'git, apache, smart-http, ubuntu, convert from SSH access, does not ask for user, password

In the process of converting a ubuntu private git repo from ssh access to smart http via apache.

Currently client .git/config contains:

url = https://some-domain/git/my-project.git

When assessed via:

git remote -v show origin

The server reports:

.../apache2/error.log
AH00027: No authentication done but request not allowed without authentication for /git/my-project.git/info/refs. Authentication not configured?
.../apache2/access.log
"GET /git/my-project.git/info/refs?service=git-upload-pack HTTP/1.1" 500 5387 "-" "git/2.30.0"

Apache configuration git relevant parts:

SetEnv GIT_PROJECT_ROOT /path-to-repo
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
Alias /git /path-to-repo
RewriteRule ^/repo-root/ - [E=AUTHREQUIRED:yes]
<Directory "/path-to-repo/">
    AuthType Basic
    AuthName "Private Git Access"
    AuthUserFile /path-to-auth-file
    Require valid-user
</Directory>
<Directory /usr/lib/git-core>
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    AllowOverride None
    AuthUserFile /path-to-auth-file
    Require valid-user
</Directory>

The auth file exists and is world-readable.

Questions:

  1. Why doesn't it prompt for a user and pw?
  2. What is the difference between requiring a valid user for the git repo directory, and the git-core directory? Are both needed?
  3. If validated by apache, will the credentials be passed to git?
  4. The "Require valid-user" directives are requiring authentication for access to the apache server; but if I want to use a git credential helper, should the apache access be to allow any?
gitapachepasswordsauthorizationsmart-http


Solution 1:[1]

To complement my previous answer, the AuthUserFile I usually set up is in a Location directive, for /git, not Directory /path-to-repo.

See this as an example.

<Location /git>
  AuthType Basic
  AuthName "Private Git Access"
  AuthUserFile "/etc/git-auth-file"
  Require valid-user
</Location>

Solution 2:[2]

Ok, my solution, arrived at thanks to help from VonC above, just so it's a little clearer for others:

In the case where the git repository is not in the normal apache web page tree, this is what is required:

SetEnv GIT_PROJECT_ROOT /path-to-git-repo
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
Alias /git /path-to-git-repo
<Location "/git">
    AuthType Basic
    AuthName "git-developers-private"
    AuthUserFile /path-to-auth-file
    Require valid-user
</Location>

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 VonC
Solution 2 Gary Aitken

Related Questions

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

How can I 'git clone' from another machine?

VS Code / Bitbucket / SSH - Permission denied (publickey)

Differences between git pull origin master & git pull origin/master

git config: remote.<name>.fetch - is it possible to set up exceptions?

Git push hangs when pushing to Github?

How to clone git repository with specific revision/changeset?

Remove a file from the list that will be committed

Unable to create '/git/index.lock': File exists - but it doesn't

VSTS: How to get all linked work items since last successful release to production?

Versioning of debian packaging Information

How to generate ssh keys (for github)

How do I commit case-sensitive only filename changes in Git?