<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="generator" content="AsciiDoc 8.4.5" /> <title>git-daemon(1)</title> <style type="text/css"> /* Debug borders */ p, li, dt, dd, div, pre, h1, h2, h3, h4, h5, h6 { /* border: 1px solid red; */ } body { margin: 1em 5% 1em 5%; } a { color: blue; text-decoration: underline; } a:visited { color: fuchsia; } em { font-style: italic; color: navy; } strong { font-weight: bold; color: #083194; } tt { color: navy; } h1, h2, h3, h4, h5, h6 { color: #527bbd; font-family: sans-serif; margin-top: 1.2em; margin-bottom: 0.5em; line-height: 1.3; } h1, h2, h3 { border-bottom: 2px solid silver; } h2 { padding-top: 0.5em; } h3 { float: left; } h3 + * { clear: left; } div.sectionbody { font-family: serif; margin-left: 0; } hr { border: 1px solid silver; } p { margin-top: 0.5em; margin-bottom: 0.5em; } ul, ol, li > p { margin-top: 0; } pre { padding: 0; margin: 0; } span#author { color: #527bbd; font-family: sans-serif; font-weight: bold; font-size: 1.1em; } span#email { } span#revnumber, span#revdate, span#revremark { font-family: sans-serif; } div#footer { font-family: sans-serif; font-size: small; border-top: 2px solid silver; padding-top: 0.5em; margin-top: 4.0em; } div#footer-text { float: left; padding-bottom: 0.5em; } div#footer-badges { float: right; padding-bottom: 0.5em; } div#preamble { margin-top: 1.5em; margin-bottom: 1.5em; } div.tableblock, div.imageblock, div.exampleblock, div.verseblock, div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock, div.admonitionblock { margin-top: 1.5em; margin-bottom: 1.5em; } div.admonitionblock { margin-top: 2.5em; margin-bottom: 2.5em; } div.content { /* Block element content. */ padding: 0; } /* Block element titles. */ div.title, caption.title { color: #527bbd; font-family: sans-serif; font-weight: bold; text-align: left; margin-top: 1.0em; margin-bottom: 0.5em; } div.title + * { margin-top: 0; } td div.title:first-child { margin-top: 0.0em; } div.content div.title:first-child { margin-top: 0.0em; } div.content + div.title { margin-top: 0.0em; } div.sidebarblock > div.content { background: #ffffee; border: 1px solid silver; padding: 0.5em; } div.listingblock > div.content { border: 1px solid silver; background: #f4f4f4; padding: 0.5em; } div.quoteblock { padding-left: 2.0em; margin-right: 10%; } div.quoteblock > div.attribution { padding-top: 0.5em; text-align: right; } div.verseblock { padding-left: 2.0em; margin-right: 10%; } div.verseblock > div.content { white-space: pre; } div.verseblock > div.attribution { padding-top: 0.75em; text-align: left; } /* DEPRECATED: Pre version 8.2.7 verse style literal block. */ div.verseblock + div.attribution { text-align: left; } div.admonitionblock .icon { vertical-align: top; font-size: 1.1em; font-weight: bold; text-decoration: underline; color: #527bbd; padding-right: 0.5em; } div.admonitionblock td.content { padding-left: 0.5em; border-left: 2px solid silver; } div.exampleblock > div.content { border-left: 2px solid silver; padding: 0.5em; } div.imageblock div.content { padding-left: 0; } span.image img { border-style: none; } a.image:visited { color: white; } dl { margin-top: 0.8em; margin-bottom: 0.8em; } dt { margin-top: 0.5em; margin-bottom: 0; font-style: normal; color: navy; } dd > *:first-child { margin-top: 0.1em; } ul, ol { list-style-position: outside; } ol.arabic { list-style-type: decimal; } ol.loweralpha { list-style-type: lower-alpha; } ol.upperalpha { list-style-type: upper-alpha; } ol.lowerroman { list-style-type: lower-roman; } ol.upperroman { list-style-type: upper-roman; } div.compact ul, div.compact ol, div.compact p, div.compact p, div.compact div, div.compact div { margin-top: 0.1em; margin-bottom: 0.1em; } div.tableblock > table { border: 3px solid #527bbd; } thead { font-family: sans-serif; font-weight: bold; } tfoot { font-weight: bold; } td > div.verse { white-space: pre; } p.table { margin-top: 0; } /* Because the table frame attribute is overriden by CSS in most browsers. */ div.tableblock > table[frame="void"] { border-style: none; } div.tableblock > table[frame="hsides"] { border-left-style: none; border-right-style: none; } div.tableblock > table[frame="vsides"] { border-top-style: none; border-bottom-style: none; } div.hdlist { margin-top: 0.8em; margin-bottom: 0.8em; } div.hdlist tr { padding-bottom: 15px; } dt.hdlist1.strong, td.hdlist1.strong { font-weight: bold; } td.hdlist1 { vertical-align: top; font-style: normal; padding-right: 0.8em; color: navy; } td.hdlist2 { vertical-align: top; } div.hdlist.compact tr { margin: 0; padding-bottom: 0; } .comment { background: yellow; } @media print { div#footer-badges { display: none; } } div#toctitle { color: #527bbd; font-family: sans-serif; font-size: 1.1em; font-weight: bold; margin-top: 1.0em; margin-bottom: 0.1em; } div.toclevel1, div.toclevel2, div.toclevel3, div.toclevel4 { margin-top: 0; margin-bottom: 0; } div.toclevel2 { margin-left: 2em; font-size: 0.9em; } div.toclevel3 { margin-left: 4em; font-size: 0.9em; } div.toclevel4 { margin-left: 6em; font-size: 0.9em; } /* Overrides for manpage documents */ h1 { padding-top: 0.5em; padding-bottom: 0.5em; border-top: 2px solid silver; border-bottom: 2px solid silver; } h2 { border-style: none; } div.sectionbody { margin-left: 5%; } @media print { div#toc { display: none; } } /* Workarounds for IE6's broken and incomplete CSS2. */ div.sidebar-content { background: #ffffee; border: 1px solid silver; padding: 0.5em; } div.sidebar-title, div.image-title { color: #527bbd; font-family: sans-serif; font-weight: bold; margin-top: 0.0em; margin-bottom: 0.5em; } div.listingblock div.content { border: 1px solid silver; background: #f4f4f4; padding: 0.5em; } div.quoteblock-attribution { padding-top: 0.5em; text-align: right; } div.verseblock-content { white-space: pre; } div.verseblock-attribution { padding-top: 0.75em; text-align: left; } div.exampleblock-content { border-left: 2px solid silver; padding-left: 0.5em; } /* IE6 sets dynamically generated links as visited. */ div#toc a:visited { color: blue; } </style> </head> <body> <div id="header"> <h1> git-daemon(1) Manual Page </h1> <h2>NAME</h2> <div class="sectionbody"> <p>git-daemon - A really simple server for git repositories </p> </div> </div> <h2 id="_synopsis">SYNOPSIS</h2> <div class="sectionbody"> <div class="verseblock"> <div class="verseblock-content"><em>git daemon</em> [--verbose] [--syslog] [--export-all] [--timeout=<n>] [--init-timeout=<n>] [--max-connections=<n>] [--strict-paths] [--base-path=<path>] [--base-path-relaxed] [--user-path | --user-path=<path>] [--interpolated-path=<pathtemplate>] [--reuseaddr] [--detach] [--pid-file=<file>] [--enable=<service>] [--disable=<service>] [--allow-override=<service>] [--forbid-override=<service>] [--inetd | [--listen=<host_or_ipaddr>] [--port=<n>] [--user=<user> [--group=<group>]] [<directory>…]</div> <div class="verseblock-attribution"> </div></div> </div> <h2 id="_description">DESCRIPTION</h2> <div class="sectionbody"> <div class="paragraph"><p>A really simple TCP git daemon that normally listens on port "DEFAULT_GIT_PORT" aka 9418. It waits for a connection asking for a service, and will serve that service if it is enabled.</p></div> <div class="paragraph"><p>It verifies that the directory has the magic file "git-daemon-export-ok", and it will refuse to export any git directory that hasn’t explicitly been marked for export this way (unless the <em>--export-all</em> parameter is specified). If you pass some directory paths as <em>git daemon</em> arguments, you can further restrict the offers to a whitelist comprising of those.</p></div> <div class="paragraph"><p>By default, only <tt>upload-pack</tt> service is enabled, which serves <em>git fetch-pack</em> and <em>git ls-remote</em> clients, which are invoked from <em>git fetch</em>, <em>git pull</em>, and <em>git clone</em>.</p></div> <div class="paragraph"><p>This is ideally suited for read-only updates, i.e., pulling from git repositories.</p></div> <div class="paragraph"><p>An <tt>upload-archive</tt> also exists to serve <em>git archive</em>.</p></div> </div> <h2 id="_options">OPTIONS</h2> <div class="sectionbody"> <div class="dlist"><dl> <dt class="hdlist1"> --strict-paths </dt> <dd> <p> Match paths exactly (i.e. don’t allow "/foo/repo" when the real path is "/foo/repo.git" or "/foo/repo/.git") and don’t do user-relative paths. <em>git daemon</em> will refuse to start when this option is enabled and no whitelist is specified. </p> </dd> <dt class="hdlist1"> --base-path=<path> </dt> <dd> <p> Remap all the path requests as relative to the given path. This is sort of "GIT root" - if you run <em>git daemon</em> with <em>--base-path=/srv/git</em> on example.com, then if you later try to pull <em>git://example.com/hello.git</em>, <em>git daemon</em> will interpret the path as <em>/srv/git/hello.git</em>. </p> </dd> <dt class="hdlist1"> --base-path-relaxed </dt> <dd> <p> If --base-path is enabled and repo lookup fails, with this option <em>git daemon</em> will attempt to lookup without prefixing the base path. This is useful for switching to --base-path usage, while still allowing the old paths. </p> </dd> <dt class="hdlist1"> --interpolated-path=<pathtemplate> </dt> <dd> <p> To support virtual hosting, an interpolated path template can be used to dynamically construct alternate paths. The template supports %H for the target hostname as supplied by the client but converted to all lowercase, %CH for the canonical hostname, %IP for the server’s IP address, %P for the port number, and %D for the absolute path of the named repository. After interpolation, the path is validated against the directory whitelist. </p> </dd> <dt class="hdlist1"> --export-all </dt> <dd> <p> Allow pulling from all directories that look like GIT repositories (have the <em>objects</em> and <em>refs</em> subdirectories), even if they do not have the <em>git-daemon-export-ok</em> file. </p> </dd> <dt class="hdlist1"> --inetd </dt> <dd> <p> Have the server run as an inetd service. Implies --syslog. Incompatible with --detach, --port, --listen, --user and --group options. </p> </dd> <dt class="hdlist1"> --listen=<host_or_ipaddr> </dt> <dd> <p> Listen on a specific IP address or hostname. IP addresses can be either an IPv4 address or an IPv6 address if supported. If IPv6 is not supported, then --listen=hostname is also not supported and --listen must be given an IPv4 address. Can be given more than once. Incompatible with <em>--inetd</em> option. </p> </dd> <dt class="hdlist1"> --port=<n> </dt> <dd> <p> Listen on an alternative port. Incompatible with <em>--inetd</em> option. </p> </dd> <dt class="hdlist1"> --init-timeout=<n> </dt> <dd> <p> Timeout between the moment the connection is established and the client request is received (typically a rather low value, since that should be basically immediate). </p> </dd> <dt class="hdlist1"> --timeout=<n> </dt> <dd> <p> Timeout for specific client sub-requests. This includes the time it takes for the server to process the sub-request and the time spent waiting for the next client’s request. </p> </dd> <dt class="hdlist1"> --max-connections=<n> </dt> <dd> <p> Maximum number of concurrent clients, defaults to 32. Set it to zero for no limit. </p> </dd> <dt class="hdlist1"> --syslog </dt> <dd> <p> Log to syslog instead of stderr. Note that this option does not imply --verbose, thus by default only error conditions will be logged. </p> </dd> <dt class="hdlist1"> --user-path </dt> <dt class="hdlist1"> --user-path=<path> </dt> <dd> <p> Allow ~user notation to be used in requests. When specified with no parameter, requests to git://host/~alice/foo is taken as a request to access <em>foo</em> repository in the home directory of user <tt>alice</tt>. If <tt>--user-path=path</tt> is specified, the same request is taken as a request to access <tt>path/foo</tt> repository in the home directory of user <tt>alice</tt>. </p> </dd> <dt class="hdlist1"> --verbose </dt> <dd> <p> Log details about the incoming connections and requested files. </p> </dd> <dt class="hdlist1"> --reuseaddr </dt> <dd> <p> Use SO_REUSEADDR when binding the listening socket. This allows the server to restart without waiting for old connections to time out. </p> </dd> <dt class="hdlist1"> --detach </dt> <dd> <p> Detach from the shell. Implies --syslog. </p> </dd> <dt class="hdlist1"> --pid-file=<file> </dt> <dd> <p> Save the process id in <em>file</em>. Ignored when the daemon is run under <tt>--inetd</tt>. </p> </dd> <dt class="hdlist1"> --user=<user> </dt> <dt class="hdlist1"> --group=<group> </dt> <dd> <p> Change daemon’s uid and gid before entering the service loop. When only <tt>--user</tt> is given without <tt>--group</tt>, the primary group ID for the user is used. The values of the option are given to <tt>getpwnam(3)</tt> and <tt>getgrnam(3)</tt> and numeric IDs are not supported. </p> <div class="paragraph"><p>Giving these options is an error when used with <tt>--inetd</tt>; use the facility of inet daemon to achieve the same before spawning <em>git daemon</em> if needed.</p></div> </dd> <dt class="hdlist1"> --enable=<service> </dt> <dt class="hdlist1"> --disable=<service> </dt> <dd> <p> Enable/disable the service site-wide per default. Note that a service disabled site-wide can still be enabled per repository if it is marked overridable and the repository enables the service with a configuration item. </p> </dd> <dt class="hdlist1"> --allow-override=<service> </dt> <dt class="hdlist1"> --forbid-override=<service> </dt> <dd> <p> Allow/forbid overriding the site-wide default with per repository configuration. By default, all the services are overridable. </p> </dd> <dt class="hdlist1"> <directory> </dt> <dd> <p> A directory to add to the whitelist of allowed directories. Unless --strict-paths is specified this will also include subdirectories of each named directory. </p> </dd> </dl></div> </div> <h2 id="_services">SERVICES</h2> <div class="sectionbody"> <div class="paragraph"><p>These services can be globally enabled/disabled using the command line options of this command. If a finer-grained control is desired (e.g. to allow <em>git archive</em> to be run against only in a few selected repositories the daemon serves), the per-repository configuration file can be used to enable or disable them.</p></div> <div class="dlist"><dl> <dt class="hdlist1"> upload-pack </dt> <dd> <p> This serves <em>git fetch-pack</em> and <em>git ls-remote</em> clients. It is enabled by default, but a repository can disable it by setting <tt>daemon.uploadpack</tt> configuration item to <tt>false</tt>. </p> </dd> <dt class="hdlist1"> upload-archive </dt> <dd> <p> This serves <em>git archive --remote</em>. It is disabled by default, but a repository can enable it by setting <tt>daemon.uploadarch</tt> configuration item to <tt>true</tt>. </p> </dd> <dt class="hdlist1"> receive-pack </dt> <dd> <p> This serves <em>git send-pack</em> clients, allowing anonymous push. It is disabled by default, as there is <em>no</em> authentication in the protocol (in other words, anybody can push anything into the repository, including removal of refs). This is solely meant for a closed LAN setting where everybody is friendly. This service can be enabled by <tt>daemon.receivepack</tt> configuration item to <tt>true</tt>. </p> </dd> </dl></div> </div> <h2 id="_examples">EXAMPLES</h2> <div class="sectionbody"> <div class="dlist"><dl> <dt class="hdlist1"> We assume the following in /etc/services </dt> <dd> <div class="listingblock"> <div class="content"> <pre><tt>$ grep 9418 /etc/services git 9418/tcp # Git Version Control System</tt></pre> </div></div> </dd> <dt class="hdlist1"> <em>git daemon</em> as inetd server </dt> <dd> <p> To set up <em>git daemon</em> as an inetd service that handles any repository under the whitelisted set of directories, /pub/foo and /pub/bar, place an entry like the following into /etc/inetd all on one line: </p> <div class="listingblock"> <div class="content"> <pre><tt> git stream tcp nowait nobody /usr/bin/git git daemon --inetd --verbose --export-all /pub/foo /pub/bar</tt></pre> </div></div> </dd> <dt class="hdlist1"> <em>git daemon</em> as inetd server for virtual hosts </dt> <dd> <p> To set up <em>git daemon</em> as an inetd service that handles repositories for different virtual hosts, <tt>www.example.com</tt> and <tt>www.example.org</tt>, place an entry like the following into <tt>/etc/inetd</tt> all on one line: </p> <div class="listingblock"> <div class="content"> <pre><tt> git stream tcp nowait nobody /usr/bin/git git daemon --inetd --verbose --export-all --interpolated-path=/pub/%H%D /pub/www.example.org/software /pub/www.example.com/software /software</tt></pre> </div></div> <div class="paragraph"><p>In this example, the root-level directory <tt>/pub</tt> will contain a subdirectory for each virtual host name supported. Further, both hosts advertise repositories simply as <tt>git://www.example.com/software/repo.git</tt>. For pre-1.4.0 clients, a symlink from <tt>/software</tt> into the appropriate default repository could be made as well.</p></div> </dd> <dt class="hdlist1"> <em>git daemon</em> as regular daemon for virtual hosts </dt> <dd> <p> To set up <em>git daemon</em> as a regular, non-inetd service that handles repositories for multiple virtual hosts based on their IP addresses, start the daemon like this: </p> <div class="listingblock"> <div class="content"> <pre><tt> git daemon --verbose --export-all --interpolated-path=/pub/%IP/%D /pub/192.168.1.200/software /pub/10.10.220.23/software</tt></pre> </div></div> <div class="paragraph"><p>In this example, the root-level directory <tt>/pub</tt> will contain a subdirectory for each virtual host IP address supported. Repositories can still be accessed by hostname though, assuming they correspond to these IP addresses.</p></div> </dd> <dt class="hdlist1"> selectively enable/disable services per repository </dt> <dd> <p> To enable <em>git archive --remote</em> and disable <em>git fetch</em> against a repository, have the following in the configuration file in the repository (that is the file <em>config</em> next to <em>HEAD</em>, <em>refs</em> and <em>objects</em>). </p> <div class="listingblock"> <div class="content"> <pre><tt> [daemon] uploadpack = false uploadarch = true</tt></pre> </div></div> </dd> </dl></div> </div> <h2 id="_environment">ENVIRONMENT</h2> <div class="sectionbody"> <div class="paragraph"><p><em>git daemon</em> will set REMOTE_ADDR to the IP address of the client that connected to it, if the IP address is available. REMOTE_ADDR will be available in the environment of hooks called when services are performed.</p></div> </div> <h2 id="_git">GIT</h2> <div class="sectionbody"> <div class="paragraph"><p>Part of the <a href="git.html">git(1)</a> suite</p></div> </div> <div id="footer"> <div id="footer-text"> Last updated 2011-04-19 22:26:58 UTC </div> </div> </body> </html>