Git repository over HTTP WebDAV with nginx

The goal is to create Git push repository available over HTTP protocol. I need to have read-write access, with read-only access for the rest of the world. Since I do not use any webservers other than nginx anymore, I configured it with nginx. It turned out to be pretty simple in theory, but not fully functional afterall.

First you need to build/install nginx with WebDAV module:

# emerge -av nginx

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] www-servers/nginx-0.6.29  USE="debug fastcgi imap pcre perl ssl status webdav zlib -addition -flv -sub" 0 kB

After you verify that your nginx is running, you need to prepare Git server repository.

$ cd /var/www/my.site.dir/htdocs
$ mkdir my-new-repo.git

Initialize a bare repository.

$ cd my-new-repo.git
$ git --bare init

Change ownership of files to nginx user be able to write them.

$ chown -R nginx:nginx .

Then you need to configure a location on your web host with WebDAV access.

# vim /etc/nginx/vhosts.d/my.site.conf

server {
listen          127.0.0.1;
server_name     my.site.hostname;

root            /var/www/my.site.dir/htdocs;

client_body_temp_path   /var/www/my.site.dir/client_temp;
create_full_put_path    on;
dav_access              user:rw  group:r  all:r;

location /my-new-repo.git/ {
dav_methods  PUT DELETE MKCOL COPY MOVE; #PROPFIND
}

}

Give nginx a way to write to client_temp path.

chown nginx:nginx /var/www/my.site.dir/client_temp

Reload nginx.

/etc/init.d/nginx reload

Verify that you can read http://my.site.hostname/my-new-repo.git/description

This is basically all. You have a fully working WebDAV repository. But we do not want all the world to be able to write to the repo, so we need to put some authorization to it. Let’s use simple user/pass authentication.

Create user passwords file.

# htpasswd -c /var/www/my.site.dir/passwd.git tomasz.sterna
New password:
Re-type new password:
Adding password for user tomasz.sterna

Add authentication to nginx location.

        location /my-new-repo.git/ {
dav_methods  PUT DELETE MKCOL COPY MOVE; #PROPFIND
limit_except  GET {
auth_basic      "Git";
auth_basic_user_file    /var/www/my.site.dir/passwd.git;
}
}

and reload nginx.

Then you need to setup your client Git. This is the same as the usuall case, but I will include it here for completeness.

Make sure that you have HTTP support, i.e. your git was built with curl. The easiest way to check is to look for the executable ‘git-http-push’.

Then, add the following to your $HOME/.netrc (you can do without, but will be asked to input your password a lot of times):

    machine servername
login username
password password

…and set permissions:

chmod 600 ~/.netrc

If you want to access the web-server by its IP, you have to type that in, instead of the server name.

To check whether all is OK, do:

curl --netrc --location -v http://username@servername/my-new-repo.git/description

…this should give a description of /var/www/my.site.dir/htdocs/my-new-repo.git .

Now, add the remote in your existing repository which contains the project you want to export:

$ git-config remote.upload.url http://username@servername/my-new-repo.git/

It is important to put the last ‘/’; Without it, the server will send a redirect which git-http-push does not (yet) understand, and git-http-push will repeat the request infinitely.

Make the initial push.

From your client repository, do

$ git push upload master

This pushes branch ‘master’ (which is assumed to be the branch you want to export) to repository called ‘upload’, which we previously defined with git-config.

And currently this is a showstopper. nginx http_dav_module does not support PROPFIND method yet, and git-http-push requires it. I am working on extending http_dav_module to support the missing methods but it’s complicated and I do not have much time for this. For now see comments for possible workarounds.

Many thanks to Johannes Schindelin and Rutger Nijlunsing for theirs great Git and Apache HTTP tutorial which this tutorial is based on.

About this entry

You’re currently reading “Git repository over HTTP WebDAV with nginx,” an entry on Xiaoka Notes

Published:: Sunday, April 13th, 2008 at 09:53

Author:: admin

Category:: HOWTO

Tags:: Gentoo, git, HOWTO, nginx, tutorial, webdav

Similar entries

None Found

jamshid

May 24th, 2008
20:51 UTC

thanks man, you, nginx, git, & webdav (when it works) are awesome. Looking forward to propfind.

saimon

June 2nd, 2008
8:39 UTC

Nice article!
Any progress on extending http_dav_module?

Tomasz Sterna

June 2nd, 2008
10:14 UTC

Unfortunately not much. Lack of time

Joey Korkames

June 5th, 2008
20:57 UTC

I looked at adding PROPFIND awhile ago. OPTIONS was easy enough but PROPFIND is a little bit more logic and XML than I care to bungle in C. Instead, I rigged nginx to redirect all unsupported WebDAV methods to a CGI script that does understand them. Luckily, none of these op’s are really I/O intensive.

location ^~ /git/ { root /var/www/localhost/htdocs/git; dav_access user:rw group:r all:r; dav_methods PUT DELETE MKCOL COPY MOVE; fastcgi_param SCRIPT_FILENAME /var/www/localhost/htdocs/git/webdav.cgi; #http://plan9.aichi-u.ac.jp/netlib/webappls/webdav.cgi include http/fastcgi/defaults.conf;

if ($request_method = ^(PROPFIND|OPTIONS|PROPPATCH|LOCK|UNLOCK)$ { fastcgi_pass fastcgi-cgiwrap-local; #http://wiki.codemongers.com/NginxSimpleCGI } }

I’ve just tested this with the nd client (http://www.gohome.org/nd/) and it seems to work so far.

June 5th, 2008
21:23 UTC

So I fat fingered that pretty good ….

that if condition should be:
if ($request_method ~ ^(PROPFIND|OPTIONS|PROPPATCH|LOCK|UNLOCK)$ ){ ... }

Also, that webdev.cgi is actually pretty weak, it only does PROPFIND. I’m gonna try libhttp-davserver-perl’s nph-webdav and see if that does a bit more.

Laurent Ghigonis

August 31st, 2008
0:56 UTC

Thanks for the infos. Do you have updates about handling webdav in nginx via a cgi script ? The nph-webdav cgi script doesnt seem to handle (yet) the options needed by subversion

September 29th, 2008
10:36 UTC

I gave up on fcgiPass (no good DAV fcgi scripts out there) and instead use proxy_pass to a pandav daemon:
http://github.com/gicmo/pandav/tree/master

For WinXP mounting, this patch needs to be applied:
In davserver.py replace line 254 with the following:
w.write(‘%s\n’ % urllib.quote(m.virname))

With the fixed pandav, most everything seems to work right with Windows’ DAV client, and Nginx still handles GET/PUT if
using (OPTIONS|PROPFIND|LOCK|UNLOCK|PROPPATCH|HEAD|MKCOL|COPY|MOVE)
However, windows doesn’t send requests about folders with the HTTP spec’d trailing slash (“/mydir” vs. “/mydir/”) . Most items in the nginx dav code say to send 409 to DAV operations on
folders if they are missing the slash. Normally, for a human using a web browser, the web server sends a redirect to fix the path to proper spec but if you try to do that to a broken dav client, you get a whole other type of error. If nginx can get a
little more flexible about folders (like apache’s “redirect-carefully”), WinXP should be all set.

I have not tested pandav with svn/git/cadaver/nd ….

New High Score » Blog Archive » Making WebDAV and NGINX Play Nice Together March 20th, 2009
22:24 UTC

[...] around the internet for similar things, I find that we’re not the only ones trying to do this, and came across a Perl CGI script that is/can be used in a similar fashion. Unfortunately, NGINX [...]

soloman

January 11th, 2010
5:23 UTC

could you help me please.

I configuration webdav on nginx/gentoo. But when I connect to my server, I got this error (I logging in with cyberduck from mac

PROPFIND /mydavserver HTTP/1.1[\r][\n]
Authorization: Basic d2F4Om9qa2l5ZA==[\r][\n]
Content-Type: text/xml; charset=utf-8[\r][\n]
User-Agent: Cyberduck/3.3b4 (5455)[\r][\n]
Host: 192.168.0.28:8088[\r][\n]
Content-Length: 207[\r][\n]
Depth: 0[\r][\n]
[\r][\n]
HTTP/1.1 405 Not Allowed[\r][\n]
HTTP/1.1 405 Not Allowed[\r][\n]
Server: nginx/0.8.29[\r][\n]
Date: Mon, 11 Jan 2010 04:19:11 GMT[\r][\n]
Content-Type: text/html[\r][\n]
Content-Length: 173[\r][\n]
Connection: keep-alive[\r][\n]
Keep-Alive: timeout=20[\r][\n]
[\r][\n]

How do i solve this problem ?

thanks.

Git repository over HTTP WebDAV with nginx - Nginx Webdav SVN September 28th, 2010
10:52 UTC

[...] Check out the original for detail [...]

git at Anatai Journal December 13th, 2010
11:20 UTC

[...] I had some trouble trying to get remote repositories working. Â Initially I tried to use WebDAV which allowed remote cloning but did not support writing back (PROPFIND errors). Â At first I thought this might be an issue with the firewall where I work but it would appear to be a more general showstopper. [...]

Git WebDAV with Nginx | Nginx Lighttpd Tutorial June 3rd, 2011
15:39 UTC

[...] is a good tutorial on Git repository over HTTP WebDAV with nginx: The goal is to create Git push repository available [...]

Romain

October 3rd, 2011
10:10 UTC

Hello all,

I know that is an old article but I achieve to serve a git repository throught HTTP WebDav and Nginx. Actualy, I use Nginx as a proxy redirecting requests to the daemon listening on localhost:8008. Pretty simple in fact.

Hope it helps

Git repository over HTTP WebDAV with nginx

About this entry

Similar entries

13 Comments

Have your say

Recent Posts

Categories

Recent Readers

Recent Comments

Tags

Blogroll

Company

Contributors

Lectures

Projects

Pages