3 .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
4 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
7 .\" Source: Git 2.40.1.423.g2807bd2c10
10 .TH "GIT\-DAEMON" "1" "04/25/2023" "Git 2\&.40\&.1\&.423\&.g2807bd" "Git Manual"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 git-daemon \- A really simple server for Git repositories
35 \fIgit daemon\fR [\-\-verbose] [\-\-syslog] [\-\-export\-all]
36 [\-\-timeout=<n>] [\-\-init\-timeout=<n>] [\-\-max\-connections=<n>]
37 [\-\-strict\-paths] [\-\-base\-path=<path>] [\-\-base\-path\-relaxed]
38 [\-\-user\-path | \-\-user\-path=<path>]
39 [\-\-interpolated\-path=<pathtemplate>]
40 [\-\-reuseaddr] [\-\-detach] [\-\-pid\-file=<file>]
41 [\-\-enable=<service>] [\-\-disable=<service>]
42 [\-\-allow\-override=<service>] [\-\-forbid\-override=<service>]
43 [\-\-access\-hook=<path>] [\-\-[no\-]informative\-errors]
45 [\-\-listen=<host_or_ipaddr>] [\-\-port=<n>]
46 [\-\-user=<user> [\-\-group=<group>]]]
47 [\-\-log\-destination=(stderr|syslog|none)]
53 A really simple TCP Git daemon that normally listens on port "DEFAULT_GIT_PORT" aka 9418\&. It waits for a connection asking for a service, and will serve that service if it is enabled\&.
55 It verifies that the directory has the magic file "git\-daemon\-export\-ok", and it will refuse to export any Git directory that hasn\(cqt explicitly been marked for export this way (unless the \fB\-\-export\-all\fR parameter is specified)\&. If you pass some directory paths as \fIgit daemon\fR arguments, the offers are limited to repositories within those directories\&.
57 By default, only \fBupload\-pack\fR service is enabled, which serves \fIgit fetch\-pack\fR and \fIgit ls\-remote\fR clients, which are invoked from \fIgit fetch\fR, \fIgit pull\fR, and \fIgit clone\fR\&.
59 This is ideally suited for read\-only updates, i\&.e\&., pulling from Git repositories\&.
61 An \fBupload\-archive\fR also exists to serve \fIgit archive\fR\&.
66 Match paths exactly (i\&.e\&. don\(cqt allow "/foo/repo" when the real path is "/foo/repo\&.git" or "/foo/repo/\&.git") and don\(cqt do user\-relative paths\&.
68 will refuse to start when this option is enabled and no directory arguments are provided\&.
73 Remap all the path requests as relative to the given path\&. This is sort of "Git root" \- if you run
76 \fI\-\-base\-path=/srv/git\fR
77 on example\&.com, then if you later try to pull
78 \fIgit://example\&.com/hello\&.git\fR,
80 will interpret the path as
81 \fB/srv/git/hello\&.git\fR\&.
84 \-\-base\-path\-relaxed
86 If \-\-base\-path is enabled and repo lookup fails, with this option
88 will attempt to lookup without prefixing the base path\&. This is useful for switching to \-\-base\-path usage, while still allowing the old paths\&.
91 \-\-interpolated\-path=<pathtemplate>
93 To support virtual hosting, an interpolated path template can be used to dynamically construct alternate paths\&. The template supports %H for the target hostname as supplied by the client but converted to all lowercase, %CH for the canonical hostname, %IP for the server\(cqs IP address, %P for the port number, and %D for the absolute path of the named repository\&. After interpolation, the path is validated against the directory list\&.
98 Allow pulling from all directories that look like Git repositories (have the
102 subdirectories), even if they do not have the
103 \fIgit\-daemon\-export\-ok\fR
109 Have the server run as an inetd service\&. Implies \-\-syslog (may be overridden with
110 \fB\-\-log\-destination=\fR)\&. Incompatible with \-\-detach, \-\-port, \-\-listen, \-\-user and \-\-group options\&.
113 \-\-listen=<host_or_ipaddr>
115 Listen on a specific IP address or hostname\&. IP addresses can be either an IPv4 address or an IPv6 address if supported\&. If IPv6 is not supported, then \-\-listen=hostname is also not supported and \-\-listen must be given an IPv4 address\&. Can be given more than once\&. Incompatible with
122 Listen on an alternative port\&. Incompatible with
127 \-\-init\-timeout=<n>
129 Timeout (in seconds) between the moment the connection is established and the client request is received (typically a rather low value, since that should be basically immediate)\&.
134 Timeout (in seconds) for specific client sub\-requests\&. This includes the time it takes for the server to process the sub\-request and the time spent waiting for the next client\(cqs request\&.
137 \-\-max\-connections=<n>
139 Maximum number of concurrent clients, defaults to 32\&. Set it to zero for no limit\&.
145 \fB\-\-log\-destination=syslog\fR\&.
148 \-\-log\-destination=<destination>
150 Send log messages to the specified destination\&. Note that this option does not imply \-\-verbose, thus by default only error conditions will be logged\&. The <destination> must be one of:
154 Write to standard error\&. Note that if
156 is specified, the process disconnects from the real standard error, making this destination effectively equivalent to
162 Write to syslog, using the
169 Disable all logging\&.
172 The default destination is
178 is specified, otherwise
182 \-\-user\-path, \-\-user\-path=<path>
184 Allow ~user notation to be used in requests\&. When specified with no parameter, requests to git://host/~alice/foo is taken as a request to access
186 repository in the home directory of user
188 \fB\-\-user\-path=path\fR
189 is specified, the same request is taken as a request to access
191 repository in the home directory of user
197 Log details about the incoming connections and requested files\&.
202 Use SO_REUSEADDR when binding the listening socket\&. This allows the server to restart without waiting for old connections to time out\&.
207 Detach from the shell\&. Implies \-\-syslog\&.
212 Save the process id in
213 \fIfile\fR\&. Ignored when the daemon is run under
217 \-\-user=<user>, \-\-group=<group>
219 Change daemon\(cqs uid and gid before entering the service loop\&. When only
222 \fB\-\-group\fR, the primary group ID for the user is used\&. The values of the option are given to
226 and numeric IDs are not supported\&.
228 Giving these options is an error when used with
229 \fB\-\-inetd\fR; use the facility of inet daemon to achieve the same before spawning
233 Like many programs that switch user id, the daemon does not reset environment variables such as
235 when it runs git programs, e\&.g\&.
238 \fBreceive\-pack\fR\&. When using this option, you may also want to set and export
240 to point at the home directory of
242 before starting the daemon, and make sure any Git configuration files in that directory are readable by
246 \-\-enable=<service>, \-\-disable=<service>
248 Enable/disable the service site\-wide per default\&. Note that a service disabled site\-wide can still be enabled per repository if it is marked overridable and the repository enables the service with a configuration item\&.
251 \-\-allow\-override=<service>, \-\-forbid\-override=<service>
253 Allow/forbid overriding the site\-wide default with per repository configuration\&. By default, all the services may be overridden\&.
256 \-\-[no\-]informative\-errors
258 When informative errors are turned on, git\-daemon will report more verbose errors to the client, differentiating conditions like "no such repository" from "repository not exported"\&. This is more convenient for clients, but may leak information about the existence of unexported repositories\&. When informative errors are not enabled, all errors report "access denied" to the client\&. The default is \-\-no\-informative\-errors\&.
261 \-\-access\-hook=<path>
263 Every time a client connects, first run an external command specified by the <path> with service name (e\&.g\&. "upload\-pack"), path to the repository, hostname (%H), canonical hostname (%CH), IP address (%IP), and TCP port (%P) as its command\-line arguments\&. The external command can decide to decline the service by exiting with a non\-zero status (or to allow it by exiting with a zero status)\&. It can also look at the $REMOTE_ADDR and
265 environment variables to learn about the requestor when making this decision\&.
267 The external command can optionally write a single line to its standard output to be sent to the requestor as an error message when it declines the service\&.
272 The remaining arguments provide a list of directories\&. If any directories are specified, then the
274 process will serve a requested directory only if it is contained in one of these directories\&. If
275 \fB\-\-strict\-paths\fR
276 is specified, then the requested directory must match one of these directories exactly\&.
280 These services can be globally enabled/disabled using the command\-line options of this command\&. If finer\-grained control is desired (e\&.g\&. to allow \fIgit archive\fR to be run against only in a few selected repositories the daemon serves), the per\-repository configuration file can be used to enable or disable them\&.
285 \fIgit fetch\-pack\fR
288 clients\&. It is enabled by default, but a repository can disable it by setting
289 \fBdaemon\&.uploadpack\fR
290 configuration item to
297 \fIgit archive \-\-remote\fR\&. It is disabled by default, but a repository can enable it by setting
298 \fBdaemon\&.uploadarch\fR
299 configuration item to
307 clients, allowing anonymous push\&. It is disabled by default, as there is
309 authentication in the protocol (in other words, anybody can push anything into the repository, including removal of refs)\&. This is solely meant for a closed LAN setting where everybody is friendly\&. This service can be enabled by setting
310 \fBdaemon\&.receivepack\fR
311 configuration item to
316 We assume the following in /etc/services
323 $ grep 9418 /etc/services
324 git 9418/tcp # Git Version Control System
332 \fIgit daemon\fR as inetd server
336 as an inetd service that handles any repository within
339 \fB/pub/bar\fR, place an entry like the following into
347 git stream tcp nowait nobody /usr/bin/git
348 git daemon \-\-inetd \-\-verbose \-\-export\-all
357 \fIgit daemon\fR as inetd server for virtual hosts
361 as an inetd service that handles repositories for different virtual hosts,
362 \fBwww\&.example\&.com\fR
364 \fBwww\&.example\&.org\fR, place an entry like the following into
372 git stream tcp nowait nobody /usr/bin/git
373 git daemon \-\-inetd \-\-verbose \-\-export\-all
374 \-\-interpolated\-path=/pub/%H%D
375 /pub/www\&.example\&.org/software
376 /pub/www\&.example\&.com/software
383 In this example, the root\-level directory
385 will contain a subdirectory for each virtual host name supported\&. Further, both hosts advertise repositories simply as
386 \fBgit://www\&.example\&.com/software/repo\&.git\fR\&. For pre\-1\&.4\&.0 clients, a symlink from
388 into the appropriate default repository could be made as well\&.
391 \fIgit daemon\fR as regular daemon for virtual hosts
395 as a regular, non\-inetd service that handles repositories for multiple virtual hosts based on their IP addresses, start the daemon like this:
401 git daemon \-\-verbose \-\-export\-all
402 \-\-interpolated\-path=/pub/%IP/%D
403 /pub/192\&.168\&.1\&.200/software
404 /pub/10\&.10\&.220\&.23/software
410 In this example, the root\-level directory
412 will contain a subdirectory for each virtual host IP address supported\&. Repositories can still be accessed by hostname though, assuming they correspond to these IP addresses\&.
415 selectively enable/disable services per repository
418 \fIgit archive \-\-remote\fR
421 against a repository, have the following in the configuration file in the repository (that is the file
444 \fIgit daemon\fR will set REMOTE_ADDR to the IP address of the client that connected to it, if the IP address is available\&. REMOTE_ADDR will be available in the environment of hooks called when services are performed\&.
447 Part of the \fBgit\fR(1) suite