mirror of
https://github.com/fofolee/uTools-Manuals.git
synced 2025-06-09 07:24:04 +08:00
34 lines
14 KiB
HTML
34 lines
14 KiB
HTML
<div class="c-markdown doc-markdown"><div class="doc-postil"><div class="c-markdown"><h2>名称</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>git-http-backend - Git 在HTTP的服务器端实现</p></div></div><div class="doc-postil"><div class="c-markdown"><h2>概要</h2></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">git http-backend</pre></div></div><div class="doc-postil"><div class="c-markdown"><h2>描述</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>一个简单的 CGI 程序,用于向通过 http://和https://协议访问存储库的 Git 客户端提供 Git 存储库的内容。该程序支持客户端使用智能 HTTP 协议和向后兼容的愚蠢 HTTP 协议以及客户端使用智能 HTTP 协议进行推送。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>它会验证该目录是否具有魔术文件“git-daemon-export-ok”,并且它会拒绝导出任何未明确标记为导出的 Git 目录(除非<code>GIT_HTTP_EXPORT_ALL</code>设置了环境变量)。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>默认情况下,只有<code>upload-pack</code>服务已启用,供应<code>git fetch-pack</code>和<code>git ls-remote</code>客户,这是从调用<code>git fetch</code>,<code>git pull</code>和<code>git clone</code>。如果客户端已通过身份验证,<code>receive-pack</code>则会启用该服务,该服务将为<code>git send-pack</code>客户端提供服务,并从中调用该服务<code>git push</code>。</p></div></div><div class="doc-postil"><div class="c-markdown"><h2>服务</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>可以使用每个存储库配置文件启用/禁用这些服务:</p></div></div><div class="doc-postil"><div class="c-markdown"><p>http.getanyfile</p></div></div><div class="doc-postil"><div class="c-markdown"><p>这为不能使用上传包服务的版本低于1.6.6的 Git 客户端提供服务。启用时,客户端可以读取存储库中的任何文件,包括不再从分支中访问但仍存在的对象。它是默认启用的,但是一个存储库可以通过设置这个配置项来禁用它<code>false</code>。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>http.uploadpack</p></div></div><div class="doc-postil"><div class="c-markdown"><p>这服务<code>git fetch-pack</code>和<code>git ls-remote</code>客户。它是默认启用的,但是一个存储库可以通过设置这个配置项来禁用它<code>false</code>。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>http.receivepack</p></div></div><div class="doc-postil"><div class="c-markdown"><p>这为<code>git send-pack</code>客户提供服务,从而推动。默认情况下,它对于匿名用户是禁用的,并且默认情况下为 Web 服务器验证的用户启用。可以通过将该项目设置为<code>false</code>或禁用所有用户(包括匿名用户),将其设置为<code>true</code>。</p></div></div><div class="doc-postil"><div class="c-markdown"><h2>网址翻译</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>要确定存储库在磁盘上的位置,需要<code>git http-backend</code>连接由 Web 服务器自动设置的环境变量 PATH_INFO 和必须在 Web 服务器配置中手动设置的 GIT_PROJECT_ROOT。如果未设置 GIT_PROJECT_ROOT,则<code>git http-backend</code>读取 PATH_TRANSLATED,它也由 Web 服务器自动设置。</p></div></div><div class="doc-postil"><div class="c-markdown"><h2>示例</h2></div></div><div class="doc-postil"><div class="c-markdown"><p>以下所有示例都映射<code>http://$hostname/git/foo/bar.git</code>到<code>/var/www/git/foo/bar.git</code>。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>Apache 2.x</p></div></div><div class="doc-postil"><div class="c-markdown"><p>确保已启用mod_cgi,mod_alias 和 mod_env,并正确设置 GIT_PROJECT_ROOT(或DocumentRoot),并为 CGI 创建一个 ScriptAlias:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnv GIT_PROJECT_ROOT /var/www/git
|
||
|
||
SetEnv GIT_HTTP_EXPORT_ALL
|
||
|
||
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要启用匿名读取访问但授权写入访问,需要授权初始引用广告(我们通过查询字符串中的服务参数检测为推送)以及接收包调用本身:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]RewriteCond %{REQUEST_URI} /git-receive-pack$
|
||
|
||
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]<LocationMatch "^/git/">
|
||
|
||
Order Deny,Allow
|
||
|
||
Deny from env=AUTHREQUIRED
|
||
|
||
|
||
|
||
AuthType Basic
|
||
|
||
AuthName "Git Access"
|
||
|
||
Require group committers
|
||
|
||
Satisfy Any ...</LocationMatch></pre></div></div><div class="doc-postil"><div class="c-markdown"><p>如果您没有<code>mod_rewrite</code>可用于匹配查询字符串,则仅保护<code>git-receive-pack</code>自己就足够了,如:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript"><LocationMatch "^/git/.*/git-receive-pack$">
|
||
|
||
AuthType Basic
|
||
|
||
AuthName "Git Access"
|
||
|
||
Require group committers ...</LocationMatch></pre></div></div><div class="doc-postil"><div class="c-markdown"><p>在这种模式下,服务器将不会请求认证,直到客户端实际启动推送的对象协商阶段,而不是在初始联系期间。出于这个原因,您还必须<code>http.receivepack</code>在任何应该接受推送的存储库中启用配置选项。默认行为如果<code>http.receivepack</code>未设置,则拒绝未经身份验证的用户进行的任何推送; 因此最初的请求会<code>403 Forbidden</code>向客户报告,甚至没有提供认证的机会。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>要对读取和写入进行身份验证,请在存储库或其父目录之一使用 Location 指令:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript"><Location /git/private>
|
||
|
||
AuthType Basic
|
||
|
||
AuthName "Private Git Access"
|
||
|
||
Require group committers ...</Location></pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要在相同的 url 上提供 gitweb,请使用 ScriptAliasMatch 仅<code>git http-backend</code>处理那些可以处理的 URL ,然后将其余的转发到 gitweb:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">ScriptAliasMatch \ "(?x)^/git/(.*/(HEAD | \
|
||
|
||
info/refs | \
|
||
|
||
objects/(info/[^/]+ | \
|
||
|
||
[0-9a-f]{2}/[0-9a-f]{38} | \
|
||
|
||
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
|
||
|
||
git-(upload|receive)-pack))$" \ /usr/libexec/git-core/git-http-backend/$1ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要在单个存储库中提供来自不同 gitnamespaces [7]的多个存储库:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnvIf Request_URI "^/git/([^/]*)" GIT_NAMESPACE=$1ScriptAliasMatch ^/git/[^/]*(.*) /usr/libexec/git-core/git-http-backend/storage.git$1</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>Accelerated static Apache 2.x</p></div></div><div class="doc-postil"><div class="c-markdown"><p>与上面类似,但 Apache 可用于返回存储在磁盘上的静态文件。在许多系统上,这可能更有效,因为 Apache 可以要求内核将文件内容从文件系统直接复制到网络:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnv GIT_PROJECT_ROOT /var/www/git
|
||
|
||
|
||
|
||
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/www/git/$1AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>这可以与 gitweb 配置结合使用:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">SetEnv GIT_PROJECT_ROOT /var/www/git
|
||
|
||
|
||
|
||
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/www/git/$1AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1ScriptAliasMatch \ "(?x)^/git/(.*/(HEAD | \
|
||
|
||
info/refs | \
|
||
|
||
objects/info/[^/]+ | \
|
||
|
||
git-(upload|receive)-pack))$" \ /usr/libexec/git-core/git-http-backend/$1ScriptAlias /git/ /var/www/cgi-bin/gitweb.cgi/</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>Lighttpd</p></div></div><div class="doc-postil"><div class="c-markdown"><p>确保<code>mod_cgi</code>,<code>mod_alias</code>,<code>mod_auth</code>,<code>mod_setenv</code>加载,然后设置<code>GIT_PROJECT_ROOT</code>适当的和重定向到 CGI 的所有请求:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">alias.url += ( "/git" => "/usr/lib/git-core/git-http-backend" )$HTTP["url"] =~ "^/git" {
|
||
|
||
cgi.assign = ("" => "")
|
||
|
||
setenv.add-environment = ( "GIT_PROJECT_ROOT" => "/var/www/git", "GIT_HTTP_EXPORT_ALL" => "" )}</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要启用匿名读取访问但验证写入访问:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">$HTTP["querystring"] =~ "service=git-receive-pack" {
|
||
|
||
include "git-auth.conf"}$HTTP["url"] =~ "^/git/.*/git-receive-pack$" {
|
||
|
||
include "git-auth.conf"}</pre></div></div><div class="doc-postil"><div class="c-markdown"><p><code>git-auth.conf</code>某些地方看起来类似:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">auth.require = ( "/" => ( "method" => "basic", "realm" => "Git Access", "require" => "valid-user" ))# ...and set up auth.backend here</pre></div></div><div class="doc-postil"><div class="c-markdown"><p>要求读取和写入验证:</p></div></div><div class="doc-postil"><div class="c-markdown"><pre class="prism-token token language-javascript">$HTTP["url"] =~ "^/git/private" {
|
||
|
||
include "git-auth.conf"}</pre></div></div><div class="doc-postil"><div class="c-markdown"><h2>环境</h2></div></div><div class="doc-postil"><div class="c-markdown"><p><code>git http-backend</code>依赖于<code>CGI</code>调用 Web 服务器设置的环境变量,包括:</p></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>PATH_INFO (if GIT_PROJECT_ROOT is set, otherwise PATH_TRANSLATED)</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>REMOTE_USER</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>REMOTE_ADDR</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>CONTENT_TYPE</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>QUERY_STRING</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><ul class="ul-level-0 list-paddingleft-2" style="margin: 10px 0px 10px 20px;"><li><p>REQUEST_METHOD</p></li></ul></div></div><div class="doc-postil"><div class="c-markdown"><p>在允许导出该存储库之前,可以将<code>GIT_HTTP_EXPORT_ALL</code>环境变量传递给<code>git-http-backend</code>绕过每个存储库中“git-daemon-export-ok”文件的检查。</p></div></div><div class="doc-postil"><div class="c-markdown"><p><code>GIT_HTTP_MAX_REQUEST_BUFFER</code>环境变量(或<code>http.maxRequestBuffer</code>配置变量)可以被设置为改变最大 REF 协商请求中取回 git 会处理; 任何需要较大缓冲区的获取都不会成功。通常不需要更改此值,但是如果从具有极大数量的引用的存储库中提取,可能会有所帮助。该值可以用单位指定(例如,<code>100M</code>代表100兆字节)。默认值是10兆字节。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>后端进程将 GIT_COMMITTER_NAME 设置为,<code>$REMOTE_USER</code>和将GIT_COMMITTER_EMAIL 设置为,以<code>${REMOTE_USER}@http.${REMOTE_ADDR}</code>确保<code>git-receive-pack</code>创建的任何reflog 包含执行推送的远程用户的一些标识信息。</p></div></div><div class="doc-postil"><div class="c-markdown"><p>所有的<code>CGI</code>环境变量都可用于每个被<code>git-receive-pack</code>调用的钩子。</p></div></div></div> |