Google Git
Sign in
chromium / external / gitster / git-htmldocs / fb4fa4ebbe0c116c4dbc060c9d1f3b2f1e84e0bd / . / git-daemon.html
blob: 596e2f2bd2ed69acb0c32895a531d8bd165a49df [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="generator" content="AsciiDoc 7.0.2" />
<style type="text/css">
/* Debug borders */
p, li, dt, dd, div, pre, h1, h2, h3, h4, h5, h6 {
/*
border: 1px solid red;
*/
}
body {
margin: 1em 5% 1em 5%;
}
a { color: blue; }
a:visited { color: fuchsia; }
em {
font-style: italic;
}
strong {
font-weight: bold;
}
tt {
color: navy;
}
h1, h2, h3, h4, h5, h6 {
color: #527bbd;
font-family: sans-serif;
margin-top: 1.2em;
margin-bottom: 0.5em;
line-height: 1.3;
}
h1 {
border-bottom: 2px solid silver;
}
h2 {
border-bottom: 2px solid silver;
padding-top: 0.5em;
}
div.sectionbody {
font-family: serif;
margin-left: 0;
}
hr {
border: 1px solid silver;
}
p {
margin-top: 0.5em;
margin-bottom: 0.5em;
}
pre {
padding: 0;
margin: 0;
}
span#author {
color: #527bbd;
font-family: sans-serif;
font-weight: bold;
font-size: 1.2em;
}
span#email {
}
span#revision {
font-family: sans-serif;
}
div#footer {
font-family: sans-serif;
font-size: small;
border-top: 2px solid silver;
padding-top: 0.5em;
margin-top: 4.0em;
}
div#footer-text {
float: left;
padding-bottom: 0.5em;
}
div#footer-badges {
float: right;
padding-bottom: 0.5em;
}
div#preamble,
div.tableblock, div.imageblock, div.exampleblock, div.verseblock,
div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock,
div.admonitionblock {
margin-right: 10%;
margin-top: 1.5em;
margin-bottom: 1.5em;
}
div.admonitionblock {
margin-top: 2.5em;
margin-bottom: 2.5em;
}
div.content { /* Block element content. */
padding: 0;
}
/* Block element titles. */
div.title, caption.title {
font-family: sans-serif;
font-weight: bold;
text-align: left;
margin-top: 1.0em;
margin-bottom: 0.5em;
}
div.title + * {
margin-top: 0;
}
td div.title:first-child {
margin-top: 0.0em;
}
div.content div.title:first-child {
margin-top: 0.0em;
}
div.content + div.title {
margin-top: 0.0em;
}
div.sidebarblock > div.content {
background: #ffffee;
border: 1px solid silver;
padding: 0.5em;
}
div.listingblock > div.content {
border: 1px solid silver;
background: #f4f4f4;
padding: 0.5em;
}
div.quoteblock > div.content {
padding-left: 2.0em;
}
div.quoteblock .attribution {
text-align: right;
}
div.admonitionblock .icon {
vertical-align: top;
font-size: 1.1em;
font-weight: bold;
text-decoration: underline;
color: #527bbd;
padding-right: 0.5em;
}
div.admonitionblock td.content {
padding-left: 0.5em;
border-left: 2px solid silver;
}
div.exampleblock > div.content {
border-left: 2px solid silver;
padding: 0.5em;
}
div.verseblock div.content {
white-space: pre;
}
div.imageblock div.content { padding-left: 0; }
div.imageblock img { border: 1px solid silver; }
span.image img { border-style: none; }
dl {
margin-top: 0.8em;
margin-bottom: 0.8em;
}
dt {
margin-top: 0.5em;
margin-bottom: 0;
font-style: italic;
}
dd > *:first-child {
margin-top: 0;
}
ul, ol {
list-style-position: outside;
}
ol.olist2 {
list-style-type: lower-alpha;
}
div.tableblock > table {
border-color: #527bbd;
border-width: 3px;
}
thead {
font-family: sans-serif;
font-weight: bold;
}
tfoot {
font-weight: bold;
}
div.hlist {
margin-top: 0.8em;
margin-bottom: 0.8em;
}
td.hlist1 {
vertical-align: top;
font-style: italic;
padding-right: 0.8em;
}
td.hlist2 {
vertical-align: top;
}
@media print {
div#footer-badges { display: none; }
}
include::./stylesheets/xhtml11-manpage.css[]
/* Workarounds for IE6's broken and incomplete CSS2. */
div.sidebar-content {
background: #ffffee;
border: 1px solid silver;
padding: 0.5em;
}
div.sidebar-title, div.image-title {
font-family: sans-serif;
font-weight: bold;
margin-top: 0.0em;
margin-bottom: 0.5em;
}
div.listingblock div.content {
border: 1px solid silver;
background: #f4f4f4;
padding: 0.5em;
}
div.quoteblock-content {
padding-left: 2.0em;
}
div.exampleblock-content {
border-left: 2px solid silver;
padding-left: 0.5em;
}
</style>
<title>git-daemon(1)</title>
</head>
<body>
<div id="header">
<h1>
git-daemon(1) Manual Page
</h1>
<h2>NAME</h2>
<div class="sectionbody">
<p>git-daemon -
A really simple server for git repositories
</p>
</div>
</div>
<h2>SYNOPSIS</h2>
<div class="sectionbody">
<div class="verseblock">
<div class="content"><em>git-daemon</em> [--verbose] [--syslog] [--export-all]
[--timeout=n] [--init-timeout=n] [--strict-paths]
[--base-path=path] [--user-path | --user-path=path]
[--interpolated-path=pathtemplate]
[--reuseaddr] [--detach] [--pid-file=file]
[--enable=service] [--disable=service]
[--allow-override=service] [--forbid-override=service]
[--inetd | [--listen=host_or_ipaddr] [--port=n] [--user=user [--group=group]]
[directory&#8230;]</div></div>
</div>
<h2>DESCRIPTION</h2>
<div class="sectionbody">
<p>A really simple TCP git daemon that normally listens on port "DEFAULT_GIT_PORT"
aka 9418. It waits for a connection asking for a service, and will serve
that service if it is enabled.</p>
<p>It verifies that the directory has the magic file "git-daemon-export-ok", and
it will refuse to export any git directory that hasn't explicitly been marked
for export this way (unless the <em>--export-all</em> parameter is specified). If you
pass some directory paths as <em>git-daemon</em> arguments, you can further restrict
the offers to a whitelist comprising of those.</p>
<p>By default, only <tt>upload-pack</tt> service is enabled, which serves
<tt>git-fetch-pack</tt> and <tt>git-peek-remote</tt> clients that are invoked
from <tt>git-fetch</tt>, <tt>git-ls-remote</tt>, and <tt>git-clone</tt>.</p>
<p>This is ideally suited for read-only updates, i.e., pulling from
git repositories.</p>
<p>An <tt>upload-archive</tt> also exists to serve <tt>git-archive</tt>.</p>
</div>
<h2>OPTIONS</h2>
<div class="sectionbody">
<dl>
<dt>
--strict-paths
</dt>
<dd>
<p>
Match paths exactly (i.e. don't allow "/foo/repo" when the real path is
"/foo/repo.git" or "/foo/repo/.git") and don't do user-relative paths.
git-daemon will refuse to start when this option is enabled and no
whitelist is specified.
</p>
</dd>
<dt>
--base-path
</dt>
<dd>
<p>
Remap all the path requests as relative to the given path.
This is sort of "GIT root" - if you run git-daemon with
<em>--base-path=/srv/git</em> on example.com, then if you later try to pull
<em>git://example.com/hello.git</em>, <tt>git-daemon</tt> will interpret the path
as <em>/srv/git/hello.git</em>.
</p>
</dd>
<dt>
--base-path-relaxed
</dt>
<dd>
<p>
If --base-path is enabled and repo lookup fails, with this option
<tt>git-daemon</tt> will attempt to lookup without prefixing the base path.
This is useful for switching to --base-path usage, while still
allowing the old paths.
</p>
</dd>
<dt>
--interpolated-path=pathtemplate
</dt>
<dd>
<p>
To support virtual hosting, an interpolated path template can be
used to dynamically construct alternate paths. The template
supports %H for the target hostname as supplied by the client but
converted to all lowercase, %CH for the canonical hostname,
%IP for the server's IP address, %P for the port number,
and %D for the absolute path of the named repository.
After interpolation, the path is validated against the directory
whitelist.
</p>
</dd>
<dt>
--export-all
</dt>
<dd>
<p>
Allow pulling from all directories that look like GIT repositories
(have the <em>objects</em> and <em>refs</em> subdirectories), even if they
do not have the <em>git-daemon-export-ok</em> file.
</p>
</dd>
<dt>
--inetd
</dt>
<dd>
<p>
Have the server run as an inetd service. Implies --syslog.
Incompatible with --port, --listen, --user and --group options.
</p>
</dd>
<dt>
--listen=host_or_ipaddr
</dt>
<dd>
<p>
Listen on an a specific IP address or hostname. IP addresses can
be either an IPv4 address or an IPV6 address if supported. If IPv6
is not supported, then --listen=hostname is also not supported and
--listen must be given an IPv4 address.
Incompatible with <em>--inetd</em> option.
</p>
</dd>
<dt>
--port=n
</dt>
<dd>
<p>
Listen on an alternative port. Incompatible with <em>--inetd</em> option.
</p>
</dd>
<dt>
--init-timeout
</dt>
<dd>
<p>
Timeout between the moment the connection is established and the
client request is received (typically a rather low value, since
that should be basically immediate).
</p>
</dd>
<dt>
--timeout
</dt>
<dd>
<p>
Timeout for specific client sub-requests. This includes the time
it takes for the server to process the sub-request and time spent
waiting for next client's request.
</p>
</dd>
<dt>
--syslog
</dt>
<dd>
<p>
Log to syslog instead of stderr. Note that this option does not imply
--verbose, thus by default only error conditions will be logged.
</p>
</dd>
<dt>
--user-path, --user-path=path
</dt>
<dd>
<p>
Allow ~user notation to be used in requests. When
specified with no parameter, requests to
git://host/~alice/foo is taken as a request to access
<em>foo</em> repository in the home directory of user <tt>alice</tt>.
If <tt>--user-path=path</tt> is specified, the same request is
taken as a request to access <tt>path/foo</tt> repository in
the home directory of user <tt>alice</tt>.
</p>
</dd>
<dt>
--verbose
</dt>
<dd>
<p>
Log details about the incoming connections and requested files.
</p>
</dd>
<dt>
--reuseaddr
</dt>
<dd>
<p>
Use SO_REUSEADDR when binding the listening socket.
This allows the server to restart without waiting for
old connections to time out.
</p>
</dd>
<dt>
--detach
</dt>
<dd>
<p>
Detach from the shell. Implies --syslog.
</p>
</dd>
<dt>
--pid-file=file
</dt>
<dd>
<p>
Save the process id in <em>file</em>. Ignored when the daemon
is run under <tt>--inetd</tt>.
</p>
</dd>
<dt>
--user=user, --group=group
</dt>
<dd>
<p>
Change daemon's uid and gid before entering the service loop.
When only <tt>--user</tt> is given without <tt>--group</tt>, the
primary group ID for the user is used. The values of
the option are given to <tt>getpwnam(3)</tt> and <tt>getgrnam(3)</tt>
and numeric IDs are not supported.
</p>
<p>Giving these options is an error when used with <tt>--inetd</tt>; use
the facility of inet daemon to achieve the same before spawning
<tt>git-daemon</tt> if needed.</p>
</dd>
<dt>
--enable=service, --disable=service
</dt>
<dd>
<p>
Enable/disable the service site-wide per default. Note
that a service disabled site-wide can still be enabled
per repository if it is marked overridable and the
repository enables the service with an configuration
item.
</p>
</dd>
<dt>
--allow-override=service, --forbid-override=service
</dt>
<dd>
<p>
Allow/forbid overriding the site-wide default with per
repository configuration. By default, all the services
are overridable.
</p>
</dd>
<dt>
&lt;directory&gt;
</dt>
<dd>
<p>
A directory to add to the whitelist of allowed directories. Unless
--strict-paths is specified this will also include subdirectories
of each named directory.
</p>
</dd>
</dl>
</div>
<h2>SERVICES</h2>
<div class="sectionbody">
<p>These services can be globally enabled/disabled using the
command line options of this command. If a finer-grained
control is desired (e.g. to allow <tt>git-archive</tt> to be run
against only in a few selected repositories the daemon serves),
the per-repository configuration file can be used to enable or
disable them.</p>
<dl>
<dt>
upload-pack
</dt>
<dd>
<p>
This serves <tt>git-fetch-pack</tt> and <tt>git-peek-remote</tt>
clients. It is enabled by default, but a repository can
disable it by setting <tt>daemon.uploadpack</tt> configuration
item to <tt>false</tt>.
</p>
</dd>
<dt>
upload-archive
</dt>
<dd>
<p>
This serves <tt>git-archive --remote</tt>. It is disabled by
default, but a repository can enable it by setting
<tt>daemon.uploadarchive</tt> configuration item to <tt>true</tt>.
</p>
</dd>
<dt>
receive-pack
</dt>
<dd>
<p>
This serves <tt>git-send-pack</tt> clients, allowing anonymous
push. It is disabled by default, as there is _no_
authentication in the protocol (in other words, anybody
can push anything into the repository, including removal
of refs). This is solely meant for a closed LAN setting
where everybody is friendly. This service can be
enabled by <tt>daemon.receivepack</tt> configuration item to
<tt>true</tt>.
</p>
</dd>
</dl>
</div>
<h2>EXAMPLES</h2>
<div class="sectionbody">
<dl>
<dt>
We assume the following in /etc/services
</dt>
<dd>
<div class="listingblock">
<div class="content">
<pre><tt>$ grep 9418 /etc/services
git 9418/tcp # Git Version Control System</tt></pre>
</div></div>
</dd>
<dt>
git-daemon as inetd server
</dt>
<dd>
<p>
To set up <tt>git-daemon</tt> as an inetd service that handles any
repository under the whitelisted set of directories, /pub/foo
and /pub/bar, place an entry like the following into
/etc/inetd all on one line:
</p>
<div class="listingblock">
<div class="content">
<pre><tt> git stream tcp nowait nobody /usr/bin/git-daemon
git-daemon --inetd --verbose --export-all
/pub/foo /pub/bar</tt></pre>
</div></div>
</dd>
<dt>
git-daemon as inetd server for virtual hosts
</dt>
<dd>
<p>
To set up <tt>git-daemon</tt> as an inetd service that handles
repositories for different virtual hosts, <tt>www.example.com</tt>
and <tt>www.example.org</tt>, place an entry like the following into
<tt>/etc/inetd</tt> all on one line:
</p>
<div class="listingblock">
<div class="content">
<pre><tt> git stream tcp nowait nobody /usr/bin/git-daemon
git-daemon --inetd --verbose --export-all
--interpolated-path=/pub/%H%D
/pub/www.example.org/software
/pub/www.example.com/software
/software</tt></pre>
</div></div>
<p>In this example, the root-level directory <tt>/pub</tt> will contain
a subdirectory for each virtual host name supported.
Further, both hosts advertise repositories simply as
<tt>git://www.example.com/software/repo.git</tt>. For pre-1.4.0
clients, a symlink from <tt>/software</tt> into the appropriate
default repository could be made as well.</p>
</dd>
<dt>
git-daemon as regular daemon for virtual hosts
</dt>
<dd>
<p>
To set up <tt>git-daemon</tt> as a regular, non-inetd service that
handles repositories for multiple virtual hosts based on
their IP addresses, start the daemon like this:
</p>
<div class="listingblock">
<div class="content">
<pre><tt> git-daemon --verbose --export-all
--interpolated-path=/pub/%IP/%D
/pub/192.168.1.200/software
/pub/10.10.220.23/software</tt></pre>
</div></div>
<p>In this example, the root-level directory <tt>/pub</tt> will contain
a subdirectory for each virtual host IP address supported.
Repositories can still be accessed by hostname though, assuming
they correspond to these IP addresses.</p>
</dd>
<dt>
selectively enable/disable services per repository
</dt>
<dd>
<p>
To enable <tt>git-archive --remote</tt> and disable <tt>git-fetch</tt> against
a repository, have the following in the configuration file in the
repository (that is the file <em>config</em> next to <em>HEAD</em>, <em>refs</em> and
<em>objects</em>).
</p>
<div class="listingblock">
<div class="content">
<pre><tt> [daemon]
uploadpack = false
uploadarchive = true</tt></pre>
</div></div>
</dd>
</dl>
</div>
<h2>Author</h2>
<div class="sectionbody">
<p>Written by Linus Torvalds &lt;torvalds@osdl.org&gt;, YOSHIFUJI Hideaki
&lt;yoshfuji@linux-ipv6.org&gt; and the git-list &lt;git@vger.kernel.org&gt;</p>
</div>
<h2>Documentation</h2>
<div class="sectionbody">
<p>Documentation by Junio C Hamano and the git-list &lt;git@vger.kernel.org&gt;.</p>
</div>
<h2>GIT</h2>
<div class="sectionbody">
<p>Part of the <a href="git.html">git(7)</a> suite</p>
</div>
<div id="footer">
<div id="footer-text">
Last updated 01-Sep-2007 11:16:24 UTC
</div>
</div>
</body>
</html>