git Server with Gitolite, Gitweb and lighttpd

If you only have git, you tend to see every problem as a source code repository.

I use git. For lots of stuff that should be shared with the world, for lots of stuff that nobody else will ever see, but also for a few things that are meant to be shared just with family members, or friends. Simple http and ssh solve the first two cases and somewhat the third, but for the last one creating system users is just not practical, and something else is needed.

I already have a Debian GNU/Linux computer where I keep my personal repositories, and I decided to try Gitolite for user access control and Gitweb under the already configured lighttpd for a simple web interface.

Installation

This guide assumes that you are using debian squeeze, and you alread have lighttpd installed and configured, as well as ssh with key authentication and the git client.

First of all, install the packages from debian in the usual way; on the server:

# apt-get install gitolite gitweb git-daemon-run

gitolite

Copy your public key to the server, e.g. to /tmp/YourName.pub.

Debian creates a gitolite user; again on the server become it and setup gitolite:

# su - gitolite
$ gl-setup /tmp/YourName.pub

Edit ~/.gitolite.rc; to allow gitweb to read the repositories they should have the 0027 umask, where you have:

$REPO_UMASK = 0077;         # gets you 'rwx------'
# $REPO_UMASK = 0027;       # gets you 'rwxr-x---'
# $REPO_UMASK = 0022;       # gets you 'rwxr-xr-x'

change the comments so that they become:

# $REPO_UMASK = 0077;         # gets you 'rwx------'
$REPO_UMASK = 0027;       # gets you 'rwxr-x---'
# $REPO_UMASK = 0022;       # gets you 'rwxr-xr-x'

Gitolite is configured remotely, from workstation where you have the private key; clone the gitolite configuration repository:

$ git clone gitolite@server:gitolite-admin

And then see the gitolite documentation for further informations and to add new users and new repositories.

When you add a repository that should be available on gitweb add reading permissions for the special user gitweb in gitolite.conf, and a description, such as:

repo my_repo
     RW+     =   your_name
     R       =   gitweb
     my_repo "your_name" = "My new, exciting repository"

If you want to allow anonymous read access via git-daemon to the repository add also the special user daemon:

R       =   gitweb daemon

gitweb

Back on the server to configure gitweb.

Add the www-data user to gitolite group, so that it is able to read the repository files:

# usermod -a -G gitolite www-data

You should restart lighttpd so that the user knows about the new group, but you can do it later, when you have to reload the configuration.

We want gitweb to read the repositories from gitolite and to be able to run under lighttpd; edit /etc/gitweb.conf/ and change the following values.

Repositories are in the directory managed by gitolite:

$projectroot = "/var/lib/gitolite/repositories/";

Read files from somewhere lighttpd is able to serve them:

$home_text = "/gweb/indextext.html";
$stylesheet = "/gweb/gitweb.css";
$javascript = "/gweb/gitweb.js";
$logo = "/gweb/git-logo.png";
$favicon = "/gweb/git-favicon.png";

Read the repository list as published by gitolite:

$projects_list = "/var/lib/gitolite/projects.list";

If you want, you can show the clone url on the main page of each project by adding:

@git_base_url_list = ( "git://server" );

The gitweb package in debian installs some configuration snippet for apache, but we want it to run under lighttpd; create the file /etc/lighttpd/conf-available/20-gitweb.conf with:

$HTTP["url"] =~ "^/gitweb/" {
        cgi.assign = ( "" => "" )
}

cgi.assign = ( ".cgi" => "/usr/bin/perl" )

url.redirect += ( "^/gitweb$" => "/gitweb/" )
alias.url += (
"/gweb/gitweb.css" => "/usr/share/gitweb/gitweb.css",
"/gweb/git-logo.png" => "/usr/share/gitweb/git-logo.png",
"/gweb/git-favicon.png" => "/usr/share/gitweb/git-favicon.png",
"/gweb/indextext.html" => "/usr/share/gitweb/indextext.html",
"/gitweb/" => "/usr/share/gitweb/index.cgi",

And enable mod_cgi and gitweb in the lighttpd configuration:

# lighttpd-enable-mod cgi gitweb

Restart lighttpd:

# /etc/init.d/lighttpd restart

or, if you already did it after adding the group, you can just let it reread its configuration:

# /etc/init.d/lighttpd force-reload

git-daemon

Debian runs git-daemon as the gitdaemon user: add it to the gitolite group:

# usermod -a -G gitolite gitdaemon

And let it run with the gitolite group and read repositories from the gitolite directory: edit /etc/sv/git-daemon/run so that it looks like:

#!/bin/sh
exec 2>&1
echo 'git-daemon starting.'
exec chpst -ugitdaemon:gitolite \
  "$(git --exec-path)"/git-daemon --verbose --base-path=/var/lib/gitolite/repositories

Restart git-daemon:

# sv restart git-daemon

[note: this is the first time I use an sv managed daemon; I've found this command by quickly browsing the manpage, but if there is a better way to restart it let me know.

Send a comment: unless requested otherwise I may add it, or some extract, to this page.

Return to Top