2008-07-07 22:22:15 +02:00
|
|
|
ServerName dummy
|
2008-02-27 20:28:45 +01:00
|
|
|
PidFile httpd.pid
|
|
|
|
DocumentRoot www
|
2009-01-17 16:11:51 +01:00
|
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
|
|
CustomLog access.log common
|
2008-02-27 20:28:45 +01:00
|
|
|
ErrorLog error.log
|
2009-03-11 12:47:06 +01:00
|
|
|
<IfModule !mod_log_config.c>
|
|
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
|
|
</IfModule>
|
2009-10-31 01:47:46 +01:00
|
|
|
<IfModule !mod_alias.c>
|
|
|
|
LoadModule alias_module modules/mod_alias.so
|
|
|
|
</IfModule>
|
2009-10-31 01:47:47 +01:00
|
|
|
<IfModule !mod_cgi.c>
|
|
|
|
LoadModule cgi_module modules/mod_cgi.so
|
|
|
|
</IfModule>
|
|
|
|
<IfModule !mod_env.c>
|
|
|
|
LoadModule env_module modules/mod_env.so
|
|
|
|
</IfModule>
|
2010-09-25 06:20:35 +02:00
|
|
|
<IfModule !mod_rewrite.c>
|
|
|
|
LoadModule rewrite_module modules/mod_rewrite.so
|
|
|
|
</IFModule>
|
2010-11-14 02:51:14 +01:00
|
|
|
<IfModule !mod_version.c>
|
|
|
|
LoadModule version_module modules/mod_version.so
|
|
|
|
</IfModule>
|
|
|
|
|
2013-06-21 20:12:51 +02:00
|
|
|
<IfVersion < 2.4>
|
|
|
|
LockFile accept.lock
|
|
|
|
</IfVersion>
|
|
|
|
|
2010-11-14 02:51:14 +01:00
|
|
|
<IfVersion < 2.1>
|
|
|
|
<IfModule !mod_auth.c>
|
|
|
|
LoadModule auth_module modules/mod_auth.so
|
|
|
|
</IfModule>
|
|
|
|
</IfVersion>
|
|
|
|
|
|
|
|
<IfVersion >= 2.1>
|
|
|
|
<IfModule !mod_auth_basic.c>
|
|
|
|
LoadModule auth_basic_module modules/mod_auth_basic.so
|
|
|
|
</IfModule>
|
|
|
|
<IfModule !mod_authn_file.c>
|
|
|
|
LoadModule authn_file_module modules/mod_authn_file.so
|
|
|
|
</IfModule>
|
|
|
|
<IfModule !mod_authz_user.c>
|
|
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
|
|
</IfModule>
|
2013-04-13 05:33:36 +02:00
|
|
|
<IfModule !mod_authz_host.c>
|
|
|
|
LoadModule authz_host_module modules/mod_authz_host.so
|
|
|
|
</IfModule>
|
2010-11-14 02:51:14 +01:00
|
|
|
</IfVersion>
|
2009-10-31 01:47:46 +01:00
|
|
|
|
2013-06-09 10:08:22 +02:00
|
|
|
<IfVersion >= 2.4>
|
|
|
|
<IfModule !mod_authn_core.c>
|
|
|
|
LoadModule authn_core_module modules/mod_authn_core.so
|
|
|
|
</IfModule>
|
|
|
|
<IfModule !mod_authz_core.c>
|
|
|
|
LoadModule authz_core_module modules/mod_authz_core.so
|
|
|
|
</IfModule>
|
2013-06-09 10:08:45 +02:00
|
|
|
<IfModule !mod_access_compat.c>
|
|
|
|
LoadModule access_compat_module modules/mod_access_compat.so
|
|
|
|
</IfModule>
|
2013-06-09 10:09:32 +02:00
|
|
|
<IfModule !mod_mpm_prefork.c>
|
|
|
|
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
|
|
|
</IfModule>
|
2013-06-09 10:08:22 +02:00
|
|
|
</IfVersion>
|
|
|
|
|
2012-07-24 15:43:59 +02:00
|
|
|
PassEnv GIT_VALGRIND
|
|
|
|
PassEnv GIT_VALGRIND_OPTIONS
|
|
|
|
|
2009-10-31 01:47:46 +01:00
|
|
|
Alias /dumb/ www/
|
2012-08-27 15:24:42 +02:00
|
|
|
Alias /auth/dumb/ www/auth/dumb/
|
2008-02-27 20:28:45 +01:00
|
|
|
|
2012-08-27 15:25:21 +02:00
|
|
|
<LocationMatch /smart/>
|
2009-10-31 01:47:47 +01:00
|
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
2009-12-28 22:49:00 +01:00
|
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
2012-08-27 15:25:21 +02:00
|
|
|
</LocationMatch>
|
|
|
|
<LocationMatch /smart_noexport/>
|
2009-12-28 22:49:00 +01:00
|
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
2012-08-27 15:25:21 +02:00
|
|
|
</LocationMatch>
|
|
|
|
<LocationMatch /smart_custom_env/>
|
2012-03-30 09:01:30 +02:00
|
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
|
|
SetEnv GIT_COMMITTER_NAME "Custom User"
|
|
|
|
SetEnv GIT_COMMITTER_EMAIL custom@example.com
|
2012-08-27 15:25:21 +02:00
|
|
|
</LocationMatch>
|
2013-04-10 02:55:08 +02:00
|
|
|
<LocationMatch /smart_namespace/>
|
|
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
|
|
SetEnv GIT_NAMESPACE ns
|
|
|
|
</LocationMatch>
|
2012-08-27 15:25:21 +02:00
|
|
|
ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
|
2013-01-31 22:02:07 +01:00
|
|
|
ScriptAlias /broken_smart/ broken-smart-http.sh/
|
2009-10-31 01:47:47 +01:00
|
|
|
<Directory ${GIT_EXEC_PATH}>
|
2012-07-24 15:43:59 +02:00
|
|
|
Options FollowSymlinks
|
2009-10-31 01:47:47 +01:00
|
|
|
</Directory>
|
2013-01-31 22:02:07 +01:00
|
|
|
<Files broken-smart-http.sh>
|
|
|
|
Options ExecCGI
|
|
|
|
</Files>
|
2009-10-31 01:47:47 +01:00
|
|
|
<Files ${GIT_EXEC_PATH}/git-http-backend>
|
|
|
|
Options ExecCGI
|
|
|
|
</Files>
|
|
|
|
|
2010-09-25 06:20:35 +02:00
|
|
|
RewriteEngine on
|
|
|
|
RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
|
|
|
|
RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
|
|
|
|
|
2008-02-27 20:28:45 +01:00
|
|
|
<IfDefine SSL>
|
|
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
|
|
|
|
|
|
SSLCertificateFile httpd.pem
|
|
|
|
SSLCertificateKeyFile httpd.pem
|
|
|
|
SSLRandomSeed startup file:/dev/urandom 512
|
|
|
|
SSLRandomSeed connect file:/dev/urandom 512
|
|
|
|
SSLSessionCache none
|
|
|
|
SSLMutex file:ssl_mutex
|
|
|
|
SSLEngine On
|
|
|
|
</IfDefine>
|
|
|
|
|
2010-11-14 02:51:14 +01:00
|
|
|
<Location /auth/>
|
|
|
|
AuthType Basic
|
|
|
|
AuthName "git-auth"
|
|
|
|
AuthUserFile passwd
|
|
|
|
Require valid-user
|
|
|
|
</Location>
|
|
|
|
|
2012-08-27 15:25:53 +02:00
|
|
|
<LocationMatch "^/auth-push/.*/git-receive-pack$">
|
|
|
|
AuthType Basic
|
|
|
|
AuthName "git-auth"
|
|
|
|
AuthUserFile passwd
|
|
|
|
Require valid-user
|
|
|
|
</LocationMatch>
|
|
|
|
|
remote-curl: retry failed requests for auth even with gzip
Commit b81401c taught the post_rpc function to retry the
http request after prompting for credentials. However, it
did not handle two cases:
1. If we have a large request, we do not retry. That's OK,
since we would have sent a probe (with retry) already.
2. If we are gzipping the request, we do not retry. That
was considered OK, because the intended use was for
push (e.g., listing refs is OK, but actually pushing
objects is not), and we never gzip on push.
This patch teaches post_rpc to retry even a gzipped request.
This has two advantages:
1. It is possible to configure a "half-auth" state for
fetching, where the set of refs and their sha1s are
advertised, but one cannot actually fetch objects.
This is not a recommended configuration, as it leaks
some information about what is in the repository (e.g.,
an attacker can try brute-forcing possible content in
your repository and checking whether it matches your
branch sha1). However, it can be slightly more
convenient, since a no-op fetch will not require a
password at all.
2. It future-proofs us should we decide to ever gzip more
requests.
Signed-off-by: Jeff King <peff@peff.net>
2012-10-31 12:29:16 +01:00
|
|
|
<LocationMatch "^/auth-fetch/.*/git-upload-pack$">
|
|
|
|
AuthType Basic
|
|
|
|
AuthName "git-auth"
|
|
|
|
AuthUserFile passwd
|
|
|
|
Require valid-user
|
|
|
|
</LocationMatch>
|
|
|
|
|
2013-04-13 05:33:36 +02:00
|
|
|
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
|
|
|
|
RewriteCond %{REQUEST_URI} /git-receive-pack$
|
|
|
|
RewriteRule ^/half-auth-complete/ - [E=AUTHREQUIRED:yes]
|
|
|
|
|
|
|
|
<Location /half-auth-complete/>
|
|
|
|
Order Deny,Allow
|
|
|
|
Deny from env=AUTHREQUIRED
|
|
|
|
|
|
|
|
AuthType Basic
|
|
|
|
AuthName "Git Access"
|
|
|
|
AuthUserFile passwd
|
|
|
|
Require valid-user
|
|
|
|
Satisfy Any
|
|
|
|
</Location>
|
|
|
|
|
2008-02-27 20:28:45 +01:00
|
|
|
<IfDefine DAV>
|
|
|
|
LoadModule dav_module modules/mod_dav.so
|
|
|
|
LoadModule dav_fs_module modules/mod_dav_fs.so
|
|
|
|
|
|
|
|
DAVLockDB DAVLock
|
2009-10-31 01:47:46 +01:00
|
|
|
<Location /dumb/>
|
2008-02-27 20:28:45 +01:00
|
|
|
Dav on
|
|
|
|
</Location>
|
2011-12-13 21:17:04 +01:00
|
|
|
<Location /auth/dumb>
|
|
|
|
Dav on
|
|
|
|
</Location>
|
2008-02-27 20:28:45 +01:00
|
|
|
</IfDefine>
|
|
|
|
|
|
|
|
<IfDefine SVN>
|
|
|
|
LoadModule dav_svn_module modules/mod_dav_svn.so
|
|
|
|
|
|
|
|
<Location /svn>
|
|
|
|
DAV svn
|
|
|
|
SVNPath svnrepo
|
|
|
|
</Location>
|
|
|
|
</IfDefine>
|