git-http-backend with CentOS7.1 and Apache 2.4 [FIX]

To enable anonymous read access but authenticated write access, require authorization for both the initial ref advertisement (which we detect as a push via the service parameter in the query string), and the receive-pack invocation itself:

[bash]
<VirtualHost *:80>
ServerName <your server name>
DocumentRoot </path/to/git/repositories>
SetEnv GIT_PROJECT_ROOT /path/to/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER $REDIRECT_REMOTE_USER

AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /opt/repositories/git/$1
AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /opt/repositories/git/$1

ScriptAlias / /usr/libexec/git-core/git-http-backend/
<Directory /usr/libexec/git-core*>
Options +Indexes +ExecCGI
AllowOverride None
Require all granted
</Directory>

<Directory "/path/to/git/repositories">
Dav On
</Directory>

#Authenticated commits.
<LocationMatch "^/">
AuthType Basic
AuthName "git access"
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthLDAPUrl "ldap URI" TLS
# As of commit 986bbc0 (http: don’t always prompt for password, 2011-11-04)
# git sends a simple get request prior to sending the whole push packet to check if it needs
# authorization. See also: http://git.661346.n2.nabble.com/git-no-longer-prompting-for-password-td7565755.html
<if "%{QUERY_STRING} =~ /service=git-receive-pack/">
Require valid-user
</if>
<elseif "%{REQUEST_URI} =~ /^git-receive-pack$/">
Require valid-user
</elseif>
</LocationMatch>
</VirtualHost>
[/bash]

Dieser Beitrag wurde unter /dev/administration veröffentlicht. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.