Hi, today I tried to use Git through Virtualmin GPL on Centos 6, both fully up to date. On the virtual server I used, I added a proxypass to redirect all HTTP traffic to Tomcat, so I can only access Git through HTTPS, which is what I want anyway.
So I went to Configure Website for SSL -> Location /git -> Edit Directives and changed the Redirect from HTTP to HTTPS:
RedirectMatch ^/git$ https://[servername]/git/gitweb.cgi
RedirectMatch ^/git/$ https://[servername]/git/gitweb.cgi
When I access the repo using the browser, I get a generic error after inserting username and password. httpd log says:
suexec policy violation: see suexec log for more details
Premature end of script headers: gitweb.cgi
suexec log says:
command not in docroot (/var/www/git/gitweb.cgi)
I think it should access /home/[user]/public_html/git/gitweb.cgi instead, but I don’t know how to make it happen.
I haven’t found a solution, so I still hope that someone can give me a hint.
That seems to be a configuration of gitweb.cgi out of a package. It won’t work (easily) in a suexec environment, which is what Virtualmin sets up. This is true of pretty much any CGI script packaged up to work outside of a suexec/non-FCGId/etc environment. i.e. you should not expect any CGI script or web app installable from the OS-standard repos to work under suexec, because they’ve packaged them in a way that is incompatible with it. (Though you could make it work…it’s possible to have sites not subject to suexec outside of Virtualmin’s control, I don’t recommend it for security reasons.)
You’d need gitweb.cgi installed in the virtualhosts where you want it to be available, and you’d want to get rid of the default configuration (probably in /etc/httpd/conf.d/git.conf ) as it is rewriting stuff in a way that doesn’t make sense if you’re running things under suexec.
If you really, really, wanted to ignore the security implications of running that script from that location with those permissions as the apache user, you could simply create a new website that does not use suexec (or add a directory to an existing virtual host that doesn’t use suexec).
Except trying to stay in HTTPS, I did nothing special. I don’t even remember if I installed Git by myself or if Virtualmin installed it, so it should be the default CentOS 6 configuration. I just tried to use the Virtualmin Git functionality.
I don’t want/need to run cgi from outside the default configuration, I just want it to work
I made no changes. I noticed that an update of the Git Virtualmin module was installed some days ago. Now it seems to work fine.