Re: Git: Do not use http to access Git!

[Olav Vitters <olav vitters nl>]

On Thu, Feb 17, 2011 at 11:25:05PM +1100, Danielle Madeley wrote:
> On Thu, 2011-02-17 at 10:48 +0100, Olav Vitters wrote:
> 
> > Some people have been using the cgit interface to checkout a lot of git
> > modules. This cause a very high load on our server. Please use the git
> > protocol instead. For now I've blocked git from accessing cgit as too
> > many people have been using the http interface and it negatively impacts
> > performance (very high loads over long periods).
> 
> Is it possible these people are on ridiculous corporate networks that
> only permit HTTP traffic (via a proxy) and allow no other outgoing
> connections beyond their network?
> 
> I have been on one of these before, http was the only way I could
> checkout sources (from Subversion at the time).

Could be, no idea. Just know that we didn't intend http access for git.
That it worked at all is just by sheer luck (cgit supports a bad
method) and it is affecting our server (seems like entire jhbuilds by
multiple people, not just 1 checkout).

> If this is the case, git being awesome as it is, perhaps someone could
> set up a remote that offers http cloning that updates once a day or so.
> This would let people clone a repo, and still submit their work via
> format-patch etc.

I've noticed the following after sending the initial mail:
http://progit.org/2010/03/04/smart-http.html
http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html

Basically: If the client has git 1.6.6+, there is a possibility to be as
(almost as?) efficient as the git protocol using http. I've reconfigured
all git repos to have:
  http.getanyfile false
  http.receivepack false
Meaning: Only want efficient Git.

My intend is to allow the git 1.6.6+ method, and explicitly disallow the
previous method.

This requires some sysadmin work to setup (newer git, newer cgit, etc).
Doing that atm, not sure when I'll finish.

-- 
Regards,
Olav