WEB-INF/data/gitblit.properties
.WEB-INF/data/gitblit.properties
in your favorite text editor and make sure to review and set:
By default, Gitblit WAR stores all data (users, settings, repositories, etc) in ${contextFolder}/WEB-INF/data
. This is fine for a quick setup, but there are many reasons why you don't want to keep your data within the webapps folder of your servlet container. You may specify an external location for your data by editing WEB-INF/web.xml
and manipulating the baseFolder context parameter. Choose a location that is writeable by your servlet container. Your servlet container may be smart enough to recognize the change and to restart Gitblit.
On the next restart of Gitblit, Gitblit will copy the contents of the WEB-INF/data
folder to your specified baseFolder IF the file ${baseFolder}/gitblit.properties
does not already exist. This allows you to get going with minimal fuss.
Specifying an alternate baseFolder also allows for simpler upgrades in the future.
data/gitblit.properties
in your favorite text editor and make sure to review and set:
authority.cmd
or java -cp gitblit.jar com.gitblit.authority.Launcher --baseFolder data
from a command-line
gitblit.cmd
or java -jar gitblit.jar --baseFolder data
from a command-lineBy default, Gitblit GO stores all data (users, settings, repositories, etc) in the data
subfolder of your GO installation. You may specify an external location for your data on the command-line by setting the --baseFolder argument. If you relocate the data folder then you must supply the --baseFolder argument to both GO and the Certificate Authority.
If you are deploying Gitblit to a *nix platform, you might consider moving the data folder out of the GO installation folder and then creating a symlink named "data" that points to your moved folder.
Gitblit GO (and Gitblit Certificate Authority) automatically generates a Certificate Authority (CA) certificate and an ssl certificate signed by this CA certificate that is bound to localhost.
Remote Eclipse/EGit/JGit clients (< 3.0) will fail to communicate using this certificate because JGit always verifies the hostname of the certificate, regardless of the http.sslVerify=false client-side setting.
The EGit failure message is something like:
Cannot get remote repository refs.
Reason: https:/myserver.com/git/myrepo.git: cannot open git-upload-pack
If you want to serve your repositories to another machine over https then you will want to generate a new certificate for the hostname or ip address you are serving from.
authority.cmd
or java -jar authority.jar --baseFolder data
If you decide to change the value of server.storePassword (recommended) after you have already started Gitblit or Gitblit Certificate Authority, then you will have to delete the following files and then restart the Gitblit Certificate Authority app:
SINCE 1.2.0
Gitblit supports X509 certificate authentication. This authentication method relies on your servlet container to validate/verify/trust your client certificate and can be used by your browser and your git client.
All X509 certificates have a distinguished name (DN) which is a signature of several fields like:
C=US,O=Gitblit,OU=Gitblit,CN=james
Gitblit must be able to map the DN of the certificate to an existing account username. The default mapping is to extract the common name (CN) value from the DN and use that as the account name. If the CN is a valid account, then the user is authenticated. The servlet container which runs Gitblit validates, verifies, and trusts the certificate passed to Gitblit. If you need to specify an alternative DN mapping you may do so with the git.certificateUsernameOIDs setting, but this mapping must be matched to the user account name.
How do you make your servlet container trust a client certificate?
In the WAR variant, you will have to manually setup your servlet container to:
Alternatively, Gitblit GO is designed to facilitate use of client certificate authentication. Gitblit GO ships with a tool that simplifies creation and management of client certificates, Gitblit Certificate Authority.
When you generate a new client certificate, a zip file bundle is created which includes a P12 keystore for browsers and a PEM keystore for Git. Both of these are password-protected. Additionally, a personalized README file is generated with setup instructions for popular browsers and Git. The README is generated from data\certs\instructions.tmpl
and can be modified to suit your needs.
authority.cmd
or java -jar authority.jar --baseFolder data
X509 certificates can be confusing and tricky even with the simplified Gitblit Certificate Authority tool. If you find you need more tooling to understand your keystores, certificates, and certificate revocation lists (CRLs), I highly recommend Portecle which can be conveniently launched as a Java Web Start app.
Gitblit uses Apache Commons Daemon to install and configure its Windows service.
installService.cmd
where you may have to change the default keystore password.After service installation you can use the gitblitw.exe
utility to control and modify the runtime settings of the service.
Additional service definition options and runtime capabilities of gitblitw.exe
(prunmgr.exe) are documented here.
NOTE:
If you change the name of the service from gitblit you must also change the name of gitblitw.exe
to match the new service name otherwise the connection between the service and the utility is lost, at least to double-click execution.
By default, the service installation script configures your Windows service to use your default JVM. This setup usually defaults to a client VM.
If you have installed a JDK, you might consider using the gitblitw.exe
utility to manually specify the server VM.
gitblitw.exe
...
button
Java Virtual Machine:
C:\Program Files\Java\jre6\bin\server\jvm.dll
Command-Line parameters override the values in gitblit.properties
at runtime.
--baseFolder The default base folder for all relative file reference settings
--repositoriesFolder Git Repositories Folder
--userService Authentication and Authorization Service (filename or fully qualified classname)
--useNio Use NIO Connector else use Socket Connector.
--httpPort HTTP port for to serve. (port <= 0 will disable this connector)
--httpsPort HTTPS port to serve. (port <= 0 will disable this connector)
--ajpPort AJP port to serve. (port <= 0 will disable this connector)
--alias Alias in keystore of SSL cert to use for https serving
--storePassword Password for SSL (https) keystore.
--shutdownPort Port for Shutdown Monitor to listen on. (port <= 0 will disable this monitor)
--tempFolder Folder for server to extract built-in webapp
Example
java -jar gitblit.jar --userService c:/myrealm.config --storePassword something --baseFolder c:/data
You can override Gitblit GO's default Log4j configuration with a command-line parameter to the JVM.
java -Dlog4j.configuration=file:///home/james/log4j.properties -jar gitblit.jar <optional_gitblit_args>
For reference, here is Gitblit's default Log4j configuration. It includes some file appenders that are disabled by default.
Gitblit runs fine behind Apache. You may use either mod_proxy (GO or WAR) or mod_proxy_ajp (GO).
Each Linux distribution may vary on the exact configuration of Apache 2.2.
Here is a sample configuration that works on Debian 7.0 (Wheezy), your distribution may be different.
Then we need to make sure we are configuring Apache to use the proxy modules and to setup the proxied connection from Apache to Gitblit GO or from Apache to your chosen servlet container. The following snippet is stored as /etc/apache2/conf.d/gitblit
.
---FIXED---
ProxyVia Off
#
ProxyPreserveHost On
AddDefaultCharset off
Order deny,allow
Allow from all
---FIXED---
Please make sure to:
1. Review the security of these settings as appropriate for your deployment
2. Uncomment the ProxyPass setting for whichever connection you prefer (http/ajp)
3. Correctly set the ports and context paths both in the ProxyPass definition and your Gitblit installation
If you are using Gitblit GO you can easily configure the AJP connector by specifying a non-zero AJP port.
Please remember that on Linux/UNIX, ports < 1024 require root permissions to open.
4. Set web.mountParameters=false in gitblit.properties
or web.xml
this will use parameterized URLs.
Alternatively, you can respecify web.forwardSlashCharacter.
Any important changes to the setting keys or default values will always be mentioned in the release log.
Gitblit v0.8.0 introduced a new default user service implementation which serializes and deserializes user objects into users.conf
. A users.conf
file will be automatically created from an existing users.properties
file on the first launch after an upgrade. To use the users.conf
service, realm.userService=users.conf must be set. This revised user service allows for more sophisticated Gitblit user objects and will facilitate the development of more advanced features without adding the complexity of an embedded SQL database.
users.properties
and its user service implementation are deprecated as of v0.8.0.
WEB-INF/web.xml
baseFolder context parameter is not ${contextFolder}/WEB-INF/data
!WEB-INF/data
folder to a location writeable by your servlet container.WEB-INF/web.xml
file and set the baseFolder context parameter to your external baseFolder.${baseFolder}/gitblit.properties
.data
folder from your current Gitblit installation to the new folder and overwrite any conflictsdata/gitblit.properties
.In *nix systems, there are other tricks you can play like symlinking the data
folder or symlinking the GO folder.
All platforms support the --baseFolder command-line argument.
data
as outlined in step 1 of Upgrading Gitblit GO (pre-1.2.1)WEB-INF/data/gitblit.properties
file to your data folderWEB-INF/web.xml
file and set the baseFolder context parameter to your external baseFolder.Create a data
folder and copy the following files and folders to it:
gitblit.properties
file and adjust the following settings:
Unzip Gitblit GO to a new folder
data
folder and overwrite the folder of the same name in the just-unzipped versiondata/gitblit.properties
.NOTE: You may need to adjust your service definitions to include the --baseFolder data
argument.
You may need to delete your old service definition and install a new one depending on what has changed in the release.
Repositories can be created, edited, renamed, and deleted through the web UI. They may also be created, edited, and deleted from the command-line using real Git or your favorite file manager and text editor.
All repository settings are stored within the repository .git/config
file under the gitblit section.
[gitblit]
description = master repository
owner = james
useTickets = false
useDocs = true
showRemoteBranches = false
accessRestriction = clone
isFrozen = false
showReadme = false
federationStrategy = FEDERATE_THIS
isFederated = false
skipSizeCalculation = false
federationSets =
Repository names must be case-insensitive-unique but are CASE-SENSITIVE ON CASE-SENSITIVE FILESYSTEMS. The name must be composed of letters, digits, or / _ - . ~
Whitespace is illegal.
Repositories can be grouped within subfolders. e.g. libraries/mycoollib.git and libraries/myotherlib.git
All repositories created with Gitblit are bare and will automatically have .git appended to the name at creation time, if not already specified.
The Repository Owner has the special permission of being able to edit a repository through the web UI. The Repository Owner is not permitted to rename the repository, delete the repository, or reassign ownership to another user.
Since v1.2.0, Gitblit supports more discrete permissions. While Gitblit does not offer a built-in solution for branch-based permissions like Gitolite, it does allow for the following repository access permissions:
These permission codes are combined with the repository path to create a user permission:
RW:mygroup/myrepo.git
Gitblit also supports case-insensitive regex matching for repository permissions. The following permission grants push privileges to all repositories in the mygroup folder.
RW:mygroup/.*
When using regex matching it may also be useful to exclude specific repositories or to exclude regex repository matches. You may specify the X permission for exclusion. The following example grants clone permission to all repositories except the repositories in mygroup. The user/team will have no access whatsoever to these repositories.
X:mygroup/.*
R:.*
The preceding example should suggest that order of permissions is important with regex matching. Here are the rules for determining the permission that is applied to a repository request:
Prior to v1.2.0, Gitblit has two main access permission groupings:
You may optionally enable committer verification which requires that each commit be committed by the authenticated user pushing the commits. i.e. If Bob is pushing the commits, Bob must be the committer of those commits.
How is this enforced?
Bob must set his user.name and user.email values for the repository to match his Gitblit user account BEFORE committing to his repository.
[user "bob"]
displayName = Bob Jones
emailAddress = bob@somewhere.com
git config user.name "Bob Jones"
git config user.email bob@somewhere.com
git config user.name bob
git config user.email bob@somewhere.com
If the Gitblit account does not specify an email address, then the committer email address is ignored. However, if the account does specify an address it must match the committer's email address. Display name or username can be used as the committer name.
All checks are case-insensitive.
What about merges?
You can not use fast-forward merges on your client when using committer verification. You must specify --no-ff to ensure that a merge commit is created with your identity as the committer. Only the first parent chain is traversed when verifying commits.
Gitblit v1.2.1 introduces an incomplete push mechanism. All pushes are logged since 1.2.1, but the log has not yet been exposed through the web ui. This will be a feature of an upcoming release.
Since v0.8.0, Gitblit supports teams for the original users.properties
user service and the current default user service users.conf
. Teams have assigned users and assigned repositories. A user can be a member of multiple teams and a repository may belong to multiple teams. This allows the administrator to quickly add a user to a team without having to keep track of all the appropriate repositories.
All users are stored in the users.conf
file or in the file you specified in gitblit.properties
. Your file extension must be .conf in order to use this user service.
The users.conf
file uses a Git-style configuration format:
[user "admin"]
password = admin
role = "#admin"
role = "#notfederated"
repository = RW+:repo1.git
repository = RW+:repo2.git
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
repository = RW+:ateam/[A-Za-z0-9-~_\\./]+
[user "faceman"]
password = vanity
[user "murdock"]
password = crazy
[user "babaracus"]
password = grrrr
[team "ateam"]
user = hannibal
user = faceman
user = murdock
user = babaracus
repository = RW:topsecret.git
mailingList = list@ateam.org
postReceiveScript = sendmail
The users.conf
file allows flexibility for adding new fields to a UserModel object that the original users.properties
file does not afford without imposing the complexity of relying on an embedded SQL database.
All users are stored in the users.properties
file or in the file you specified in gitblit.properties
. Your file extension must be .properties in order to use this user service.
The format of users.properties
loosely follows Jetty's convention for HashRealms:
username=password,role1,role2,role3...
@teamname=&mailinglist,!username1,!username2,!username3,repository1,repository2,repository3...
Usernames must be unique and are case-insensitive.
Whitespace is illegal.
User passwords are CASE-SENSITIVE and may be plain, md5, or combined-md5 formatted (see gitblit.properties
-> realm.passwordStorage).
There are four actual roles in Gitblit:
Administrators automatically have access to all repositories. All other roles are repository permissions. If a repository is access-restricted, the user must have the repository's name within his/her roles to bypass the access restriction. This is how users are granted access to a restricted repository.
NOTE:
The following roles are equivalent:
This is to preserve backwards-compatibility with Gitblit <= 1.1.0 which granted rewind power to all access-permitted users.
Personal Repositories and Forks are related but are controlled individually.
A user may be granted the power to create personal repositories by specifying the #create role through the web ui or through the RPC mechanism via the Gitblit Manager. Personal repositories are exactly like common/shared repositories except that the owner has a few additional administrative powers for that repository, like rename and delete.
A user may also be granted the power to fork an existing repository hosted on your Gitblit server to their own personal clone by specifying the #fork role through the web ui or via the Gitblit Manager.
Forks are mostly likely personal repositories or common/shared repositories except for two important differences:
If you really must have an invisible fork, the clone it locally, create a new personal repository for your invisible fork, and push it back to that personal repository.
SINCE 1.0.0
LDAP can be used to authenticate Users and optionally control Team memberships. When properly configured, Gitblit will delegate authentication to your LDAP server and will cache some user information in the usual users file (.conf or .properties).
When using the LDAP User Service, new user accounts can not be manually created from Gitblit. Gitblit user accounts are automatically created for new users on their first succesful authentication through Gitblit against the LDAP server. It is also important to note that the LDAP User Service does not retrieve or store user passwords nor does it implement any LDAP-write functionality.
To use the LdapUserService set realm.userService=com.gitblit.LdapUserService in your gitblit.properties
file or your web.xml
file and then configure the realm.ldap settings appropriately for your LDAP environment.
Please see ldapUserServiceSampleData.ldif to see the data in LDAP that reflects the above picture.
The following are the settings required to configure Gitblit to authenticate against the example LDAP server with LDAP-controlled team memberships.
parameter | value | description |
---|---|---|
realm.ldap.server | ldap://localhost:389 | Tells Gitblit to connect to the LDAP server on localhost port 389. The URL Must be of form ldap(s)://<server>:<port> with port being optional (389 for ldap, 636 for ldaps). |
realm.ldap.username | cn=Directory Manager | The credentials that will log into the LDAP server |
realm.ldap.password | password | The credentials that will log into the LDAP server |
realm.ldap.backingUserService | users.conf | Where to store all information that is used by Gitblit. All information will be synced here upon user login. |
realm.ldap.maintainTeams | true | Are team memberships maintained in LDAP (true) or manually in Gitblit (false). |
realm.ldap.accountBase | OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain | What is the root node for all users in this LDAP system. Subtree searches will start from this node. |
realm.ldap.accountPattern | (&(objectClass=person)(sAMAccountName=${username})) | The LDAP search filter that will match a particular user in LDAP. ${username} will be replaced with whatever the user enters as their username in the Gitblit login panel. |
realm.ldap.groupBase | OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain | What is the root node for all teams in this LDAP system. Subtree searches will start from this node. |
realm.ldap.groupMemberPattern | (&(objectClass=group)(member=${dn})) | The LDAP search filter that will match all teams for the authenticating user. ${username} will be replaced with whatever the user enters as their username in the Gitblit login panel. Anything else in ${} will be replaced by Attributes from the User node. |
realm.ldap.admins | @Git_Admins | A space-delimited list of usernames and/or teams that indicate admin status in Gitblit. Teams are referenced with a leading @ character. |
You can start Gitblit GO with an in-memory LDAP server by specifying the --ldapLdifFile command-line argument. The LDAP server will listen on localhost of the port specified in realm.ldap.url of gitblit.properties
. Additionally, a root user record is automatically created for realm.ldap.username and realm.ldap.password. Please note that the ldaps:// protocol is not supported for the in-memory server.
This is the simplest choice where you implement custom authentication and delegate all other standard user and team operations to one of Gitblit's user service implementations. This choice insulates your customization from changes in User and Team model classes and additional API that may be added to IUserService.
Please subclass com.gitblit.GitblitUserService and override the setup() and authenticate() methods.
Make sure to set the serviceImpl field in your setup() method.
You may use your subclass by specifying its fully qualified classname in the realm.userService setting.
Your subclass must be on Gitblit's classpath and must have a public default constructor.
Instead of maintaining a users.conf
or users.properties
file, you may want to integrate Gitblit into an existing environment.
You may use your own custom com.gitblit.IUserService implementation by specifying its fully qualified classname in the realm.userService setting.
Your user service class must be on Gitblit's classpath and must have a public default constructor.
Please see the following interface definition com.gitblit.IUserService.
SINCE 0.8.0
Gitblit uses Groovy for its push hook mechanism. This mechanism only executes when pushing to Gitblit, not when pushing to some other Git tooling in your stack.
The Groovy hook mechanism allows for dynamic extension of Gitblit to execute custom tasks on receiving and processing push events. The scripts run within the context of your Gitblit instance and therefore have access to Gitblit's internals at runtime.
gitblit.properties
or web.xml
.gitblit.properties
or web.xml
.Some sample scripts are included in the GO and WAR distributions to show you how you can tap into Gitblit with the provided bound variables. Additional implementation details may be specified in the header comment of these examples.
Hook contributions and improvements are welcome.
SINCE 1.0.0
Grape lets you quickly add maven repository dependencies to your Groovy hook script.
Grape (The Groovy Adaptable Packaging Engine or Groovy Advanced Packaging Engine) is the infrastructure enabling the grab() calls in Groovy, a set of classes leveraging Ivy to allow for a repository driven module system for Groovy. This allows a developer to write a script with an essentially arbitrary library requirement, and ship just the script. Grape will, at runtime, download as needed and link the named libraries and all dependencies forming a transitive closure when the script is run from existing repositories such as Ibiblio, Codehaus, and java.net.
---JAVA---
// create and use a primitive array
import org.apache.commons.collections.primitives.ArrayIntList
@Grab(group='commons-primitives', module='commons-primitives', version='1.0')
def createEmptyInts() { new ArrayIntList() }
def ints = createEmptyInts()
ints.add(0, 42)
assert ints.size() == 1
assert ints.get(0) == 42
---JAVA---
SINCE 1.0.0
Gitblit allows custom repository string fields to be defined in gitblit.properties
or web.xml
. Entry textfields are automatically created for these fields in the Edit Repository page of Gitblit and the Edit Repository dialog of the Gitblit Manager. These fields are accessible from your Groovy hook scripts as
repository.customFields.myField
This feature allows you to customize the behavior of your hook scripts without hard-coding values in the hook scripts themselves.
Pre-Receive scripts execute after the pushed objects have all been written to the Git repository but before the refs have been updated to point to these new objects.
This is the appropriate point to block a push and is how many Git tools implement branch-write permissions.
Post-Receive scripts execute after all refs have been updated.
This is the appropriate point to trigger continuous integration builds or send email notifications, etc.
Gitblit implements email notifications in sendmail.groovy which uses the Groovy Hook Script mechanism. This allows for dynamic customization of the notification process at the installation site and serves as an example push script.
In order to send email notifications on a push to Gitblit, this script must be specified somewhere in the post-receive script chain.
You may specify sendmail in one of three places:
gitblit.properties
or web.xml
, globally applied to all repositoriesGitblit does not currently support individual subscriptions to repositories; i.e. a user can not subscribe or unsubscribe from push notifications.
However, Repository Managers and Administrators can specify subscribed email addresses in one of three places:
gitblit.properties
or web.xml
, globally applied to all push-notified repositoriesAll three sources are checked and merged into a unique list of destination addresses for push notifications.
NOTE:
Care should be taken when devising your notification scheme as it relates to any VIEW restricted repositories you might have. Setting a global mailing list and activating push notifications for a VIEW restricted repository may send unwanted emails.
SINCE 0.9.0
Repositories may optionally be indexed using the Lucene search engine. The Lucene search offers several advantages over commit-traversal search:
First you must ensure that web.allowLuceneIndexing is set true in gitblit.properties
or web.xml
. Then you must understand that Lucene indexing is an opt-in feature which means that no repositories are automatically indexed.
Like anything else, this design has pros and cons.
Yeah, I agree that is inconvenient.
If you are using Gitblit GO there is a utility script add-indexed-branch.cmd
which allows you to specify an indexed branch for many repositories in one step.
If you are using Gitblit WAR then, at present, you are out of luck unless you write your own script to traverse your repositories and use native Git to manipulate each repository config.
git config --add gitblit.indexBranch "default"
git config --add gitblit.indexBranch "refs/heads/master"
You may specify which branches should be indexed per-repository in the Edit Repository page. New/empty repositories may only specify the default branch which will resolve to whatever commit HEAD points to or the most recently updated branch if HEAD is unresolvable.
Indexes are built and incrementally updated on a 2 minute cycle so you may have to wait a few minutes before your index is built or before your latest pushes get indexed.
NOTE:
After specifying branches, only the content from those branches can be searched via Gitblit. Gitblit will automatically redirect any queries entered on a repository's search box to the Lucene search page. Repositories that do not specify any indexed branches will use the traditional commit-traversal search.
The initial indexing of an existing repository can potentially exhaust the memory allocated to your Java instance and may throw OutOfMemory exceptions. Be sure to provide your Gitblit server adequate heap space to index your repositories. The heap is set using the -Xmx JVM parameter in your Gitblit launch command (e.g. -Xmx1024M).
Gitblit has to balance its design as a complete, integrated Git server and its utility as a repository viewer in an existing Git setup.
Gitblit could build indexes immediately on edit repository or on receiving pushes, but that design would not work if someone is pushing via ssh://, git://, or file:// (i.e. not pushing to Gitblit http(s)://). For this reason Gitblit has a polling mechanism to check for ref changes every 2 mins. This design works well for all use cases, aside from adding a little lag in updating the index.
You must tell Git/JGit not to verify the self-signed certificate in order to perform any remote Git operations.
NOTE:
The default self-signed certificate generated by Gitlbit GO is bound to localhost.
If you are using Eclipse/EGit/JGit clients, you will have to generate your own certificate that specifies the exact hostname used in your clone/push url.
You must do this because Eclipse/EGit/JGit (< 3.0) always verifies certificate hostnames, regardless of the http.sslVerify=false client-side setting.
Key = http.sslVerify Value = false
git config --global --bool --add http.sslVerify false
You may find the default post buffer of your git client is too small to push large deltas to Gitblit. Sometimes this can be observed on your client as hanging during a push. Other times it can be observed by git erroring out with a message like: error: RPC failed; result=52, HTTP code = 0.
This can be adjusted on your client by changing the default post buffer size:
git config --global http.postBuffer 524288000
You may run into SNI alerts (Server Name Indication). These will manifest as failures to clone or push to your Gitblit instance.
When using Java 7-based clients, SNI is enabled by default. You can disable SNI by specifying the JVM system parameter -Djsse.enableSNIExtension=false
when your Java-based client launches.
For Eclipse, you can append -Djsse.enableSNIExtension=false
to your eclipse.ini file.
Native clients may display an error when attempting to clone or push that looks like this:
---FIXED---
C:\projects\git\gitblit>git push rhcloud master
error: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) while accessing https://demo-gitblit.rhcloud.com/git/gitblit.git/info/refs?service=git-receive-pack
fatal: HTTP request failed
---FIXED---
https://yourserver/git/your/repository
https://username@yourserver/git/your/repository