Installing Bonobo Git Server under Windows 7 with HTTPS and Windows authentication (user side)

This post is the second part (and final) about how to install Bonobo Git Server under Windows 7 over HTTPS with Windows authentication. In this post I will explain how to connect and download a project as user. As prerequisite, you need an already installed and configured Git server, see my previous post.

Create your user at the server and check permissions

  1. Open your web browser and type:
    https://<server_ip>/Bonobo.Git.Server.Interface

    1. As explained when installing the server, the Git server uses a self-signed certificate for secure transfer protocol (HTTPS) that can not be validated. This kind of certificates are ONLY acceptable for intranet pourposes (never for public servers). Your web browser will show an error screen about not being able to validate the identity of the SSL certificate owner (that is the Git server administrator). You must add a permanent exception to access the Git server web page.
    2. You will be prompted to enter your user and password. Use your windows domain user and password:
      User: <your_domain>\<your_user>
      Pass: <your_user_password>
  2. Once you are logged in for the first time, nothing will be available to your user. The reason is that you do not have any permissions, associated repositories or groups. The administrator of the Git server has to set up your account. However, this test has three objectives. First, you have checked the availability of the server to your computer. Second, this first log in has created you account. Finally, if you click on your user name (top right corner), you can edit your user information. You should take a few seconds to enter valid information: real name and surname, and your e-mail account, since this data will be used to store your credentials while pushing to repositories.

Install Git

  1. Download (and install) the latest version of Git at:
    http://git-scm.com/download/win

    1. Click next on every screen. If you don’t want to pollute your context menu, be sure to uncheck “Windows Explorer Integration” at the program features screen.
    2. If you are really brave ;), use the Git Bash console to work with the repositories. Otherwise, install a user-friendly GUI client as explained below. I usually use both, each one has its own advantages and disadvantages.

Install a Git Client with graphical user interface

There are several Git clients with GUI, see here. I recommend you to use SmartGit/Hg for non-commercial projects, because it is free, frequently updated, and plenty of features.

  1. Install the Java Runtime Environment 8 update 25 (or higher). You can download it from here. I recommend to install both x86 (32 bits) and x64 (64 bits) versions under a 64 bits Windows operative system.
  2. Download SmartGit. Choose the “Installer without JRE”, since you have already installed Java in the previous step.

Creating the folder for cloning a repository

  1. As explained before in step 1, the Git server uses a self-signed certificate. SmartGit or any other client will complain about not being able to validate the identity of the server. Therefore, it is mandatory to disable SSL validation for each new repository manually. A bare “git clone” command will not work.
    Solution:

    1. Create a new directory called <project_name> anywhere on your hard drive. The repository will be cloned inside.
    2. Create a file named “gitclone.sh”. Edit the file and copy the code at the end of of this post. Copy “gitclone.sh” to the previously created folder.
    3. Open Git Bash and browse to that folder (with linux-like commands ‘cd’ and ‘ls’). If you selected during the installation shell integration, right-Click on the new directory and select “Git Bash Here”.
    4. Once Git Bash is inside the folder, type in the terminal:
      gitclone <project_name> <your_domain_user_name>
      and hit enter.
  2. In SmartGit, open the existing local repository (Repository -> Add or Create), and click the Pull button.
  3. If you are able to successfully open the project an pull the repository, remove the “gitclone.sh” file, which is no longer needed.
  4. Always use your Windows credentials (user and password), following username scheme: DOMAIN\<username> for pulling and pushing to the server.

Resources

It is advisable to take a look at some online tutorials to grasp the surface of what can be done with Git. You may start with these ones:

gitclone.sh



#!/bin/sh

function usage
{
echo -e "usage:\t\tgitclone <git_project_name> <your_windows_login_username>"
echo -e "example:\tgitclone MyProject xmellado"
exit
}

if [ $# -eq 0 ]; then
echo "Your command line does not contain arguments. Two arguments are expected."
usage
elif [ $# -eq 1 ]; then
echo "Your command line contains $# argument. Two arguments are expected."
usage
elif [ $# -gt 2 ]; then
echo "Your command line contains $# arguments. Only two arguments are expected."
usage
fi

GIT_PROJECT_NAME=$1
GIT_USER_NAME=$2

echo "Initializing empty Git repository"
git init
echo "Disabling SSL verification since the Git server uses a self-signed certificate"
git config http.sslVerify false
echo "Adding the remote server"
git remote add origin https://<your_domain&gt;\\$GIT_USER_NAME@<server_IP>/Bonobo.Git.Server/$GIT_PROJECT_NAME.git
echo "Increasing buffer size for large transfer operations (maximum 512 MB)"
git config http.postBuffer 524288000
echo "Pulling files from remote server"
git pull origin master
echo "Set local master branch to track origin/master branch"
git branch -u origin/master


 

Installing Bonobo Git Server under Windows 7 with HTTPS and Windows authentication (server side)

If you have at work, or at home, a Windows domain and you want to install your own Git server, Bonobo Git Server may be your choice, since it is easy to install, configure and administrate. I chose this Git server implementation at work, because it allowed us to use our Windows domain users and passwords without the need for creating new ones specially for the source control management tool.

Bonobo Git Server has a decent documentation, FAQ, and forum to help you while installing this software. I will include some steps from the installation guide, from the FAQ and I will add a few new steps for using HTTPS as communication protocol. Let’s start:

  1. Get the Bonobo Git Server from its website.
  2. Go to the installation guide and make sure that you have all the prerequisites properly installed and configured. In this case under Windows 7:
    1. Install IIS 7 on Windows Vista and Windows 7. When installing IIS7, leave the default options.
    2. .NET Framework 4.5. Install it using Windows Update.
    3. ASP.NET MVC 4. Install it using the standalone installer and don’t forget to register MVC framework with your IIS as explained in the prerequisite webpage:
      1. Windows 7. Following the same procedure that you used to install IIS 7, add the ASP.NET feature. IIS -> WWWS -> Application Development Features -> ASP.NET 4.5.
      2. Run from the command line with administrator privileges “%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -ir”.
  3. Now, install Bonobo Git Server following its instructions.
    1. To open IIS Manager, click Start, type “inetmgr” in the Search Programs and Files box, and then press ENTER.
    2. When converting the Bonobo Git Server into and application select as application pool: ASP.NET 4.0.
  4. Restart the computer and check that http://localhost/Bonobo.Git.Server is accessible.
  5. Now follow the Bonobo Git Server Windows Authentication instructions.
    1. In order to complete the section “How to configure IIS?”. Enable Windows and basic authentication. The complete path for Windows 7 and 8 is:
      Control panel
      Programs and Features
      Turn Windows Features on or off
      Expand: Internet Information Services => World Wide Web Services => Security
      Select “Basic Authentication”
      Select “Windows Authentication”
    2. Restart the computer.
    3. Follow the “How to configure IIS?” instructions.
    4. Test the interface website works with HTTP.
  6. If the webpage does not show images, follow the FAQ answers for “Bonobo Git Server doesn’t server CSS”.
  7. Once the first user, which will be the administrator, is logged in at the interface webpage, set:
    <add key=”ShouldImportWindowsUserAsAdministrator” value=”false” />
    in both, server and interface, to avoid that any new user will gain administrator privileges.
  8. If you want to secure your connection with HTTPS:
    1. Go to the ISS Manager and create a SSL certificate as explained in How to Set Up SSL on IIS 7  The Official Microsoft IIS Site. Section “IIS Manager” -> “Obtain a Certificate”.
      1. Launch “Internet Information Services (IIS) Manager” (execute inetmgr) -> Select the Server field -> Server Certificates.
        https_001
      2. Create Self-Signed Certificate. Use a descriptive name like “Git SSL certificate”.
        https_002
    2. Create an SSL Binding:
      1. Select the “Default Web Site” and click on “Bindings”.
        https_003
      2. Select “https” and your self-signed certificate at the bottom of the dialog.
        https_004
      3. The result should look like this:
        https_005
    3. Require SSL for the Bonobo Git applications.
      1. Select the Bonobo Git Server application in IIS7.
        https_006
      2. Click on SSL Certificates, requiere SSL and accept client certificates.
        https_007
      3. Click on apply (top right corner).
      4. Do the same for the Bonobo Git Interface application.
    4. Restart and you should be able to access the main Bonobo Git webpage with HTTP and HTTPS.
  9. Self-signed certificates can not be validated and are ONLY acceptable for intranet purposes (never for public servers, since man in the middle attacks may happen). Git bash or any other client will complain (for example, see SmartGit SSL Certificate Problem). The solution is to disable SSL validation for each new repository manually. I know, it is a bit painful.
    1. Create a new directory called <project_name>
    2. Open Git Bash and browse to that folder or right-Click on the new directory and select “Git Bash Here”.
    3. Enter the following command lines:
      git init
      git config http.sslVerify false
      git remote add origin https://<server_IP_address>/Bonobo.Git.Server/<git_project_name&gt;.git
      git config http.postBuffer 524288000 (see point 10)
      Alternatively, you can use a small script to make this process faster,  a bit better, and easier. Please, take a look at the user side post.
  10. To avoid crashes while making “big” pushes. Execute:
    git config http.postBuffer 524288000
    at the client side folder with Git Bash.  See Bonobo Git Server FAQ. Apply all the changes in the section Cloning Error – RPC failed.
  11. For uploading and downloading big chunks of data over SSL, you need to change (increase) your “uploadReadAheadSize”:
    1. Launch “Internet Information Services (IIS) Manager” (execute inetmgr)
    2. Expand the Server field -> Expand Sites -> Select the site you want to make the modification for (Bonobo.Git.Server).
    3. In the Features section, double click “Configuration Editor”
      snap008
    4. Under “Section” select: system.webServer/serverRuntime
    5. Modify the “uploadReadAheadSize” section (“The value must be between 0 and 2147483647.”). Set it to 2147483647 (2GB).
      snap009
    6. Click Apply and restart the web site.
  12. Finally, it is mandatory to open the HTTPS port (443) in the windows firewall for allowing the connection of other computers to the Git Server. Open the Control Panel -> System and Security -> Windows Firewall, click Allow a program or feature through Windows Firewall and scroll down to “Secure World Wide Web services (HTTPS)” and check Domain and/or Home network (the most restrictive that works).
  13. Under Windows 7, there is a bug in IIS7 regarding SSL. Install Windows 7 patch KB2634328, or you will not be able to push/pull big files over HTTPS. See Bonobo Git Server FAQ.

    Optional:
  14. Change repository location. As a general policy, I always save data in other partition than “C:”. Go to the Bonobo Git Server Interface, login and click on settings.
    1. Change the repository location.
    2. Make sure ISS_ISURS have read/write/modify access to the new folder. See Bonobo Git Server FAQ.
  15. If you have old repositories, place them inside the repository directory and restart the Git server. They will be discovered next time the application starts.

    Other problems:
  16. When login with your Windows user, it may not work. Try to access the web interface with your credentials. If you are successful, use them to push and clone. If the credentials don’t work, try the following username scheme: DOMAIN\username or username@DOMAIN, and note that DOMAIN is not the name of your git server instance, but your intranet/Windows/ActiveDirectory domain. See Ad Authentication and Push.