You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
325 lines
14 KiB
325 lines
14 KiB
http.proxy:: |
|
Override the HTTP proxy, normally configured using the 'http_proxy', |
|
'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In |
|
addition to the syntax understood by curl, it is possible to specify a |
|
proxy string with a user name but no password, in which case git will |
|
attempt to acquire one in the same way it does for other credentials. See |
|
linkgit:gitcredentials[7] for more information. The syntax thus is |
|
'[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden |
|
on a per-remote basis; see remote.<name>.proxy |
|
|
|
http.proxyAuthMethod:: |
|
Set the method with which to authenticate against the HTTP proxy. This |
|
only takes effect if the configured proxy string contains a user name part |
|
(i.e. is of the form 'user@host' or 'user@host:port'). This can be |
|
overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`. |
|
Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment |
|
variable. Possible values are: |
|
+ |
|
-- |
|
* `anyauth` - Automatically pick a suitable authentication method. It is |
|
assumed that the proxy answers an unauthenticated request with a 407 |
|
status code and one or more Proxy-authenticate headers with supported |
|
authentication methods. This is the default. |
|
* `basic` - HTTP Basic authentication |
|
* `digest` - HTTP Digest authentication; this prevents the password from being |
|
transmitted to the proxy in clear text |
|
* `negotiate` - GSS-Negotiate authentication (compare the --negotiate option |
|
of `curl(1)`) |
|
* `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`) |
|
-- |
|
|
|
http.proxySSLCert:: |
|
The pathname of a file that stores a client certificate to use to authenticate |
|
with an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_CERT` environment |
|
variable. |
|
|
|
http.proxySSLKey:: |
|
The pathname of a file that stores a private key to use to authenticate with |
|
an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_KEY` environment |
|
variable. |
|
|
|
http.proxySSLCertPasswordProtected:: |
|
Enable Git's password prompt for the proxy SSL certificate. Otherwise OpenSSL |
|
will prompt the user, possibly many times, if the certificate or private key |
|
is encrypted. Can be overridden by the `GIT_PROXY_SSL_CERT_PASSWORD_PROTECTED` |
|
environment variable. |
|
|
|
http.proxySSLCAInfo:: |
|
Pathname to the file containing the certificate bundle that should be used to |
|
verify the proxy with when using an HTTPS proxy. Can be overridden by the |
|
`GIT_PROXY_SSL_CAINFO` environment variable. |
|
|
|
http.emptyAuth:: |
|
Attempt authentication without seeking a username or password. This |
|
can be used to attempt GSS-Negotiate authentication without specifying |
|
a username in the URL, as libcurl normally requires a username for |
|
authentication. |
|
|
|
http.delegation:: |
|
Control GSSAPI credential delegation. The delegation is disabled |
|
by default in libcurl since version 7.21.7. Set parameter to tell |
|
the server what it is allowed to delegate when it comes to user |
|
credentials. Used with GSS/kerberos. Possible values are: |
|
+ |
|
-- |
|
* `none` - Don't allow any delegation. |
|
* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the |
|
Kerberos service ticket, which is a matter of realm policy. |
|
* `always` - Unconditionally allow the server to delegate. |
|
-- |
|
|
|
|
|
http.extraHeader:: |
|
Pass an additional HTTP header when communicating with a server. If |
|
more than one such entry exists, all of them are added as extra |
|
headers. To allow overriding the settings inherited from the system |
|
config, an empty value will reset the extra headers to the empty list. |
|
|
|
http.cookieFile:: |
|
The pathname of a file containing previously stored cookie lines, |
|
which should be used |
|
in the Git http session, if they match the server. The file format |
|
of the file to read cookies from should be plain HTTP headers or |
|
the Netscape/Mozilla cookie file format (see `curl(1)`). |
|
NOTE that the file specified with http.cookieFile is used only as |
|
input unless http.saveCookies is set. |
|
|
|
http.saveCookies:: |
|
If set, store cookies received during requests to the file specified by |
|
http.cookieFile. Has no effect if http.cookieFile is unset. |
|
|
|
http.version:: |
|
Use the specified HTTP protocol version when communicating with a server. |
|
If you want to force the default. The available and default version depend |
|
on libcurl. Currently the possible values of |
|
this option are: |
|
|
|
- HTTP/2 |
|
- HTTP/1.1 |
|
|
|
http.curloptResolve:: |
|
Hostname resolution information that will be used first by |
|
libcurl when sending HTTP requests. This information should |
|
be in one of the following formats: |
|
|
|
- [+]HOST:PORT:ADDRESS[,ADDRESS] |
|
- -HOST:PORT |
|
|
|
+ |
|
The first format redirects all requests to the given `HOST:PORT` |
|
to the provided `ADDRESS`(s). The second format clears all |
|
previous config values for that `HOST:PORT` combination. To |
|
allow easy overriding of all the settings inherited from the |
|
system config, an empty value will reset all resolution |
|
information to the empty list. |
|
|
|
http.sslVersion:: |
|
The SSL version to use when negotiating an SSL connection, if you |
|
want to force the default. The available and default version |
|
depend on whether libcurl was built against NSS or OpenSSL and the |
|
particular configuration of the crypto library in use. Internally |
|
this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl |
|
documentation for more details on the format of this option and |
|
for the ssl version supported. Currently the possible values of |
|
this option are: |
|
|
|
- sslv2 |
|
- sslv3 |
|
- tlsv1 |
|
- tlsv1.0 |
|
- tlsv1.1 |
|
- tlsv1.2 |
|
- tlsv1.3 |
|
|
|
+ |
|
Can be overridden by the `GIT_SSL_VERSION` environment variable. |
|
To force git to use libcurl's default ssl version and ignore any |
|
explicit http.sslversion option, set `GIT_SSL_VERSION` to the |
|
empty string. |
|
|
|
http.sslCipherList:: |
|
A list of SSL ciphers to use when negotiating an SSL connection. |
|
The available ciphers depend on whether libcurl was built against |
|
NSS or OpenSSL and the particular configuration of the crypto |
|
library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST' |
|
option; see the libcurl documentation for more details on the format |
|
of this list. |
|
+ |
|
Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable. |
|
To force git to use libcurl's default cipher list and ignore any |
|
explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the |
|
empty string. |
|
|
|
http.sslVerify:: |
|
Whether to verify the SSL certificate when fetching or pushing |
|
over HTTPS. Defaults to true. Can be overridden by the |
|
`GIT_SSL_NO_VERIFY` environment variable. |
|
|
|
http.sslCert:: |
|
File containing the SSL certificate when fetching or pushing |
|
over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment |
|
variable. |
|
|
|
http.sslKey:: |
|
File containing the SSL private key when fetching or pushing |
|
over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment |
|
variable. |
|
|
|
http.sslCertPasswordProtected:: |
|
Enable Git's password prompt for the SSL certificate. Otherwise |
|
OpenSSL will prompt the user, possibly many times, if the |
|
certificate or private key is encrypted. Can be overridden by the |
|
`GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable. |
|
|
|
http.sslCAInfo:: |
|
File containing the certificates to verify the peer with when |
|
fetching or pushing over HTTPS. Can be overridden by the |
|
`GIT_SSL_CAINFO` environment variable. |
|
|
|
http.sslCAPath:: |
|
Path containing files with the CA certificates to verify the peer |
|
with when fetching or pushing over HTTPS. Can be overridden |
|
by the `GIT_SSL_CAPATH` environment variable. |
|
|
|
http.sslBackend:: |
|
Name of the SSL backend to use (e.g. "openssl" or "schannel"). |
|
This option is ignored if cURL lacks support for choosing the SSL |
|
backend at runtime. |
|
|
|
http.schannelCheckRevoke:: |
|
Used to enforce or disable certificate revocation checks in cURL |
|
when http.sslBackend is set to "schannel". Defaults to `true` if |
|
unset. Only necessary to disable this if Git consistently errors |
|
and the message is about checking the revocation status of a |
|
certificate. This option is ignored if cURL lacks support for |
|
setting the relevant SSL option at runtime. |
|
|
|
http.schannelUseSSLCAInfo:: |
|
As of cURL v7.60.0, the Secure Channel backend can use the |
|
certificate bundle provided via `http.sslCAInfo`, but that would |
|
override the Windows Certificate Store. Since this is not desirable |
|
by default, Git will tell cURL not to use that bundle by default |
|
when the `schannel` backend was configured via `http.sslBackend`, |
|
unless `http.schannelUseSSLCAInfo` overrides this behavior. |
|
|
|
http.pinnedPubkey:: |
|
Public key of the https service. It may either be the filename of |
|
a PEM or DER encoded public key file or a string starting with |
|
'sha256//' followed by the base64 encoded sha256 hash of the |
|
public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will |
|
exit with an error if this option is set but not supported by |
|
cURL. |
|
|
|
http.sslTry:: |
|
Attempt to use AUTH SSL/TLS and encrypted data transfers |
|
when connecting via regular FTP protocol. This might be needed |
|
if the FTP server requires it for security reasons or you wish |
|
to connect securely whenever remote FTP server supports it. |
|
Default is false since it might trigger certificate verification |
|
errors on misconfigured servers. |
|
|
|
http.maxRequests:: |
|
How many HTTP requests to launch in parallel. Can be overridden |
|
by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5. |
|
|
|
http.minSessions:: |
|
The number of curl sessions (counted across slots) to be kept across |
|
requests. They will not be ended with curl_easy_cleanup() until |
|
http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this |
|
value will be capped at 1. Defaults to 1. |
|
|
|
http.postBuffer:: |
|
Maximum size in bytes of the buffer used by smart HTTP |
|
transports when POSTing data to the remote system. |
|
For requests larger than this buffer size, HTTP/1.1 and |
|
Transfer-Encoding: chunked is used to avoid creating a |
|
massive pack file locally. Default is 1 MiB, which is |
|
sufficient for most requests. |
|
+ |
|
Note that raising this limit is only effective for disabling chunked |
|
transfer encoding and therefore should be used only where the remote |
|
server or a proxy only supports HTTP/1.0 or is noncompliant with the |
|
HTTP standard. Raising this is not, in general, an effective solution |
|
for most push problems, but can increase memory consumption |
|
significantly since the entire buffer is allocated even for small |
|
pushes. |
|
|
|
http.lowSpeedLimit, http.lowSpeedTime:: |
|
If the HTTP transfer speed is less than 'http.lowSpeedLimit' |
|
for longer than 'http.lowSpeedTime' seconds, the transfer is aborted. |
|
Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and |
|
`GIT_HTTP_LOW_SPEED_TIME` environment variables. |
|
|
|
http.noEPSV:: |
|
A boolean which disables using of EPSV ftp command by curl. |
|
This can helpful with some "poor" ftp servers which don't |
|
support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV` |
|
environment variable. Default is false (curl will use EPSV). |
|
|
|
http.userAgent:: |
|
The HTTP USER_AGENT string presented to an HTTP server. The default |
|
value represents the version of the client Git such as git/1.7.1. |
|
This option allows you to override this value to a more common value |
|
such as Mozilla/4.0. This may be necessary, for instance, if |
|
connecting through a firewall that restricts HTTP connections to a set |
|
of common USER_AGENT strings (but not including those like git/1.7.1). |
|
Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable. |
|
|
|
http.followRedirects:: |
|
Whether git should follow HTTP redirects. If set to `true`, git |
|
will transparently follow any redirect issued by a server it |
|
encounters. If set to `false`, git will treat all redirects as |
|
errors. If set to `initial`, git will follow redirects only for |
|
the initial request to a remote, but not for subsequent |
|
follow-up HTTP requests. Since git uses the redirected URL as |
|
the base for the follow-up requests, this is generally |
|
sufficient. The default is `initial`. |
|
|
|
http.<url>.*:: |
|
Any of the http.* options above can be applied selectively to some URLs. |
|
For a config key to match a URL, each element of the config key is |
|
compared to that of the URL, in the following order: |
|
+ |
|
-- |
|
. Scheme (e.g., `https` in `https://example.com/`). This field |
|
must match exactly between the config key and the URL. |
|
|
|
. Host/domain name (e.g., `example.com` in `https://example.com/`). |
|
This field must match between the config key and the URL. It is |
|
possible to specify a `*` as part of the host name to match all subdomains |
|
at this level. `https://*.example.com/` for example would match |
|
`https://foo.example.com/`, but not `https://foo.bar.example.com/`. |
|
|
|
. Port number (e.g., `8080` in `http://example.com:8080/`). |
|
This field must match exactly between the config key and the URL. |
|
Omitted port numbers are automatically converted to the correct |
|
default for the scheme before matching. |
|
|
|
. Path (e.g., `repo.git` in `https://example.com/repo.git`). The |
|
path field of the config key must match the path field of the URL |
|
either exactly or as a prefix of slash-delimited path elements. This means |
|
a config key with path `foo/` matches URL path `foo/bar`. A prefix can only |
|
match on a slash (`/`) boundary. Longer matches take precedence (so a config |
|
key with path `foo/bar` is a better match to URL path `foo/bar` than a config |
|
key with just path `foo/`). |
|
|
|
. User name (e.g., `user` in `https://user@example.com/repo.git`). If |
|
the config key has a user name it must match the user name in the |
|
URL exactly. If the config key does not have a user name, that |
|
config key will match a URL with any user name (including none), |
|
but at a lower precedence than a config key with a user name. |
|
-- |
|
+ |
|
The list above is ordered by decreasing precedence; a URL that matches |
|
a config key's path is preferred to one that matches its user name. For example, |
|
if the URL is `https://user@example.com/foo/bar` a config key match of |
|
`https://example.com/foo` will be preferred over a config key match of |
|
`https://user@example.com`. |
|
+ |
|
All URLs are normalized before attempting any matching (the password part, |
|
if embedded in the URL, is always ignored for matching purposes) so that |
|
equivalent URLs that are simply spelled differently will match properly. |
|
Environment variable settings always override any matches. The URLs that are |
|
matched against are those given directly to Git commands. This means any URLs |
|
visited as a result of a redirection do not participate in matching.
|
|
|