GIT Repos not working

lukefoley · April 26, 2020, 2:22pm

Good afternoon,

I’ve just setup a new sub-server that’s dedicated to serving GIT repositories and I’m having difficulty getting them to work.
Firstly the sub-server was created with the “Git repositories” feature enabled and I created an initial repo by going to Services → Git Repo and granted access to a new dedicated user I’d also setup.

Here’s where the trouble starts and I encounter two separate issues.

Browse Repository (gitweb))
Clicking on the “Browse Repository” button for the newly created repo opens a new page asking for credentials. Logging in with the dedicated account I’d granted access to previously, I’m then presented with the dreaded Internal Server Error message.

The Apache error_log file for this host contains the following (unhelpful) error message:

[Sun Apr 26 15:08:10.720292 2020] [cgid:error] [pid 6931:tid 139920127534848] [client IP:50391] End of script output before headers: gitweb.cgi

There’s been no configuration changes made in this newly created virtual sub-server, so I’m not sure where to go with this.
Can someone provide any insight please?

GIT Checkout issues
My second issue here is when trying to interact with the repo using git itself.

If I leave the option Redirect all requests to SSL site? enabled (which is the default for all servers hosted here), then attempting to checkout the repo with either of the following commands (not sure which one of the two is correct, so I tried both):

git clone https://git.mydomain.com/SAT.git
git clone https://git.mydomain.com/git/SAT.git

The following error is displayed:

SSL certificate problem: unable to get local issuer certificate

The sites SSL is provided by the top-level virtual servers SSL certificate which is a wildcard Lets Encrypt certificate.
Browsers show no issues with the SSL certificate when navigating to the site, so I’m not sure why git is having issues.

If I disable the option Redirect all requests to SSL site? for this sub-server, I’m presented with a different error from git complaining it can’t find the repo.

fatal: repository ‘mydomain.co.uk - mydomain Resources and Information.’ not found

Could someone please help?

Kind Regards,
Luke

lukefoley · April 27, 2020, 10:49am

I’ve managed to resolve SSL certificate problem error by adding this line to the virtual servers Apache SSL vhost and reloading Apache config:

SSLCertificateChainFile /home/mydomain/ssl.ca

I’m unfortunately still left with the issues using Gitweb (or any CGI scripts in fact because a simple HelloWorld.cgi in cgi-bin also fails [and I’ve checked permissions are 755, has the correct interpreter in the shebang and that I’m outputing a content-type header before anything else])

I’m also still left with being unable to checkout the repo because the git client reports the repo is not found.

Anyone?

lukefoley · April 30, 2020, 3:05pm

Okay, so I managed to resolve the issues I was experiencing and I’ll post back here the changes I made to get everything working.

gitweb.cgi (well, technically any .cgi scripts)
Can’t believe I missed this one earlier.
suexec was still configured with a docroot of /var/www instead of /home and was logging to /var/log/secure (which I wasn’t expecting, so I didn’t check it)

The fix was to recompile suexec with a docroot of /home and I also moved the suexec log to /var/log/httpd/suexec.log

GIT Checkout issues
Firstly, I added the SSLCertificateChainFile option to the vhost as described in my previous post. This resolved the SSL warning git was presenting me with.

Secondly, I’ve enabled “smart” git (via git-http-backend) instead of using DAV.
A few changes were needed to get this working with suexec.

Apache site changes
Added the below into the SSL vhost

ScriptAliasMatch “(?x)^/git/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}.(pack|idx)) | git-(upload|receive)-pack))$” /home/path/to/domain/cgi-bin/gitwrapper.cgi/$1

Removed the line from the Location /git bock

Dav On

Added this line to the Location /git bock

Options All ExecCGI FollowSymLinks Includes Indexes

Created gitwrapper.cgi in cgi-bin
Needed due to git-http-backend existing outside of suexec docoot
Also remember to set the chmod the permissions to 755

#!/bin/sh

export GIT_PROJECT_ROOT=/home/path/to/domain/public_html/git
export GIT_HTTP_EXPORT_ALL=1
export REMOTE_USER=$REDIRECT_REMOTE_USER

exec /usr/libexec/git-core/git-http-backend

Repo changes - Needs to be done for each repo
The following lines need to be added to the repos config file

[http]
receivepack = true

I’ve actually made changes to the virtualmin files used to enable the Git feature for a domain and create new repos, so i don’t have to do these manual changes, but I won’t share them here, as they’ll break when they’re updated by virtualmin.

Kind Regards,
Luke

system · May 2, 2020, 3:05pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.