Skip to content
代码片段 群组 项目
选择Git版本
  • master 受保护
  • 17-10-stable-jh-patch-1
  • 17-9-stable-jh-patch-3
  • 17-10-stable-ee 受保护
  • implement-epic-iterition
  • 17-8-stable-ee 受保护
  • 17-9-stable-ee 受保护
  • pre-main-jh 受保护
  • task63-64
  • fix-401-page-style
  • 17-10-stable-jh 受保护
  • fix-oauth-temp-email
  • fix-epic-milestone-settings-graphql
  • main-jh 默认 受保护
  • 17-7-stable-ee 受保护
  • fix/epic-milestone-setting-feature-is-broken
  • 17-10-stable-jh-prepare
  • 4745-developerquan-xian-yong-hu-chuang-jian-bao-hu-fen-zhi-xu-qiu
  • fix-pre-main-jh-pipeline-2025-03-14
  • 17-9-stable-jh 受保护
  • v17.8.6-ee 受保护
  • v17.9.3-ee 受保护
  • v17.10.1-ee 受保护
  • v17.10.0-jh 受保护
  • v17.10.0-ee 受保护
  • v17.10.0-rc42-ee 受保护
  • v17.9.2-jh 受保护
  • v17.8.5-jh 受保护
  • v17.7.7-jh 受保护
  • v17.7.7-ee 受保护
  • v17.8.5-ee 受保护
  • v17.9.2-ee 受保护
  • v17.9.1-jh 受保护
  • v17.8.4-jh 受保护
  • v17.7.6-jh 受保护
  • v17.7.6-ee 受保护
  • v17.8.4-ee 受保护
  • v17.9.1-ee 受保护
  • v17.9.0-jh 受保护
  • v17.9.0-jh-test 受保护
40 个结果
Blame 永久链接
代码所有者
将用户和群组指定为特定文件更改的核准人。 了解更多。
README.md 2.86 KiB

gitlab-git-http-server

gitlab-git-http-server was designed to unload Git HTTP traffic from the GitLab Rails app (Unicorn) to a separate daemon. It also serves 'git archive' downloads for GitLab. All authentication and authorization logic is still handled by the GitLab Rails app.

Architecture: Git client -> NGINX -> gitlab-git-http-server (makes auth request to GitLab Rails app) -> git-upload-pack

Usage

  gitlab-git-http-server [OPTIONS]

Options:
  -authBackend string
    	Authentication/authorization backend (default "http://localhost:8080")
  -authSocket string
    	Optional: Unix domain socket to dial authBackend at
  -listenAddr string
    	Listen address for HTTP server (default "localhost:8181")
  -listenNetwork string
    	Listen 'network' (tcp, tcp4, tcp6, unix) (default "tcp")
  -listenUmask int
    	Umask for Unix socket, default: 022 (default 18)
  -pprofListenAddr string
    	pprof listening address, e.g. 'localhost:6060'
  -version
    	Print version and exit

gitlab-git-http-server allows Git HTTP clients to push and pull to and from Git repositories. Each incoming request is first replayed (with an empty request body) to an external authentication/authorization HTTP server: the 'auth backend'. The auth backend is expected to be a GitLab Unicorn process. The 'auth response' is a JSON message which tells gitlab-git-http-server the path of the Git repository to read from/write to.

gitlab-git-http-server can listen on either a TCP or a Unix domain socket. It can also open a second listening TCP listening socket with the Go net/http/pprof profiler server.

Installation

To install into /usr/local/bin run make install.

make install

To install into /foo/bin set the PREFIX variable.

make install PREFIX=/foo

Tests

make clean test

Try it out

You can try out the Git server without authentication as follows:

# Start a fake auth backend that allows everything/everybody
make test/data/test.git
go run support/fake-auth-backend.go ~+/test/data/test.git &
# Start gitlab-git-http-server
make
./gitlab-git-http-server

Now you can try things like:

git clone http://localhost:8181/test.git
curl -JO http://localhost:8181/test/repository/archive.zip

Example request flow

  • start POST repo.git/git-receive-pack to NGINX
  • ..start POST repo.git/git-receive-pack to gitlab-git-http-server
  • ....start POST repo.git/git-receive-pack to Unicorn for auth
  • ....end POST to Unicorn for auth
  • ....start git-receive-pack process from gitlab-git-http-server
  • ......start POST /api/v3/internal/allowed to Unicorn from Git hook (check protected branches)
  • ......end POST to Unicorn from Git hook
  • ....end git-receive-pack process
  • ..end POST to gitlab-git-http-server
  • end POST to NGINX

License

This code is distributed under the MIT license, see the LICENSE file.