diff options
| author | RATDAD <lambda@disroot.org> | 2025-12-13 21:00:08 -0500 |
|---|---|---|
| committer | RATDAD <lambda@disroot.org> | 2025-12-13 21:00:08 -0500 |
| commit | 00dffa8cf5cac8322cb47f2222e424d3960e7939 (patch) | |
| tree | 7db0460694037b063f97058ecb9eb664b6162b45 /entrypoint.sh | |
| parent | de8d06726cae205ead43f8b1ac07ecc59a07363b (diff) | |
| download | cgit-docker-00dffa8cf5cac8322cb47f2222e424d3960e7939.tar.gz cgit-docker-00dffa8cf5cac8322cb47f2222e424d3960e7939.tar.bz2 cgit-docker-00dffa8cf5cac8322cb47f2222e424d3960e7939.zip | |
Added Git Smart HTTP Support
Diffstat (limited to 'entrypoint.sh')
| -rw-r--r-- | entrypoint.sh | 95 |
1 files changed, 92 insertions, 3 deletions
diff --git a/entrypoint.sh b/entrypoint.sh index a5eadf1..c00077f 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,4 +1,93 @@ -#!/usr/bin/env bash +#!/bin/bash +set -e -/opt/auth.sh -httpd -DFOREGROUND
\ No newline at end of file +export GIT_HTTP_MODE="${GIT_HTTP_MODE:-0}" # Default: disabled +export GIT_HTTP_AUTH=0 # whether http auth is enabled for git-http-backend +export GIT_HTTP_AUTH_FILE="${GIT_HTTP_AUTH_FILE:-/srv/git/.htpasswd}" +# Explicitly override for single .htpasswd for cgit/git-http-server +# GIT_HTTP_AUTH_FILE=/srv/www/htdocs/cgit/.htpasswd +CONF_DIR="/etc/httpd/conf.d" +ACTIVE_CONF="${CONF_DIR}/git-http.conf" + +# Remove any previously selected config +rm -f "${ACTIVE_CONF}" + +# HTTP BASIC AUTH FOR GIT +# Options are 0=disable +# 1=push only, 2=clone/fetch only, +# 3=push,clone/fetch, 4=push,clone/fetch w/auth +case "${GIT_HTTP_MODE}" in + 0) ;; + 1) + ln -s "${CONF_DIR}/git-http-p.conf" "${ACTIVE_CONF}" + echo "Using [git-http] Using Mode 1: git push (auth)" + GIT_HTTP_AUTH=1 + ;; + 2) + ln -s "${CONF_DIR}/git-http-cf.conf" "${ACTIVE_CONF}" + echo "[git-http] Using Mode 2: git clone/fetch only (no auth)" + ;; + 3) + ln -s "${CONF_DIR}/git-http-pcf.conf" "${ACTIVE_CONF}" + echo "[git-http] Using Mode 3: git push (auth) + git clone/fetch (no auth)" + GIT_HTTP_AUTH=1 + ;; + 4) + ln -s "${CONF_DIR}/git-http-apcf.conf" "${ACTIVE_CONF}" + echo "[git-http] Using Mode 4: git push + git clone/fetch (auth)" + GIT_HTTP_AUTH=1 + ;; + *) + echo "[git-http] ERROR: invalid GIT_HTTP_MODE=${GIT_HTTP_MODE}" >&2 + exit 1 + ;; +esac + +# Set up auth credentials for git-http-backend +if [ "$GIT_HTTP_AUTH" -eq 1 ]; then + if [ -z "$GIT_HTTP_AUTH_USER" ] || [ -z "$GIT_HTTP_AUTH_PASSWORD" ]; then + echo "[git-http] ERROR: Auth Enabled, but GIT_HTTP_AUTH_USER/PASSWORD is missing." >&2 + exit 1 + fi + # If .htpasswd exists already, don't recreate it. + if [ ! -f "$GIT_HTTP_AUTH_FILE" ]; then + htpasswd -c -b "$GIT_HTTP_AUTH_FILE" \ + "$GIT_HTTP_AUTH_USER" "$GIT_HTTP_AUTH_PASSWORD" + echo "[git-http] INFO: Credentials written to ${GIT_HTTP_AUTH_FILE}." + else + htpasswd -b "$GIT_HTTP_AUTH_FILE" \ + "$GIT_HTTP_AUTH_USER" "$GIT_HTTP_AUTH_PASSWORD" + echo "[git-http] INFO: Using ${GIT_HTTP_AUTH_FILE} for auth credentials." + fi + + # Ensure proper permissions for /srv/git/.htpasswd + chown root:apache "$GIT_HTTP_AUTH_FILE" + chmod 640 "$GIT_HTTP_AUTH_FILE" +fi + +# HTTP BASIC AUTH FOR CGIT +if [ -n "$HTTP_AUTH_PASSWORD" ]; then + HTTP_AUTH_USER="${HTTP_AUTH_USER:-admin}" + + # Create a .htaccess file. + cat > /srv/www/htdocs/cgit/.htaccess <<EOF +AuthType Basic +AuthName "CGit" +AuthUserFile /srv/www/htdocs/cgit/.htpasswd +Require valid-user +EOF + + if [ ! -f /srv/www/htdocs/cgit/.htpasswd ]; then + htpasswd -c -b /srv/www/htdocs/cgit/.htpasswd \ + "$HTTP_AUTH_USER" "$HTTP_AUTH_PASSWORD" + else + htpasswd -b /srv/www/htdocs/cgit/.htpasswd \ + "$HTTP_AUTH_USER" "$HTTP_AUTH_PASSWORD" + fi + + # Ensure correct permissions for .htpasswd + chown root:apache /srv/www/htdocs/cgit/.htpasswd + chmod 640 /srv/www/htdocs/cgit/.htpasswd +fi + +exec /usr/sbin/httpd -DFOREGROUND |