Gitweb with Httpd on openbsd server

2023-02-19 Thread airwan+git 
Hello,

 I am in trouble to set up gitweb with httpd. I am not aware with webersever. 

 My /etc.gitweb.conf contains:

 $projectroot = "/home/git";
 $projects_list = $projectroot;

 My /etc/httpd.conf contains 

 server "default" {
listen on * port 80
fastcgi 
root "/gitweb"
 } 

because I copy /usr/local/share/gitweb to /var/www/gitweb

The later contain gitweb.cgi.

I also copy perl, and libraries to a subtree in /var/www/usr/...

I am stuck, trying different stuffs, but I have not the logics..  
Http is enable and works fine with simple html by the way
Can someone help me?

Thanks.

Re: Gitweb with Httpd on openbsd server

2023-02-21 Thread Omar Polo 
On 2023/02/19 18:17:25 +0100, airwan+...@mailo.com wrote:
> Hello,
> 
>  I am in trouble to set up gitweb with httpd. I am not aware with webersever. 

First thing to notice is that most web server (httpd(8) from base but
also a few of the ones you can get from ports) on OpenBSD runs by
default in the /var/www chroot.

>  My /etc.gitweb.conf contains:
> 
>  $projectroot = "/home/git";

so this is not going to work.  A process inside the /var/www chroot
will try to open /var/www/home/git which I don't expect to exists.

Actually, the config file won't be parsed at all since it's in /etc...

>  $projects_list = $projectroot;
> 
>  My /etc/httpd.conf contains 
> 
>  server "default" {
>   listen on * port 80
>   fastcgi 
>   root "/gitweb"
>  } 
> 
> because I copy /usr/local/share/gitweb to /var/www/gitweb
> 
> The later contain gitweb.cgi.
> 
> I also copy perl, and libraries to a subtree in /var/www/usr/...

Hold still for a moment and think what you're doing.  You're almost
re-creating a standard OpenBSD installation inside /var/www.  Why?

Some software just isn't designed to run in a chroot (gitweb in this
case) and forcing it to run inside one will always require hacks.
Lots of ugly hacks usually.

If you really really really _must_ use gitweb, then you'll probably
find it easier to run httpd(8) and slowcgi(8) without chroot.

Personally I won't do it.  And neither suggest others to do so.
You're loosing many of the advantages the design and defaults of
httpd(8) and slowcgi(8) brings to you.

There are other solutions that can work nicely in a /var/www chroot
however.

For starters, there are various programs that exports a git repository
to a set of static HTML files (stagit comes to mind, but it's far from
being the only.)

cgit (as packaged on OpenBSD) should also work by default inside the
/var/www chroot and has an handy README with hints for the httpd(8)
configuration needed.

Then there's gotwebd, which I personally prefer among these options,
but note that I'm biased being one of the contributors ;-)

(and there's probably more I'm just forgetting about.)

Re: Gitweb with Httpd on openbsd server

2023-02-22 Thread Daniele B. 


> 
>> I am in trouble to set up gitweb with httpd. I am not aware with webersever.
> 
> First thing to notice is that most web server (httpd(8) from base but
> also a few of the ones you can get from ports) on OpenBSD runs by
> default in the /var/www chroot.

Problem arising, although it is about Gitweb, /var/www is chrooted by design.

Two considerations to add in the thread:
- as per suggestion of Omar not using chroot means indirectly trust Gitweb cgi
- /var/www chrooted by design miss any chroot granular configuration at app 
level
  like it is with open_basedir for php (and phpfpm). However this design choise 
is a means
  to a secure environment..it is like that for pf, ubound and so forth..

I come also from many troubles caused by /var/www chrooted expecially 
configuring
NextCloud because I was mounting on www, etc.. (by memory)

I don't know..is there the option to make a port of Gitweb, eventually?
-- Daniele Bonini