I have an Ubuntu server running Apache and git and I’m able to clone/push repos locally on the server, but get a 500 internal server error when trying to clone/push remotely.
e.g – git clone https://<domain>/testrepo.git
I can also perform git actions if using ssh – e.g git clone ssh://jason@<domain>:/home/jason/domains/<domain>/public_html/testrepo.git
I’ve confirmed apache mods like alias
and cgi
are installed and enabled and tested cgi to confirm it works.
Confirmed open ports like 80 and 443 are open on the Ubuntu firewall.
No errors in the default apache error log – even raised the log level to debug as well, nada.
[Update]
Upon checking the error log here: /var/log/<domain>_error.log
I see these following errors –
Thu Aug 01 21:15:55.438216 2024] [cgi:error] [pid 7583] [client <ip>] AH01215: fatal: detected dubious ownership in repository at '/home/jason/domains/<domain>/public_html/testrepo.git': /usr/lib/git-core/git-http-backend
[Thu Aug 01 21:15:55.438441 2024] [cgi:error] [pid 7583] [client <ip>] AH01215: To add an exception for this directory, call:: /usr/lib/git-core/git-http-backend
[Thu Aug 01 21:15:55.438539 2024] [cgi:error] [pid 7583] [client <ip>] AH01215: : /usr/lib/git-core/git-http-backend
[Thu Aug 01 21:15:55.438690 2024] [cgi:error] [pid 7583] [client <ip>] AH01215: tgit config --global --add safe.directory /home/jason/domains/<domain>/public_html/testrepo.git: /usr/lib/git-core/git-http-backend
I went ahead and added the repo directory as a safe directory using git config --global --add safe.directory /home/jason/domains/<domain>/public_html/testrepo.git
For testing purposes I changed the owner of the repo folder to www:data:www-data
and it works totally fine, which is great, but not desirable in my situation. I use my own username to manage the server of course with sudo permissions and the user is a member of the www-data
group. So in theory (to me) it should work.
But alas, still no luck.
Does GIT require using the default Apache user to run?
Server config –
- Ubuntu Server 20.04
- Git version 2.25.1
- Apache2 version 2.4.41
(Ubuntu)
My current apache config –
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /home/jason/domains/<domain>/public_html
ServerName <domain>
ServerAlias <domain>
ErrorLog ${APACHE_LOG_DIR}/<domain>_error.log
CustomLog ${APACHE_LOG_DIR}/<domain>_access.log combined
# Directory settings for public_html
<Directory /home/jason/domains/<domain>/public_html>
Options +ExecCGI +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# Git HTTP backend configuration
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
SetEnv GIT_PROJECT_ROOT /home/jason/domains/<domain>/public_html
SetEnv GIT_HTTP_EXPORT_ALL
<Directory /usr/lib/git-core>
Options +ExecCGI +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/<domain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
</VirtualHost>
</IfModule>
What am I missing here?
2
Answers
After much further review and debugging, it's apparent that setting the permissions on the repo's directory to use the default apache user
www-data
is seemingly the only resolution without changing what user is running Apache.As stated in a comment in my original thread, I find this strange considering I use my own user id for owner/permissions on everything else I do in Apache like php, python or NodeJS. This works because my user id is a member of the
www-data
group. So naturally I didn't think this would be an issue for git either.Ran into the same problem. The trick is to add the safe directory system-wide: