When we launched Projects we decided to play safe and configured the Web server and access to all repositories over SSL. Some users have expressed interest in Git over SSH, other users have mentioned how SSL is not a requirement to them and would be happy with normal HTTP.

We started working on our server configuration, but decided that we wanted to allow everyone to decide for himself. We configured Projects so that everything is enabled by default, but project owners are free to configure and limit which protocols can be used to access the resources of a project.

So this is how it works, all project Web sites are now accessible both using HTTP and HTTPS. Although the Web server will default to HTTPS, you can simply specify "http://" in front of the URL and switch SSL off. If your network has a proxy, you should see a performance improvement when you don’t use SSL. In general your browser will cache static files such as images, CSS and JavaScript, so you should have a good performance anyway.

Similarly to the Web site, all repositories can now be accessed both via HTTP and HTTPS. If you had issues with Git over HTTPS in the past you can now remove SSL and avoid recompiling your libraries. If you like SSH better, don’t forget to read how to use Git over SSH in Projects. Last but not least, the WebDAV server can now be accessed with or without SSL.

If you are working in the Open Source you probably don’t worry about protecting your files and using HTTP might be a better option than HTTPS. Please note that when authenticating over HTTP, your password will be sent in clear and a man-in-the-middle might still try to steal it.

A project owner can control which protocols are enabled by visiting the Admin tab and then clicking on Protocols. By default they are all enabled. If you are concerned about security, disable HTTP.

This is how it looks in one of my projects, where I have disabled all HTTP access to Git and only allow HTTPS for WebDAV:

As a user you can choose which protocol you want to use when checking out or cloning a repository. To make life easier we changed the source page a little bit. See how now there are two buttons to choose the protocol you want to use. These change based on the repository type and available protocols.

The same applies to the Files section and the WebDAV protocol.

From day one we supported three different repositories in Projects, Git, SVN and Mercurial. All of them worked over HTTPS. A lot of us are used to using Git from the command line and SSH is much more convenient as a protocol and is still very secure. In some cases it also offers better performance.

It took us a little bit to configure properly our servers, proxies and make sure that it was secure. We chose gitosis and although we did not tell anyone we have been testing this for a couple of weeks now and it works GREAT!

If you have Git and SSH you don’t need to do very much, just give us your SSH key and allow a few minutes for our servers to sync and then you are ready to go.

Add your SSH key

On the Projects site, go to My projects (login required, of course).

Click on My projects settings.

Here you have all your preferences specific to Projects. Click on the SSH keys tab.

Enter a description of the key, your SSH key and press save. If there is ay error you will see a message in red and the key will not be save. The key MUST be 2048 bytes and not more than 4096. Make sure you upload you public key.

After a few minutes you will be able to clone your Git repository.

This is a screenshot of me cloning a test repository.

For more information see our updated manual on how to configure Git.