9008309/how-do-i-set-git-ssl-no-verify-for-specific-repos-only
to disable (and eliminate) SSL host verification mutually needed by git.
I can successfully authenticate when performing
git push -u origin master, but receive the error:
fatal: https://git.host.de/git/test.git/info/refs not valid: could not determine hash algorithm; is this a git repository?
(I have to issue username and password on the console after emitting the git command).
Apache's access log reports:
[...]
XX.XX.XX.XX - - [21/Mar/2021:12:29:27 +0000] "GET /git/test.git/info/refs?service=git-receive-pack HTTP/1.1" 401 1413 "-" "git/2.31.0" 848 6277
XX.XX.XX.XX - developer [21/Mar/2021:12:29:38 +0000] "GET /git/test.git/info/refs?service=git-receive-pack HTTP/1.1" 200 1689032 "-" "git/2.31.0" 1039 1692144
The first line indicates error 401 (which means UNAUTHORIZED) and searching the net for the error message received by the client trying to push to git indicates also some kind of access right violations. Most sites explaining to that error indicate problems of folder access right violation, but in this case, the whole repository's storage place is owned by www:www, so I'd exspect no error on that.
I'm helpless here after days of playing one HOWTO after another to solve the problem :-(
a couple of days for now I try to setup a "smart HTTP" GIT server and followed several instructions and howto's found on the net, but without any success. Now I'd like to ask for help within the community.
General aim is to move from (well running) subversion repositories (host runs FreeBSD 12-/13-STABLE/CURRENT), Apache 2.4 https with LDAP backend authentication) towards Git with a similar security/ACL profile. The protocols git:// and ssh:// are no options.
I started with the (printed, paper, physical) book "Pro Git" of Scott Chacon and Ben Straub, 2nd edition, chapter 4, "Git on the server", pagus 89. The setup described there doesn't work on our "directory based" Apache setup (most examples use virtual hosts, but that makes, in my opinion, no difference). The printed book does have obvious flaws, so the I followed, after several hours of nonsuccess with the book's setup example, the internet version, which can be reviewed here, https://git-scm.com/book/de/v2/Git-auf-dem-Server-Smart-HTTP .
That specific setup results in an error, when trying to push to the repos. I double and triple checked that the remote orignin URL is exact what is needed, the directory structure on the host is owned by "www:www" and located on a ZFS dataset called /pool/gitbase/test.git - just for the record. http.sslVerify is set to false both in the repo's config and in the local git repo's .git/config to asure that git doesn't authenticate on SSL certs. The server has to encrypt the connection. Again, following the book's and book's URL correction, assuming the proper settings of paths for our repos, it fails and leave me with either
fatal: https://git.host.de/git/test.git/info/refs not valid: could not determine hash algorithm; is this a git repository?
or error 403 (I haven't the exact error code at hand, I moved on and you'll find the last settings below).
Authentication via LDAP always works as it still works on that webserver for any other service which ACL backend is LDAP.
I also tried several other HOWTOs, like
https://stackoverflow.com/questions/26734933/how-to-set-up-git-over-http
The last one I tried to follow is
http://wiki.flat.cl/index.php?title=Git,_Apache_and_HTTPS_with_a_free_certificate
and my /usrLocal/etc/apache24/Includes/httpd-git.conf looks
with recommendations from
https://stackoverflow.com/questions/9008309/how-do-i-set-git-ssl-no-verify-for-specific-repos-only
to disable (and eliminate) SSL host verification mutually needed by git.
I can successfully authenticate when performing
git push -u origin master, but receive the error:
fatal: https://git.host.de/git/test.git/info/refs not valid: could not determine hash algorithm; is this a git repository?
(I have to issue username and password on the console after emitting the git command).
Apache's access log reports:
[...]
XX.XX.XX.XX - - [21/Mar/2021:12:29:27 +0000] "GET /git/test.git/info/refs?service=git-receive-pack HTTP/1.1" 401 1413 "-" "git/2.31.0" 848 6277
XX.XX.XX.XX - developer [21/Mar/2021:12:29:38 +0000] "GET /git/test.git/info/refs?service=git-receive-pack HTTP/1.1" 200 1689032 "-" "git/2.31.0" 1039 1692144
The first line indicates error 401 (which means UNAUTHORIZED) and searching the net for the error message received by the client trying to push to git indicates also some kind of access right violations. Most sites explaining to that error indicate problems of folder access right violation, but in this case, the whole repository's storage place is owned by www:www, so I'd exspect no error on that.
I'm helpless here after days of playing one HOWTO after another to solve the problem :-(