1 <?xml version="1.0" encoding="UTF-8"?>
\r
2 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
\r
4 <article lang="en" id="git-daemon(1)">
\r
6 <title>git-daemon(1)</title>
\r
8 <primary>git-daemon(1)</primary>
\r
11 <simplesect id="_name">
\r
13 <simpara>git-daemon - A really simple server for git repositories</simpara>
\r
15 <simplesect id="_synopsis">
\r
16 <title>SYNOPSIS</title>
\r
18 <literallayout><emphasis>git daemon</emphasis> [--verbose] [--syslog] [--export-all]
\r
19 [--timeout=n] [--init-timeout=n] [--max-connections=n]
\r
20 [--strict-paths] [--base-path=path] [--base-path-relaxed]
\r
21 [--user-path | --user-path=path]
\r
22 [--interpolated-path=pathtemplate]
\r
23 [--reuseaddr] [--detach] [--pid-file=file]
\r
24 [--enable=service] [--disable=service]
\r
25 [--allow-override=service] [--forbid-override=service]
\r
26 [--inetd | [--listen=host_or_ipaddr] [--port=n] [--user=user [--group=group]]
\r
27 [directory…]</literallayout>
\r
30 <simplesect id="_description">
\r
31 <title>DESCRIPTION</title>
\r
32 <simpara>A really simple TCP git daemon that normally listens on port "DEFAULT_GIT_PORT"
\r
33 aka 9418. It waits for a connection asking for a service, and will serve
\r
34 that service if it is enabled.</simpara>
\r
35 <simpara>It verifies that the directory has the magic file "git-daemon-export-ok", and
\r
36 it will refuse to export any git directory that hasn’t explicitly been marked
\r
37 for export this way (unless the <emphasis>--export-all</emphasis> parameter is specified). If you
\r
38 pass some directory paths as <emphasis>git-daemon</emphasis> arguments, you can further restrict
\r
39 the offers to a whitelist comprising of those.</simpara>
\r
40 <simpara>By default, only <literal>upload-pack</literal> service is enabled, which serves
\r
41 <emphasis>git-fetch-pack</emphasis> and <emphasis>git-ls-remote</emphasis> clients, which are invoked
\r
42 from <emphasis>git-fetch</emphasis>, <emphasis>git-pull</emphasis>, and <emphasis>git-clone</emphasis>.</simpara>
\r
43 <simpara>This is ideally suited for read-only updates, i.e., pulling from
\r
44 git repositories.</simpara>
\r
45 <simpara>An <literal>upload-archive</literal> also exists to serve <emphasis>git-archive</emphasis>.</simpara>
\r
47 <simplesect id="_options">
\r
48 <title>OPTIONS</title>
\r
56 Match paths exactly (i.e. don’t allow "/foo/repo" when the real path is
\r
57 "/foo/repo.git" or "/foo/repo/.git") and don’t do user-relative paths.
\r
58 <emphasis>git-daemon</emphasis> will refuse to start when this option is enabled and no
\r
59 whitelist is specified.
\r
69 Remap all the path requests as relative to the given path.
\r
70 This is sort of "GIT root" - if you run <emphasis>git-daemon</emphasis> with
\r
71 <emphasis>--base-path=/srv/git</emphasis> on example.com, then if you later try to pull
\r
72 <emphasis>git://example.com/hello.git</emphasis>, <emphasis>git-daemon</emphasis> will interpret the path
\r
73 as <emphasis>/srv/git/hello.git</emphasis>.
\r
83 If --base-path is enabled and repo lookup fails, with this option
\r
84 <emphasis>git-daemon</emphasis> will attempt to lookup without prefixing the base path.
\r
85 This is useful for switching to --base-path usage, while still
\r
86 allowing the old paths.
\r
92 --interpolated-path=pathtemplate
\r
96 To support virtual hosting, an interpolated path template can be
\r
97 used to dynamically construct alternate paths. The template
\r
98 supports %H for the target hostname as supplied by the client but
\r
99 converted to all lowercase, %CH for the canonical hostname,
\r
100 %IP for the server’s IP address, %P for the port number,
\r
101 and %D for the absolute path of the named repository.
\r
102 After interpolation, the path is validated against the directory
\r
113 Allow pulling from all directories that look like GIT repositories
\r
114 (have the <emphasis>objects</emphasis> and <emphasis>refs</emphasis> subdirectories), even if they
\r
115 do not have the <emphasis>git-daemon-export-ok</emphasis> file.
\r
125 Have the server run as an inetd service. Implies --syslog.
\r
126 Incompatible with --port, --listen, --user and --group options.
\r
132 --listen=host_or_ipaddr
\r
136 Listen on an a specific IP address or hostname. IP addresses can
\r
137 be either an IPv4 address or an IPV6 address if supported. If IPv6
\r
138 is not supported, then --listen=hostname is also not supported and
\r
139 --listen must be given an IPv4 address.
\r
140 Incompatible with <emphasis>--inetd</emphasis> option.
\r
150 Listen on an alternative port. Incompatible with <emphasis>--inetd</emphasis> option.
\r
160 Timeout between the moment the connection is established and the
\r
161 client request is received (typically a rather low value, since
\r
162 that should be basically immediate).
\r
172 Timeout for specific client sub-requests. This includes the time
\r
173 it takes for the server to process the sub-request and time spent
\r
174 waiting for next client’s request.
\r
184 Maximum number of concurrent clients, defaults to 32. Set it to
\r
195 Log to syslog instead of stderr. Note that this option does not imply
\r
196 --verbose, thus by default only error conditions will be logged.
\r
209 Allow ~user notation to be used in requests. When
\r
210 specified with no parameter, requests to
\r
211 git://host/~alice/foo is taken as a request to access
\r
212 <emphasis>foo</emphasis> repository in the home directory of user <literal>alice</literal>.
\r
213 If <literal>--user-path=path</literal> is specified, the same request is
\r
214 taken as a request to access <literal>path/foo</literal> repository in
\r
215 the home directory of user <literal>alice</literal>.
\r
225 Log details about the incoming connections and requested files.
\r
235 Use SO_REUSEADDR when binding the listening socket.
\r
236 This allows the server to restart without waiting for
\r
237 old connections to time out.
\r
247 Detach from the shell. Implies --syslog.
\r
257 Save the process id in <emphasis>file</emphasis>. Ignored when the daemon
\r
258 is run under <literal>--inetd</literal>.
\r
271 Change daemon’s uid and gid before entering the service loop.
\r
272 When only <literal>--user</literal> is given without <literal>--group</literal>, the
\r
273 primary group ID for the user is used. The values of
\r
274 the option are given to <literal>getpwnam(3)</literal> and <literal>getgrnam(3)</literal>
\r
275 and numeric IDs are not supported.
\r
277 <simpara>Giving these options is an error when used with <literal>--inetd</literal>; use
\r
278 the facility of inet daemon to achieve the same before spawning
\r
279 <emphasis>git-daemon</emphasis> if needed.</simpara>
\r
291 Enable/disable the service site-wide per default. Note
\r
292 that a service disabled site-wide can still be enabled
\r
293 per repository if it is marked overridable and the
\r
294 repository enables the service with an configuration
\r
301 --allow-override=service
\r
304 --forbid-override=service
\r
308 Allow/forbid overriding the site-wide default with per
\r
309 repository configuration. By default, all the services
\r
320 A directory to add to the whitelist of allowed directories. Unless
\r
321 --strict-paths is specified this will also include subdirectories
\r
322 of each named directory.
\r
328 <simplesect id="_services">
\r
329 <title>SERVICES</title>
\r
330 <simpara>These services can be globally enabled/disabled using the
\r
331 command line options of this command. If a finer-grained
\r
332 control is desired (e.g. to allow <emphasis>git-archive</emphasis> to be run
\r
333 against only in a few selected repositories the daemon serves),
\r
334 the per-repository configuration file can be used to enable or
\r
335 disable them.</simpara>
\r
343 This serves <emphasis>git-fetch-pack</emphasis> and <emphasis>git-ls-remote</emphasis>
\r
344 clients. It is enabled by default, but a repository can
\r
345 disable it by setting <literal>daemon.uploadpack</literal> configuration
\r
346 item to <literal>false</literal>.
\r
356 This serves <emphasis>git-archive --remote</emphasis>. It is disabled by
\r
357 default, but a repository can enable it by setting
\r
358 <literal>daemon.uploadarch</literal> configuration item to <literal>true</literal>.
\r
368 This serves <emphasis>git-send-pack</emphasis> clients, allowing anonymous
\r
369 push. It is disabled by default, as there is <emphasis>no</emphasis>
\r
370 authentication in the protocol (in other words, anybody
\r
371 can push anything into the repository, including removal
\r
372 of refs). This is solely meant for a closed LAN setting
\r
373 where everybody is friendly. This service can be
\r
374 enabled by <literal>daemon.receivepack</literal> configuration item to
\r
375 <literal>true</literal>.
\r
381 <simplesect id="_examples">
\r
382 <title>EXAMPLES</title>
\r
386 We assume the following in /etc/services
\r
389 <literallayout>$ grep 9418 /etc/services
\r
390 git 9418/tcp # Git Version Control System</literallayout>
\r
395 <emphasis>git-daemon</emphasis> as inetd server
\r
399 To set up <emphasis>git-daemon</emphasis> as an inetd service that handles any
\r
400 repository under the whitelisted set of directories, /pub/foo
\r
401 and /pub/bar, place an entry like the following into
\r
402 /etc/inetd all on one line:
\r
404 <literallayout> git stream tcp nowait nobody /usr/bin/git
\r
405 git daemon --inetd --verbose --export-all
\r
406 /pub/foo /pub/bar</literallayout>
\r
411 <emphasis>git-daemon</emphasis> as inetd server for virtual hosts
\r
415 To set up <emphasis>git-daemon</emphasis> as an inetd service that handles
\r
416 repositories for different virtual hosts, <literal>www.example.com</literal>
\r
417 and <literal>www.example.org</literal>, place an entry like the following into
\r
418 <literal>/etc/inetd</literal> all on one line:
\r
420 <literallayout> git stream tcp nowait nobody /usr/bin/git
\r
421 git daemon --inetd --verbose --export-all
\r
422 --interpolated-path=/pub/%H%D
\r
423 /pub/www.example.org/software
\r
424 /pub/www.example.com/software
\r
425 /software</literallayout>
\r
426 <simpara>In this example, the root-level directory <literal>/pub</literal> will contain
\r
427 a subdirectory for each virtual host name supported.
\r
428 Further, both hosts advertise repositories simply as
\r
429 <literal>git://www.example.com/software/repo.git</literal>. For pre-1.4.0
\r
430 clients, a symlink from <literal>/software</literal> into the appropriate
\r
431 default repository could be made as well.</simpara>
\r
436 <emphasis>git-daemon</emphasis> as regular daemon for virtual hosts
\r
440 To set up <emphasis>git-daemon</emphasis> as a regular, non-inetd service that
\r
441 handles repositories for multiple virtual hosts based on
\r
442 their IP addresses, start the daemon like this:
\r
444 <literallayout> git daemon --verbose --export-all
\r
445 --interpolated-path=/pub/%IP/%D
\r
446 /pub/192.168.1.200/software
\r
447 /pub/10.10.220.23/software</literallayout>
\r
448 <simpara>In this example, the root-level directory <literal>/pub</literal> will contain
\r
449 a subdirectory for each virtual host IP address supported.
\r
450 Repositories can still be accessed by hostname though, assuming
\r
451 they correspond to these IP addresses.</simpara>
\r
456 selectively enable/disable services per repository
\r
460 To enable <emphasis>git-archive --remote</emphasis> and disable <emphasis>git-fetch</emphasis> against
\r
461 a repository, have the following in the configuration file in the
\r
462 repository (that is the file <emphasis>config</emphasis> next to <emphasis>HEAD</emphasis>, <emphasis>refs</emphasis> and
\r
463 <emphasis>objects</emphasis>).
\r
465 <literallayout> [daemon]
\r
467 uploadarch = true</literallayout>
\r
472 <simplesect id="_environment">
\r
473 <title>ENVIRONMENT</title>
\r
474 <simpara><emphasis>git-daemon</emphasis> will set REMOTE_ADDR to the IP address of the client
\r
475 that connected to it, if the IP address is available. REMOTE_ADDR will
\r
476 be available in the environment of hooks called when
\r
477 services are performed.</simpara>
\r
479 <simplesect id="_author">
\r
480 <title>Author</title>
\r
481 <simpara>Written by Linus Torvalds <<ulink url="mailto:torvalds@osdl.org">torvalds@osdl.org</ulink>>, YOSHIFUJI Hideaki
\r
482 <<ulink url="mailto:yoshfuji@linux-ipv6.org">yoshfuji@linux-ipv6.org</ulink>> and the git-list <<ulink url="mailto:git@vger.kernel.org">git@vger.kernel.org</ulink>></simpara>
\r
484 <simplesect id="_documentation">
\r
485 <title>Documentation</title>
\r
486 <simpara>Documentation by Junio C Hamano and the git-list <<ulink url="mailto:git@vger.kernel.org">git@vger.kernel.org</ulink>>.</simpara>
\r
488 <simplesect id="_git">
\r
490 <simpara>Part of the <xref linkend="git(1)"/> suite</simpara>
\r