lighttpdgit-http-backend

Lighttpd git-http-backend setenv issue

I had a functioning setup on Ubuntu 14.04 with Lighttpd 1.4.33 installed via apt which passed to git-http-backend for git http pull/push. This was authenticated via ldap. A new requirement for ldap group lookups meant I needed to update lighttpd to support it.

As lighttpd only goes upto 1.4.33 on trusty/universe the old version was removed, a copy of Lighttpd 1.4.51 was downloaded and complied from source with:

./configure --with-openssl --with-openssl-libs=/usr/bin/openssl --with-ldap

After setting up a couple of cache folders and setting permissions lighttpd started and appeared to be serving requests. When doing a git pull from a client the logs show the request making it to git-http-backend however after authenticating the client sees on a git pull:

fatal: repository 'https://git.company.co.uk/repos/project_portal.git/' not found

The permissions on the folder where the git repos reside look correct, and lighttpd is running as the same user as in the working setup.

My guess is the setenv.add-environment config items in lighttpd.conf are not being passed/picked up by git-http-backend, so it's not aware where the physical files are.

I've also tried compiling different versions lighttpd however all of them had the same issue, possibly I'm missing a compile option.

Relevant sections from lighttpd.conf below.

server.modules = (
    "mod_auth",
    "mod_access",
    "mod_accesslog",
    "mod_alias",
    "mod_compress",
    "mod_redirect",
    "mod_rewrite",
    "mod_webdav",
    "mod_fastcgi",
    "mod_cgi",
    "mod_setenv",
    "mod_proxy",
    "mod_authn_ldap",
    "mod_openssl"
)

server.document-root        = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80
accesslog.filename          = "/var/log/lighttpd/access.log" 

debug.log-request-handling = "enable"

index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

$SERVER["socket"] == "0.0.0.0:443" {

    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/ssl/git.company.co.uk.pem"
    ssl.ca-file = "/etc/lighttpd/ssl/xxxIntermediateCertificate.crt"

    $HTTP["host"] == "git.company.co.uk" {
        ssl.pemfile = "/etc/lighttpd/ssl/git.company.co.uk.pem"
        alias.url = ( "/repos" => "/usr/lib/git-core/git-http-backend" )
        $HTTP["url"] =~ "^/repos" {
            cgi.assign = ("" => "")
            setenv.add-environment = (
                "GIT_PROJECT_ROOT" => "/var/www/repositories",
                "GIT_HTTP_EXPORT_ALL" => ""
            )
            auth.require = ( "" => (
                "method" => "basic",
                "realm" => "repos",
                "require" => "valid-user"
            ))
            auth.backend = "ldap"
            auth.backend.ldap.hostname              = "172.xxx"
            auth.backend.ldap.base-dn               = "OU=ITS,xxx"
            auth.backend.ldap.filter                = "(CN=$)"
            auth.backend.ldap.bind-dn               = "CN=xxx"
            auth.backend.ldap.bind-pw               = "xxx"
            auth.backend.ldap.allow-empty-pw        = "disable"
        }
    }
}

lighttpd -V

lighttpd/1.4.51 (ssl) - a light and fast webserver

Event Handlers:

        + select (generic)
        + poll (Unix)
        + epoll (Linux)
        - /dev/poll (Solaris)
        - eventports (Solaris)
        - kqueue (FreeBSD)
        - libev (generic)

Network handler:

        + linux-sendfile
        - freebsd-sendfile
        - darwin-sendfile
        - solaris-sendfilev
        + writev
        + write
        - mmap support

Features:

        + IPv6 support
        + zlib support
        + bzip2 support
        + crypt support
        + SSL support
        + PCRE support
        - MySQL support
        - PgSQL support
        - DBI support
        - Kerberos support
        + LDAP support
        - PAM support
        - memcached support
        - FAM support
        - LUA support
        - xml support
        - SQLite support
        - GDBM support

Error.log

2018-10-22 07:21:55: (response.c.422) -- splitting Request-URI
2018-10-22 07:21:55: (response.c.423) Request-URI     :  /repos/project_portal.git/info/refs?service=git-                             upload-pack
2018-10-22 07:21:55: (response.c.424) URI-scheme      :  https
2018-10-22 07:21:55: (response.c.425) URI-authority   :  git.company.co.uk
2018-10-22 07:21:55: (response.c.426) URI-path (raw)  :  /repos/project_portal.git/info/refs
2018-10-22 07:21:55: (response.c.427) URI-path (clean):  /repos/project_portal.git/info/refs
2018-10-22 07:21:55: (response.c.428) URI-query       :  service=git-upload-pack
2018-10-22 07:21:55: (mod_access.c.156) -- mod_access_uri_handler called
2018-10-22 07:21:55: (response.c.573) -- before doc_root
2018-10-22 07:21:55: (response.c.574) Doc-Root     : /var/www
2018-10-22 07:21:55: (response.c.575) Rel-Path     : /repos/project_portal.git/info/refs
2018-10-22 07:21:55: (response.c.576) Path         :
2018-10-22 07:21:55: (response.c.628) -- after doc_root
2018-10-22 07:21:55: (response.c.629) Doc-Root     : /var/www
2018-10-22 07:21:55: (response.c.630) Rel-Path     : /repos/project_portal.git/info/refs
2018-10-22 07:21:55: (response.c.631) Path         : /var/www/repos/project_portal.git/info/refs
2018-10-22 07:21:55: (response.c.655) -- logical -> physical
2018-10-22 07:21:55: (response.c.656) Doc-Root     : /var/www
2018-10-22 07:21:55: (response.c.657) Basedir      : /usr/lib/git-core/git-http-backend
2018-10-22 07:21:55: (response.c.658) Rel-Path     : /repos/project_portal.git/info/refs
2018-10-22 07:21:55: (response.c.659) Path         : /usr/lib/git-core/git-http-backend/project_portal.gi                             t/info/refs
2018-10-22 07:21:55: (response.c.671) -- handling physical path
2018-10-22 07:21:55: (response.c.672) Path         : /usr/lib/git-core/git-http-backend/project_portal.gi                             t/info/refs
2018-10-22 07:21:55: (response.c.679) -- handling subrequest
2018-10-22 07:21:55: (response.c.680) Path         : /usr/lib/git-core/git-http-backend
2018-10-22 07:21:55: (response.c.681) URI          : /repos
2018-10-22 07:21:55: (response.c.682) Pathinfo     : /project_portal.git/info/refs
2018-10-22 07:21:55: (mod_access.c.156) -- mod_access_uri_handler called
2018-10-22 07:21:55: (mod_compress.c.854) -- handling file as static file

Any suggestions are welcome, thanks.

Solution

  • Check the lighttpd error log in /var/log/lighttpd/error.log.

    Check the path to git-http-backend on your server. It might be /usr/lib/git-core/git-http-backend, or it might be /usr/libexec/git-core/git-http-backend.

    Try setting a value for "GIT_HTTP_EXPORT_ALL" => "1" or else git does not export the repos. You can see this if you look at the lighttpd breakage log (output from CGI), if configured, or if you start up lighttpd in the foreground (-D) and see trace from git-http-backend.