Setting up GitWeb in Apache without a virtual host
Created: October 27, 2011
For some reason it seems like everyone who has ever written down
something about setting up GitWeb in Apache is using a virtual host.
I spent several hours searching and wasn't able to find a simple example
where GitWeb is hosted at http://mysite/git. I am going to document
how I ended up getting it to work so that other people don't have the
same problem I did. This isn't the simplest way to set it up, but it has
nicer URLs than the defaults.
Basic Setup
First thing is to get the GitWeb code. I think most recent Git packages
contain the scripts in share/gitweb or something like that. I used Fedora,
so I just had to:
# yum install gitweb
And the code I needed showed up in /var/www/git.
The next step is to edit the Apache configuration file(s) to get the
gitweb.cgi script to publish your repositories. If you used yum then you
should have a new Apache configuration file called /etc/httpd/conf.d/git.conf.
If not, then you should create a configuration file that is loaded into your
Apache configuration. My basic configuration looks something like this:
# Map URIs starting with '/git' to the '/var/www/git' directory
Alias /git /var/www/git
<Directory /var/www/git>
# Let anyone see our repositories (for now)
Order allow,deny
Allow from all
# Enable CGI in this directory
Options +ExecCGI
# Run .cgi files using mod_cgi
AddHandler cgi-script .cgi
# Use gitweb.cgi for directory listings. This takes care of
# requests to /git and /git/
DirectoryIndex gitweb.cgi
# This tells gitweb.cgi where to find its config file
# By default it looks in /etc/gitweb.conf, so if you place
# your config file somewhere else you should specify this.
#SetEnv GITWEB_CONFIG /etc/gitweb.conf
# Enable mod_rewrite
RewriteEngine on
# Rewrite /git/repo.git URIs to be /git/gitweb.cgi/repo.git
# This assumes your repository names end with '.git'. I don't
# know if that is always a safe assumption.
RewriteRule ^([^.]+\.git.*)$ /git/gitweb.cgi/$0 [L,PT]
</Directory>
I think this is all pretty standard stuff. This is based on Apache 2.2
documentation. It is surprising how many example Apache configuration files
there are online that are not escaped properly. Hopefully you can see the
<Directory> tag in the configuration file above.
After you create/update the configuration restart Apache.
The next thing we need to do is create /etc/gitweb.conf. This file is
used to configure the gitweb.cgi script. Mine looks like this:
# This is the directory where your git repositories live
$projectroot = '/opt/git';
# This is the title of the site
$site_name = "Gideon Juve's Git";
# This is used to generate the URI for each repo
$my_uri = "/git";
# Text and URI for the home link
$home_link_str = "Gideon's Projects";
$home_link = "/git";
# These tell gitweb the URIs for the images and css it needs.
# Depending on the version of GitWeb you have there may be
# different locations. Newer versions include a /static/ path
# element and a javascript library.
# OLDER GITWEB
#@stylesheets = ("/git/gitweb.css");
#$logo = "/git/git-logo.png";
#$favicon = "/git/git-favicon.png";
# NEWER GITWEB
@stylesheets = ("/git/static/gitweb.css");
$logo = "/git/static/git-logo.png";
$favicon = "/git/static/git-favicon.png";
$javascript = "/git/static/gitweb.js";
# This just makes the description field wider so you can read
# it better
$projects_list_description_width = 50;
# This makes repo links use pretty URLs like /git/repo.git
$feature{'pathinfo'}{'default'} = [1];
It is important that you give Apache file system read access
to your repositories. You can either make them publicly readable, or
do something with groups and permissions. I'll leave that as an
exercise for the reader.
Now if you go to http://yoursite/git you should see a list of your
repositories.
Forcing SSL
The basic setup works OK, but I wanted a couple extra things for
my install. The first is SSL. I don't really want to share my
repositories with everyone, so I want to force browsers to use SSL
only. I already had a virtual host set up for SSL, so I just changed
my Apache git.conf configuration file to look like this (additions
in green):
Alias /git /var/www/git
# Redirect http:// to https://
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^/git.*$ https://%{HTTP_HOST}%{REQUEST_URI}
<Directory /var/www/git>
Order allow,deny
Allow from all
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
# Only allow SSL access
SSLRequireSSL
RewriteEngine on
RewriteRule ^([^.]+\.git.*)$ /git/gitweb.cgi/$0 [L,PT]
</Directory>
PAM Authentication
I use SSH to access my repositories, so all the people that have
access to my repositories already have accounts on my Git machine. The
easiest way for me to do authentication was to use mod_auth_pam.
First, I installed mod_auth_pam. In Fedora this is easy:
# yum install mod_auth_pam
Your mileage may differ depending on your OS. After you install
mod_auth_pam make sure you load the modules in Apache. The yum
package for Fedora creates a auth_pam.conf in /etc/httpd/conf.d
that does this:
LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so
Next, I changed my Apache git.conf configuration file to require
an authorized user. My final configuration looks like this (additions
in green):
Alias /git /var/www/git
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^/git.*$ https://%{HTTP_HOST}%{REQUEST_URI}
<Directory /var/www/git>
Order allow,deny
Allow from all
AuthPAM_Enabled On
AuthType Basic
AuthName "Git"
Require valid-user
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
SSLRequireSSL
RewriteEngine on
RewriteRule ^([^.]+\.git.*)$ /git/gitweb.cgi/$0 [L,PT]
</Directory>
Hope that helps. Good luck!