git-http-backend with CentOS7.1 and Apache 2.4 [FIX]

To enable anonymous read access but authenticated write access, require authorization for both the initial ref advertisement (which we detect as a push via the service parameter in the query string), and the receive-pack invocation itself:

<VirtualHost *:80>
        ServerName <your server name>
	DocumentRoot </path/to/git/repositories>
	SetEnv GIT_PROJECT_ROOT /path/to/git/repositories
	SetEnv GIT_HTTP_EXPORT_ALL
	SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
	
	AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /opt/repositories/git/$1
	AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /opt/repositories/git/$1
	
	ScriptAlias / /usr/libexec/git-core/git-http-backend/
        <Directory /usr/libexec/git-core*> 
        	Options +Indexes +ExecCGI 
           	AllowOverride None 
    		Require all granted
        </Directory> 

	<Directory "/path/to/git/repositories">
		Dav On
	</Directory>

	#Authenticated commits.
	<LocationMatch "^/">
        	AuthType Basic
                AuthName "git access"
                AuthBasicProvider ldap
                AuthUserFile /dev/null
                AuthLDAPUrl "ldap URI" TLS
		# As of commit 986bbc0 (http: don't always prompt for password, 2011-11-04)
		# git sends a simple get request prior to sending the whole push packet to check if it needs 
		# authorization. See also: http://git.661346.n2.nabble.com/git-no-longer-prompting-for-password-td7565755.html
		<if "%{QUERY_STRING} =~ /service=git-receive-pack/">
                	Require valid-user
		</if>	
		<elseif "%{REQUEST_URI} =~ /^git-receive-pack$/">
                        Require valid-user
		</elseif>
	</LocationMatch>
</VirtualHost>
Dieser Beitrag wurde unter /dev/administration veröffentlicht. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.