X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f7e00eb55fbcc41b8cd1f416344ad4abdb020bc0..87640a81e725d0246837994acbb3a696d14401c6:/doc/install/install-arv-git-httpd.html.textile.liquid
diff --git a/doc/install/install-arv-git-httpd.html.textile.liquid b/doc/install/install-arv-git-httpd.html.textile.liquid
index be85d1c5a5..1c31dc4d6e 100644
--- a/doc/install/install-arv-git-httpd.html.textile.liquid
+++ b/doc/install/install-arv-git-httpd.html.textile.liquid
@@ -34,20 +34,22 @@ DNS and network configuration should be set up so port 443 reaches your HTTPS pr
h2. Generate an API token
-On the API server, if you are using RVM:
+Use the following command to generate an API token, changing *@webserver-user@* to the user of the web server process. This is typically *@www-data@* on Debian systems by default, other systems may use different defaults such the name of the web server software (for example, *@nginx@*).
+
+Using RVM:
gitserver:~$ cd /var/www/arvados-api/current
-gitserver:/var/www/arvados-api/current$ sudo -u www-data RAILS_ENV=production `which rvm-exec` default bundle exec ./script/create_superuser_token.rb
+gitserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production `which rvm-exec` default bundle exec ./script/create_superuser_token.rb
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-If you are not using RVM:
+Not using RVM:
gitserver:~$ cd /var/www/arvados-api/current
-gitserver:/var/www/arvados-api/current$ sudo -u www-data RAILS_ENV=production bundle exec ./script/create_superuser_token.rb
+gitserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production bundle exec ./script/create_superuser_token.rb
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
@@ -70,9 +72,11 @@ On Red Hat-based systems:
+{% include 'install_git' %}
+
h2. Create a "git" user and a storage directory
-Gitolite and some additional scripts will be installed in @/var/lib/arvados/git@, which means hosted repository data will be stored in @/var/lib/arvados/git/repositories@. If you choose to install gitolite in a different location, make sure to update the @git_repositories_dir@ entry in your API server's @config/application.yml@ file accordingly: for example, if you install gitolite at @/data/gitolite@ then your @git_repositories_dir@ will be @/data/gitolite/repositories@.
+Gitolite and some additional scripts will be installed in @/var/lib/arvados/git@, which means hosted repository data will be stored in @/var/lib/arvados/git/repositories@. If you choose to install gitolite in a different location, make sure to update the @git_repositories_dir@ entry in your API server's @application.yml@ file accordingly: for example, if you install gitolite at @/data/gitolite@ then your @git_repositories_dir@ will be @/data/gitolite/repositories@.
A new UNIX account called "git" will own the files. This makes git URLs look familiar to users (git@[...]:username/reponame.git
).
@@ -165,6 +169,13 @@ Add the following lines inside the section that begins @%RC = (@:
+Inside that section, adjust the 'UMASK' setting to @022@, to ensure the API server has permission to read repositories:
+
+
+ UMASK => 022,
+
+
+
Uncomment the 'Alias' line in the section that begins @ENABLE => [@:
@@ -210,10 +221,10 @@ Otherwise, create @/etc/cron.d/arvados-git-sync@ with the following content:
h3. Configure the API server to advertise the correct SSH URLs
-In your API server's @config/application.yml@ file, add the following entry:
+In your API server's @application.yml@ file, add the following entry:
-git_repo_ssh_base: git@git.uuid_prefix.your.domain:
+git_repo_ssh_base: "git@git.uuid_prefix.your.domain:"
@@ -284,13 +295,26 @@ EOF
#!/bin/sh
export ARVADOS_API_HOST=uuid_prefix.your.domain
export GITOLITE_HTTP_HOME=/var/lib/arvados/git
+export GL_BYPASS_ACCESS_CHECKS=1
export PATH="$PATH:/var/lib/arvados/git/bin"
-exec chpst -u git:git arvados-git-httpd -address=:9001 -git-command="$(which git)" -repo-root=/var/lib/arvados/git/repositories 2>&1
+exec chpst -u git:git arvados-git-httpd -address=:9001 -git-command=/var/lib/arvados/git/gitolite/src/gitolite-shell -repo-root=/var/lib/arvados/git/repositories 2>&1
EOF
/etc/sv/arvados-git-httpd$ sudo chmod +x run log/run
+If you are using a different daemon supervisor, or if you want to test the daemon in a terminal window, an equivalent shell command to run arvados-git-httpd is:
+
+
+sudo -u git \
+ ARVADOS_API_HOST=uuid_prefix.your.domain \
+ GITOLITE_HTTP_HOME=/var/lib/arvados/git \
+ GL_BYPASS_ACCESS_CHECKS=1 \
+ PATH="$PATH:/var/lib/arvados/git/bin" \
+ arvados-git-httpd -address=:9001 -git-command=/var/lib/arvados/git/gitolite/src/gitolite-shell -repo-root=/var/lib/arvados/git/repositories 2>&1
+
+
+
h3. Set up a reverse proxy to provide SSL service
The arvados-git-httpd service will be accessible from anywhere on the internet, so we recommend using SSL.
@@ -307,6 +331,8 @@ upstream arvados-git-httpd {
server {
listen [your public IP address]:443 ssl;
server_name git.uuid_prefix.your.domain;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
@@ -321,7 +347,7 @@ server {
h3. Configure the API server to advertise the correct HTTPS URLs
-In your API server's @config/application.yml@ file, add the following entry:
+In your API server's @application.yml@ file, add the following entry:
git_repo_http_base: https://git.uuid_prefix.your.domain/