uTools-Manuals/docs/git/git http-backend.html
2019-04-08 23:22:26 +08:00

34 lines
14 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<div class="c-markdown doc-markdown"><div class="doc-postil"><div class="c-markdown"><h2>名称</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>git-http-backend  -  Git 在HTTP的服务器端实现</p></div></div><div class="doc-postil"><div class="c-markdown"><h2>概要</h2></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">git http-backend</pre></div></div><div class="doc-postil"><div class="c-markdown"><h2>描述</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>一个简单的 CGI 程序,用于向通过 http//和https//协议访问存储库的 Git 客户端提供 Git 存储库的内容。该程序支持客户端使用智能 HTTP 协议和向后兼容的愚蠢 HTTP 协议以及客户端使用智能 HTTP 协议进行推送。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>它会验证该目录是否具有魔术文件“git-daemon-export-ok”并且它会拒绝导出任何未明确标记为导出的 Git 目录(除非<code>GIT_HTTP_EXPORT_ALL</code>设置了环境变量)。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>默认情况下,只有<code>upload-pack</code>服务已启用,供应<code>git fetch-pack</code><code>git ls-remote</code>客户,这是从调用<code>git fetch</code><code>git pull</code><code>git clone</code>。如果客户端已通过身份验证,<code>receive-pack</code>则会启用该服务,该服务将为<code>git send-pack</code>客户端提供服务,并从中调用该服务<code>git push</code></p></div></div><div class="doc-postil"><div class="c-markdown"><h2>服务</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>可以使用每个存储库配置文件启用/禁用这些服务:</p></div></div><div class="doc-postil"><div class="c-markdown"><p>http.getanyfile</p></div></div><div class="doc-postil"><div class="c-markdown"><p>这为不能使用上传包服务的版本低于1.6.6的 Git 客户端提供服务。启用时,客户端可以读取存储库中的任何文件,包括不再从分支中访问但仍存在的对象。它是默认启用的,但是一个存储库可以通过设置这个配置项来禁用它<code>false</code></p></div></div><div class="doc-postil"><div class="c-markdown"><p>http.uploadpack</p></div></div><div class="doc-postil"><div class="c-markdown"><p>这服务<code>git fetch-pack</code><code>git ls-remote</code>客户。它是默认启用的,但是一个存储库可以通过设置这个配置项来禁用它<code>false</code></p></div></div><div class="doc-postil"><div class="c-markdown"><p>http.receivepack</p></div></div><div class="doc-postil"><div class="c-markdown"><p>这为<code>git send-pack</code>客户提供服务,从而推动。默认情况下,它对于匿名用户是禁用的,并且默认情况下为 Web 服务器验证的用户启用。可以通过将该项目设置为<code>false</code>或禁用所有用户(包括匿名用户),将其设置为<code>true</code></p></div></div><div class="doc-postil"><div class="c-markdown"><h2>网址翻译</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>要确定存储库在磁盘上的位置,需要<code>git http-backend</code>连接由 Web 服务器自动设置的环境变量 PATH_INFO 和必须在 Web 服务器配置中手动设置的 GIT_PROJECT_ROOT。如果未设置 GIT_PROJECT_ROOT<code>git http-backend</code>读取 PATH_TRANSLATED它也由 Web 服务器自动设置。</p></div></div><div class="doc-postil"><div class="c-markdown"><h2>示例</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>以下所有示例都映射<code>http://$hostname/git/foo/bar.git</code><code>/var/www/git/foo/bar.git</code></p></div></div><div class="doc-postil"><div class="c-markdown"><p>Apache 2.x</p></div></div><div class="doc-postil"><div class="c-markdown"><p>确保已启用mod_cgimod_alias 和 mod_env并正确设置 GIT_PROJECT_ROOT或DocumentRoot并为 CGI 创建一个 ScriptAlias</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要启用匿名读取访问但授权写入访问,需要授权初始引用广告(我们通过查询字符串中的服务参数检测为推送)以及接收包调用本身:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]&lt;LocationMatch "^/git/"&gt;
        Order Deny,Allow
        Deny from env=AUTHREQUIRED
        AuthType Basic
        AuthName "Git Access"
        Require group committers
        Satisfy Any        ...&lt;/LocationMatch&gt;</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>如果您没有<code>mod_rewrite</code>可用于匹配查询字符串,则仅保护<code>git-receive-pack</code>自己就足够了,如:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">&lt;LocationMatch "^/git/.*/git-receive-pack$"&gt;
        AuthType Basic
        AuthName "Git Access"
        Require group committers        ...&lt;/LocationMatch&gt;</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>在这种模式下,服务器将不会请求认证,直到客户端实际启动推送的对象协商阶段,而不是在初始联系期间。出于这个原因,您还必须<code>http.receivepack</code>在任何应该接受推送的存储库中启用配置选项。默认行为如果<code>http.receivepack</code>未设置,则拒绝未经身份验证的用户进行的任何推送; 因此最初的请求会<code>403 Forbidden</code>向客户报告,甚至没有提供认证的机会。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>要对读取和写入进行身份验证,请在存储库或其父目录之一使用 Location 指令:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">&lt;Location /git/private&gt;
        AuthType Basic
        AuthName "Private Git Access"
        Require group committers        ...&lt;/Location&gt;</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要在相同的 url 上提供 gitweb请使用 ScriptAliasMatch 仅<code>git http-backend</code>处理那些可以处理的 URL ,然后将其余的转发到 gitweb</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">ScriptAliasMatch \        "(?x)^/git/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \        /usr/libexec/git-core/git-http-backend/$1ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要在单个存储库中提供来自不同 gitnamespaces [7]的多个存储库:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnvIf Request_URI "^/git/([^/]*)" GIT_NAMESPACE=$1ScriptAliasMatch ^/git/[^/]*(.*) /usr/libexec/git-core/git-http-backend/storage.git$1</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>Accelerated static Apache 2.x</p></div></div><div class="doc-postil"><div class="c-markdown"><p>与上面类似,但 Apache 可用于返回存储在磁盘上的静态文件。在许多系统上,这可能更有效,因为 Apache 可以要求内核将文件内容从文件系统直接复制到网络:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnv GIT_PROJECT_ROOT /var/www/git
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /var/www/git/$1AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>这可以与 gitweb 配置结合使用:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnv GIT_PROJECT_ROOT /var/www/git
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /var/www/git/$1AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1ScriptAliasMatch \        "(?x)^/git/(.*/(HEAD | \
                        info/refs | \
                        objects/info/[^/]+ | \
                        git-(upload|receive)-pack))$" \        /usr/libexec/git-core/git-http-backend/$1ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>Lighttpd</p></div></div><div class="doc-postil"><div class="c-markdown"><p>确保<code>mod_cgi</code><code>mod_alias</code><code>mod_auth</code><code>mod_setenv</code>加载,然后设置<code>GIT_PROJECT_ROOT</code>适当的和重定向到 CGI 的所有请求:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">alias.url += ( "/git" =&gt; "/usr/lib/git-core/git-http-backend" )$HTTP["url"] =~ "^/git" {
        cgi.assign = ("" =&gt; "")
        setenv.add-environment = (                "GIT_PROJECT_ROOT" =&gt; "/var/www/git",                "GIT_HTTP_EXPORT_ALL" =&gt; ""        )}</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要启用匿名读取访问但验证写入访问:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">$HTTP["querystring"] =~ "service=git-receive-pack" {
        include "git-auth.conf"}$HTTP["url"] =~ "^/git/.*/git-receive-pack$" {
        include "git-auth.conf"}</pre></div></div><div class="doc-postil"><div class="c-markdown"><p><code>git-auth.conf</code>某些地方看起来类似:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">auth.require = (        "/" =&gt; (                "method" =&gt; "basic",                "realm" =&gt; "Git Access",                "require" =&gt; "valid-user"               ))# ...and set up auth.backend here</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要求读取和写入验证:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">$HTTP["url"] =~ "^/git/private" {
        include "git-auth.conf"}</pre></div></div><div class="doc-postil"><div class="c-markdown"><h2>环境</h2></div></div><div class="doc-postil"><div class="c-markdown"><p><code>git http-backend</code>依赖于<code>CGI</code>调用 Web 服务器设置的环境变量,包括:</p></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>PATH_INFO (if GIT_PROJECT_ROOT is set, otherwise PATH_TRANSLATED)</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>REMOTE_USER</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>REMOTE_ADDR</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>CONTENT_TYPE</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>QUERY_STRING</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>REQUEST_METHOD</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><p>在允许导出该存储库之前,可以将<code>GIT_HTTP_EXPORT_ALL</code>环境变量传递给<code>git-http-backend</code>绕过每个存储库中“git-daemon-export-ok”文件的检查。</p></div></div><div class="doc-postil"><div class="c-markdown"><p><code>GIT_HTTP_MAX_REQUEST_BUFFER</code>环境变量(或<code>http.maxRequestBuffer</code>配置变量)可以被设置为改变最大 REF 协商请求中取回 git 会处理; 任何需要较大缓冲区的获取都不会成功。通常不需要更改此值,但是如果从具有极大数量的引用的存储库中提取,可能会有所帮助。该值可以用单位指定(例如,<code>100M</code>代表100兆字节。默认值是10兆字节。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>后端进程将 GIT_COMMITTER_NAME 设置为,<code>$REMOTE_USER</code>和将GIT_COMMITTER_EMAIL 设置为,以<code>${REMOTE_USER}@http.${REMOTE_ADDR}</code>确保<code>git-receive-pack</code>创建的任何reflog 包含执行推送的远程用户的一些标识信息。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>所有的<code>CGI</code>环境变量都可用于每个被<code>git-receive-pack</code>调用的钩子。</p></div></div></div>