Moving to a new server, I also had to setup HTTP access for my Git repositories at git.cweiske.de.
My old server was Debian 8 with Apache 2.2, the new one Debian 9 with Apache 2.4. Simply copying the configuration did not work - I got an error:
AH01630: client denied by server configuration: /usr/lib/git-core/git-http-backend
I did not want to make the whole /usr/lib/git-core/ directory executable, but only git-http-backend. At first I tried it with:
<Files "/usr/lib/git-core/git-http-backend"> Options +ExecCGI Require all granted </Files>
- but that did not work. The documentation about files says:
Directives enclosed in a <Files> section apply to any file with the specified name, regardless of what directory it lies in.
So the correct way was to nest a <Files> tag inside a <Directory> tag:
<Directory "/usr/lib/git-core/"> <Files "git-http-backend"> Options +ExecCGI Require all granted </Files> </Directory>
Full configuration
This is the full configuration for the virtual host:
<VirtualHost *:443> ServerName git.cweiske.de HeaderName HEADER DocumentRoot /home/cweiske/www/git.cweiske.de/ Include /etc/apache2/sites-available/cweiske/includes/linkback.conf Include /etc/apache2/sites-available/cweiske/includes/letsencrypt-acme-challenges.conf SetEnv GITWEB_CONFIG /home/cweiske/www/git.cweiske.de/gitweb.conf ScriptAlias /gitweb.cgi /usr/share/gitweb/gitweb.cgi #smart http protocol # by default allows GET only, not push. # we serve it over the same URLs as the normal gitweb URLs! SetEnv GIT_PROJECT_ROOT /var/lib/git-public/ ScriptAliasMatch \ "(?x)^/(.*git/(HEAD | \ info/refs | \ objects/(info/[^/]+ | \ [0-9a-f]{2}/[0-9a-f]{38} | \ pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ git-(upload|receive)-pack))$" \ /usr/lib/git-core/git-http-backend/$1 CustomLog /var/log/apache2/cweiske/git.cweiske.de-access.log combined ErrorLog /var/log/apache2/cweiske/git.cweiske.de-error.log SSLEngine On SSLCertificateFile /etc/letsencrypt/live/git.cweiske.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/git.cweiske.de/privkey.pem ServerSignature Off <Directory "/home/cweiske/www/git.cweiske.de/"> Options +FollowSymLinks +ExecCGI AddHandler cgi-script .cgi Require all granted DirectoryIndex /gitweb.cgi RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^.* /gitweb.cgi/$0 [L,PT] </Directory> <Directory "/usr/lib/git-core/"> <Files "git-http-backend"> Options +ExecCGI Require all granted </Files> </Directory> <Location "/gitweb.conf"> Require all denied </Location> </VirtualHost>