Add Git official document to help

[TortoiseGit.git] / doc / source / en / TortoiseGit / git_doc / git-daemon.html.xml

<?xml version="1.0" encoding="UTF-8"?>\r
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">\r
\r
<article lang="en" id="git-daemon(1)">\r
<articleinfo>\r
    <title>git-daemon(1)</title>\r
        <indexterm>\r
                <primary>git-daemon(1)</primary>\r
        </indexterm>\r
</articleinfo>\r
<simplesect id="_name">\r
<title>NAME</title>\r
<simpara>git-daemon - A really simple server for git repositories</simpara>\r
</simplesect>\r
<simplesect id="_synopsis">\r
<title>SYNOPSIS</title>\r
<blockquote>\r
<literallayout><emphasis>git daemon</emphasis> [--verbose] [--syslog] [--export-all]\r
             [--timeout=n] [--init-timeout=n] [--max-connections=n]\r
             [--strict-paths] [--base-path=path] [--base-path-relaxed]\r
             [--user-path | --user-path=path]\r
             [--interpolated-path=pathtemplate]\r
             [--reuseaddr] [--detach] [--pid-file=file]\r
             [--enable=service] [--disable=service]\r
             [--allow-override=service] [--forbid-override=service]\r
             [--inetd | [--listen=host_or_ipaddr] [--port=n] [--user=user [--group=group]]\r
             [directory&#8230;]</literallayout>\r
</blockquote>\r
</simplesect>\r
<simplesect id="_description">\r
<title>DESCRIPTION</title>\r
<simpara>A really simple TCP git daemon that normally listens on port "DEFAULT_GIT_PORT"\r
aka 9418.  It waits for a connection asking for a service, and will serve\r
that service if it is enabled.</simpara>\r
<simpara>It verifies that the directory has the magic file "git-daemon-export-ok", and\r
it will refuse to export any git directory that hasn&#8217;t explicitly been marked\r
for export this way (unless the <emphasis>--export-all</emphasis> parameter is specified). If you\r
pass some directory paths as <emphasis>git-daemon</emphasis> arguments, you can further restrict\r
the offers to a whitelist comprising of those.</simpara>\r
<simpara>By default, only <literal>upload-pack</literal> service is enabled, which serves\r
<emphasis>git-fetch-pack</emphasis> and <emphasis>git-ls-remote</emphasis> clients, which are invoked\r
from <emphasis>git-fetch</emphasis>, <emphasis>git-pull</emphasis>, and <emphasis>git-clone</emphasis>.</simpara>\r
<simpara>This is ideally suited for read-only updates, i.e., pulling from\r
git repositories.</simpara>\r
<simpara>An <literal>upload-archive</literal> also exists to serve <emphasis>git-archive</emphasis>.</simpara>\r
</simplesect>\r
<simplesect id="_options">\r
<title>OPTIONS</title>\r
<variablelist>\r
<varlistentry>\r
<term>\r
--strict-paths\r
</term>\r
<listitem>\r
<simpara>\r
        Match paths exactly (i.e. don&#8217;t allow "/foo/repo" when the real path is\r
        "/foo/repo.git" or "/foo/repo/.git") and don&#8217;t do user-relative paths.\r
        <emphasis>git-daemon</emphasis> will refuse to start when this option is enabled and no\r
        whitelist is specified.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--base-path\r
</term>\r
<listitem>\r
<simpara>\r
        Remap all the path requests as relative to the given path.\r
        This is sort of "GIT root" - if you run <emphasis>git-daemon</emphasis> with\r
        <emphasis>--base-path=/srv/git</emphasis> on example.com, then if you later try to pull\r
        <emphasis>git://example.com/hello.git</emphasis>, <emphasis>git-daemon</emphasis> will interpret the path\r
        as <emphasis>/srv/git/hello.git</emphasis>.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--base-path-relaxed\r
</term>\r
<listitem>\r
<simpara>\r
        If --base-path is enabled and repo lookup fails, with this option\r
        <emphasis>git-daemon</emphasis> will attempt to lookup without prefixing the base path.\r
        This is useful for switching to --base-path usage, while still\r
        allowing the old paths.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--interpolated-path=pathtemplate\r
</term>\r
<listitem>\r
<simpara>\r
        To support virtual hosting, an interpolated path template can be\r
        used to dynamically construct alternate paths.  The template\r
        supports %H for the target hostname as supplied by the client but\r
        converted to all lowercase, %CH for the canonical hostname,\r
        %IP for the server&#8217;s IP address, %P for the port number,\r
        and %D for the absolute path of the named repository.\r
        After interpolation, the path is validated against the directory\r
        whitelist.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--export-all\r
</term>\r
<listitem>\r
<simpara>\r
        Allow pulling from all directories that look like GIT repositories\r
        (have the <emphasis>objects</emphasis> and <emphasis>refs</emphasis> subdirectories), even if they\r
        do not have the <emphasis>git-daemon-export-ok</emphasis> file.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--inetd\r
</term>\r
<listitem>\r
<simpara>\r
        Have the server run as an inetd service. Implies --syslog.\r
        Incompatible with --port, --listen, --user and --group options.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--listen=host_or_ipaddr\r
</term>\r
<listitem>\r
<simpara>\r
        Listen on an a specific IP address or hostname.  IP addresses can\r
        be either an IPv4 address or an IPV6 address if supported.  If IPv6\r
        is not supported, then --listen=hostname is also not supported and\r
        --listen must be given an IPv4 address.\r
        Incompatible with <emphasis>--inetd</emphasis> option.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--port=n\r
</term>\r
<listitem>\r
<simpara>\r
        Listen on an alternative port.  Incompatible with <emphasis>--inetd</emphasis> option.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--init-timeout\r
</term>\r
<listitem>\r
<simpara>\r
        Timeout between the moment the connection is established and the\r
        client request is received (typically a rather low value, since\r
        that should be basically immediate).\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--timeout\r
</term>\r
<listitem>\r
<simpara>\r
        Timeout for specific client sub-requests. This includes the time\r
        it takes for the server to process the sub-request and time spent\r
        waiting for next client&#8217;s request.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--max-connections\r
</term>\r
<listitem>\r
<simpara>\r
        Maximum number of concurrent clients, defaults to 32.  Set it to\r
        zero for no limit.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--syslog\r
</term>\r
<listitem>\r
<simpara>\r
        Log to syslog instead of stderr. Note that this option does not imply\r
        --verbose, thus by default only error conditions will be logged.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--user-path\r
</term>\r
<term>\r
--user-path=path\r
</term>\r
<listitem>\r
<simpara>\r
        Allow &#126;user notation to be used in requests.  When\r
        specified with no parameter, requests to\r
        git://host/&#126;alice/foo is taken as a request to access\r
        <emphasis>foo</emphasis> repository in the home directory of user <literal>alice</literal>.\r
        If <literal>--user-path=path</literal> is specified, the same request is\r
        taken as a request to access <literal>path/foo</literal> repository in\r
        the home directory of user <literal>alice</literal>.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--verbose\r
</term>\r
<listitem>\r
<simpara>\r
        Log details about the incoming connections and requested files.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--reuseaddr\r
</term>\r
<listitem>\r
<simpara>\r
        Use SO_REUSEADDR when binding the listening socket.\r
        This allows the server to restart without waiting for\r
        old connections to time out.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--detach\r
</term>\r
<listitem>\r
<simpara>\r
        Detach from the shell. Implies --syslog.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--pid-file=file\r
</term>\r
<listitem>\r
<simpara>\r
        Save the process id in <emphasis>file</emphasis>.  Ignored when the daemon\r
        is run under <literal>--inetd</literal>.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--user=user\r
</term>\r
<term>\r
--group=group\r
</term>\r
<listitem>\r
<simpara>\r
        Change daemon&#8217;s uid and gid before entering the service loop.\r
        When only <literal>--user</literal> is given without <literal>--group</literal>, the\r
        primary group ID for the user is used.  The values of\r
        the option are given to <literal>getpwnam(3)</literal> and <literal>getgrnam(3)</literal>\r
        and numeric IDs are not supported.\r
</simpara>\r
<simpara>Giving these options is an error when used with <literal>--inetd</literal>; use\r
the facility of inet daemon to achieve the same before spawning\r
<emphasis>git-daemon</emphasis> if needed.</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--enable=service\r
</term>\r
<term>\r
--disable=service\r
</term>\r
<listitem>\r
<simpara>\r
        Enable/disable the service site-wide per default.  Note\r
        that a service disabled site-wide can still be enabled\r
        per repository if it is marked overridable and the\r
        repository enables the service with an configuration\r
        item.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
--allow-override=service\r
</term>\r
<term>\r
--forbid-override=service\r
</term>\r
<listitem>\r
<simpara>\r
        Allow/forbid overriding the site-wide default with per\r
        repository configuration.  By default, all the services\r
        are overridable.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
&lt;directory&gt;\r
</term>\r
<listitem>\r
<simpara>\r
        A directory to add to the whitelist of allowed directories. Unless\r
        --strict-paths is specified this will also include subdirectories\r
        of each named directory.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
</variablelist>\r
</simplesect>\r
<simplesect id="_services">\r
<title>SERVICES</title>\r
<simpara>These services can be globally enabled/disabled using the\r
command line options of this command.  If a finer-grained\r
control is desired (e.g. to allow <emphasis>git-archive</emphasis> to be run\r
against only in a few selected repositories the daemon serves),\r
the per-repository configuration file can be used to enable or\r
disable them.</simpara>\r
<variablelist>\r
<varlistentry>\r
<term>\r
upload-pack\r
</term>\r
<listitem>\r
<simpara>\r
        This serves <emphasis>git-fetch-pack</emphasis> and <emphasis>git-ls-remote</emphasis>\r
        clients.  It is enabled by default, but a repository can\r
        disable it by setting <literal>daemon.uploadpack</literal> configuration\r
        item to <literal>false</literal>.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
upload-archive\r
</term>\r
<listitem>\r
<simpara>\r
        This serves <emphasis>git-archive --remote</emphasis>.  It is disabled by\r
        default, but a repository can enable it by setting\r
        <literal>daemon.uploadarch</literal> configuration item to <literal>true</literal>.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
receive-pack\r
</term>\r
<listitem>\r
<simpara>\r
        This serves <emphasis>git-send-pack</emphasis> clients, allowing anonymous\r
        push.  It is disabled by default, as there is <emphasis>no</emphasis>\r
        authentication in the protocol (in other words, anybody\r
        can push anything into the repository, including removal\r
        of refs).  This is solely meant for a closed LAN setting\r
        where everybody is friendly.  This service can be\r
        enabled by <literal>daemon.receivepack</literal> configuration item to\r
        <literal>true</literal>.\r
</simpara>\r
</listitem>\r
</varlistentry>\r
</variablelist>\r
</simplesect>\r
<simplesect id="_examples">\r
<title>EXAMPLES</title>\r
<variablelist>\r
<varlistentry>\r
<term>\r
We assume the following in /etc/services\r
</term>\r
<listitem>\r
<literallayout>$ grep 9418 /etc/services\r
git             9418/tcp                # Git Version Control System</literallayout>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
<emphasis>git-daemon</emphasis> as inetd server\r
</term>\r
<listitem>\r
<simpara>\r
        To set up <emphasis>git-daemon</emphasis> as an inetd service that handles any\r
        repository under the whitelisted set of directories, /pub/foo\r
        and /pub/bar, place an entry like the following into\r
        /etc/inetd all on one line:\r
</simpara>\r
<literallayout>        git stream tcp nowait nobody  /usr/bin/git\r
                git daemon --inetd --verbose --export-all\r
                /pub/foo /pub/bar</literallayout>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
<emphasis>git-daemon</emphasis> as inetd server for virtual hosts\r
</term>\r
<listitem>\r
<simpara>\r
        To set up <emphasis>git-daemon</emphasis> as an inetd service that handles\r
        repositories for different virtual hosts, <literal>www.example.com</literal>\r
        and <literal>www.example.org</literal>, place an entry like the following into\r
        <literal>/etc/inetd</literal> all on one line:\r
</simpara>\r
<literallayout>        git stream tcp nowait nobody /usr/bin/git\r
                git daemon --inetd --verbose --export-all\r
                --interpolated-path=/pub/%H%D\r
                /pub/www.example.org/software\r
                /pub/www.example.com/software\r
                /software</literallayout>\r
<simpara>In this example, the root-level directory <literal>/pub</literal> will contain\r
a subdirectory for each virtual host name supported.\r
Further, both hosts advertise repositories simply as\r
<literal>git://www.example.com/software/repo.git</literal>.  For pre-1.4.0\r
clients, a symlink from <literal>/software</literal> into the appropriate\r
default repository could be made as well.</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
<emphasis>git-daemon</emphasis> as regular daemon for virtual hosts\r
</term>\r
<listitem>\r
<simpara>\r
        To set up <emphasis>git-daemon</emphasis> as a regular, non-inetd service that\r
        handles repositories for multiple virtual hosts based on\r
        their IP addresses, start the daemon like this:\r
</simpara>\r
<literallayout>        git daemon --verbose --export-all\r
                --interpolated-path=/pub/%IP/%D\r
                /pub/192.168.1.200/software\r
                /pub/10.10.220.23/software</literallayout>\r
<simpara>In this example, the root-level directory <literal>/pub</literal> will contain\r
a subdirectory for each virtual host IP address supported.\r
Repositories can still be accessed by hostname though, assuming\r
they correspond to these IP addresses.</simpara>\r
</listitem>\r
</varlistentry>\r
<varlistentry>\r
<term>\r
selectively enable/disable services per repository\r
</term>\r
<listitem>\r
<simpara>\r
        To enable <emphasis>git-archive --remote</emphasis> and disable <emphasis>git-fetch</emphasis> against\r
        a repository, have the following in the configuration file in the\r
        repository (that is the file <emphasis>config</emphasis> next to <emphasis>HEAD</emphasis>, <emphasis>refs</emphasis> and\r
        <emphasis>objects</emphasis>).\r
</simpara>\r
<literallayout>        [daemon]\r
                uploadpack = false\r
                uploadarch = true</literallayout>\r
</listitem>\r
</varlistentry>\r
</variablelist>\r
</simplesect>\r
<simplesect id="_environment">\r
<title>ENVIRONMENT</title>\r
<simpara><emphasis>git-daemon</emphasis> will set REMOTE_ADDR to the IP address of the client\r
that connected to it, if the IP address is available. REMOTE_ADDR will\r
be available in the environment of hooks called when\r
services are performed.</simpara>\r
</simplesect>\r
<simplesect id="_author">\r
<title>Author</title>\r
<simpara>Written by Linus Torvalds &lt;<ulink url="mailto:torvalds@osdl.org">torvalds@osdl.org</ulink>&gt;, YOSHIFUJI Hideaki\r
&lt;<ulink url="mailto:yoshfuji@linux-ipv6.org">yoshfuji@linux-ipv6.org</ulink>&gt; and the git-list &lt;<ulink url="mailto:git@vger.kernel.org">git@vger.kernel.org</ulink>&gt;</simpara>\r
</simplesect>\r
<simplesect id="_documentation">\r
<title>Documentation</title>\r
<simpara>Documentation by Junio C Hamano and the git-list &lt;<ulink url="mailto:git@vger.kernel.org">git@vger.kernel.org</ulink>&gt;.</simpara>\r
</simplesect>\r
<simplesect id="_git">\r
<title>GIT</title>\r
<simpara>Part of the <xref linkend="git(1)"/> suite</simpara>\r
</simplesect>\r
</article>\r