data/gitblit.propertiesin your favorite text editor and make sure to review and set:
java -cp gitblit.jar com.gitblit.authority.Launcher --baseFolder datafrom a command-line
java -jar gitblit.jar --baseFolder datafrom a command-line
By default, Gitblit GO stores all data (users, settings, repositories, etc) in the
data subfolder of your GO installation. You may specify an external location for your data on the command-line by setting the --baseFolder argument. If you relocate the data folder then you must supply the --baseFolder argument to both GO and the Certificate Authority.
If you are deploying Gitblit to a *nix platform, you might consider moving the data folder out of the GO installation folder and then creating a symlink named "data" that points to your moved folder.
You can specify
GITBLIT_HOME either as an environment variable or as a
-DGITBLIT_HOME JVM system property.
Gitblit supports loading it's settings from multiple properties files. You can achieve this using the
include=filename key. This setting supports loading multiple files using a comma as the delimiter. They are processed in the order defined and they may be nested (i.e. your included properties may include properties, etc, etc).
Gitblit GO (and Gitblit Certificate Authority) automatically generates a Certificate Authority (CA) certificate and an ssl certificate signed by this CA certificate that is bound to localhost.
Remote Eclipse/EGit/JGit clients (< 3.0) will fail to communicate using this certificate because JGit always verifies the hostname of the certificate, regardless of the http.sslVerify=false client-side setting.
The EGit failure message is something like:
Cannot get remote repository refs. Reason: https:/myserver.com/git/myrepo.git: cannot open git-upload-pack
If you want to serve your repositories to another machine over https then you will want to generate a new certificate for the hostname or ip address you are serving from.
NOTE: The Gitblit Authority is a GUI tool and will require X11 forwarding on headless UNIX boxes.
java -jar authority.jar --baseFolder data
If you decide to change the value of server.storePassword (recommended) after you have already started Gitblit or Gitblit Certificate Authority, then you will have to delete the following files and then restart the Gitblit Certificate Authority app:
Gitblit supports X509 certificate authentication. This authentication method relies on your servlet container to validate/verify/trust your client certificate and can be used by your browser and your git client.
All X509 certificates have a distinguished name (DN) which is a signature of several fields like:
Gitblit must be able to map the DN of the certificate to an existing account username. The default mapping is to extract the common name (CN) value from the DN and use that as the account name. If the CN is a valid account, then the user is authenticated. The servlet container which runs Gitblit validates, verifies, and trusts the certificate passed to Gitblit. If you need to specify an alternative DN mapping you may do so with the git.certificateUsernameOIDs setting, but this mapping must be matched to the user account name.
How do you make your servlet container trust a client certificate?
In the WAR variant, you will have to manually setup your servlet container to:
Alternatively, Gitblit GO is designed to facilitate use of client certificate authentication. Gitblit GO ships with a tool that simplifies creation and management of client certificates, Gitblit Certificate Authority.
When you generate a new client certificate, a zip file bundle is created which includes a P12 keystore for browsers and a PEM keystore for Git. Both of these are password-protected. Additionally, a personalized README file is generated with setup instructions for popular browsers and Git. The README is generated from
data\certs\instructions.tmpl and can be modified to suit your needs.
java -jar authority.jar --baseFolder data
X509 certificates can be confusing and tricky even with the simplified Gitblit Certificate Authority tool. If you find you need more tooling to understand your keystores, certificates, and certificate revocation lists (CRLs), I highly recommend Portecle which can be conveniently launched as a Java Web Start app.
Gitblit uses Apache Commons Daemon to install and configure its Windows service.
installService.cmdwhere you may have to change the default keystore password.
After service installation you can use the
gitblitw.exe utility to control and modify the runtime settings of the service.
Additional service definition options and runtime capabilities of
gitblitw.exe (prunmgr.exe) are documented here.
If you change the name of the service from gitblit you must also change the name of
gitblitw.exe to match the new service name otherwise the connection between the service and the utility is lost, at least to double-click execution.
By default, the service installation script configures your Windows service to use your default JVM. This setup usually defaults to a client VM.
If you have installed a JDK, you might consider using the
gitblitw.exe utility to manually specify the server VM.
Java Virtual Machine:
Command-Line parameters override the values in
gitblit.properties at runtime.
--baseFolder The default base folder for all relative file reference settings --repositoriesFolder Git Repositories Folder --userService Authentication and Authorization Service (filename or fully qualified classname) --httpPort HTTP port for to serve. (port <= 0 will disable this connector) --httpsPort HTTPS port to serve. (port <= 0 will disable this connector) --sshPort SSH Daemon port to serve. (port <= 0 will disable this daemon) --gitPort Git Daemon port to serve. (port <= 0 will disable this daemon) --alias Alias in keystore of SSL cert to use for https serving --storePassword Password for SSL (https) keystore. --shutdownPort Port for Shutdown Monitor to listen on. (port <= 0 will disable this monitor) --dailyLogFile Redirect logging to a rolling, daily log file instead of stdout --tempFolder Folder for server to extract built-in webapp
java -jar gitblit.jar --userService c:/myrealm.config --storePassword something --baseFolder c:/data
You can override Gitblit GO's default Log4j configuration with a command-line parameter to the JVM.
java -Dlog4j.configuration=file:///home/james/log4j.properties -jar gitblit.jar <optional_gitblit_args>
You can not use override the default log4j configuration AND specify the
--dailyLogFile parameter. For reference, here is Gitblit's default Log4j configuration. It includes some file appenders that are disabled by default.