git-http-backend with CentOS7.1 and Apache 2.4 [FIX]

To enable anonymous read access but authenticated write access, require authorization for both the initial ref advertisement (which we detect as a push via the service parameter in the query string), and the receive-pack invocation itself:

<VirtualHost *:80>
ServerName <your server name>
DocumentRoot </path/to/git/repositories>
SetEnv GIT_PROJECT_ROOT /path/to/git/repositories

AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /opt/repositories/git/$1
AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /opt/repositories/git/$1

ScriptAlias / /usr/libexec/git-core/git-http-backend/
<Directory /usr/libexec/git-core*>
Options +Indexes +ExecCGI
AllowOverride None
Require all granted

<Directory "/path/to/git/repositories">
Dav On

#Authenticated commits.
<LocationMatch "^/">
AuthType Basic
AuthName "git access"
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthLDAPUrl "ldap URI" TLS
# As of commit 986bbc0 (http: don’t always prompt for password, 2011-11-04)
# git sends a simple get request prior to sending the whole push packet to check if it needs
# authorization. See also:
<if "%{QUERY_STRING} =~ /service=git-receive-pack/">
Require valid-user
<elseif "%{REQUEST_URI} =~ /^git-receive-pack$/">
Require valid-user

Dieser Beitrag wurde unter /dev/administration veröffentlicht. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.