1 files changed, 42 insertions, 0 deletions

diff --git a/etc/httpd/conf.d/git-http-pcf.conf b/etc/httpd/conf.d/git-http-pcf.conf
new file mode 100644
index 0000000..d343443
--- /dev/null
+++ b/etc/httpd/conf.d/git-http-pcf.conf
@@ -0,0 +1,42 @@
+#
+#
+# Git Smart HTTP Support (read/write)
+# git push, clone and fetch allowed
+
+SetEnv GIT_PROJECT_ROOT /srv/git
+SetEnv GIT_HTTP_EXPORT_ALL 1
+
+# Expose git-upload/receive-pack and info/refs.
+ScriptAliasMatch "^(/.+/(git-upload-pack|git-receive-pack|info/refs))$" \
+  /usr/libexec/git-core/git-http-backend$1
+
+# Authenticate against git push.
+<LocationMatch "^/.+/git-receive-pack$">
+    AuthType Basic
+    AuthName "Git Push Access"
+    AuthUserFile ${GIT_HTTP_AUTH_FILE}
+    Require valid-user
+</LocationMatch>
+
+# Only allow git-upload-pack or git-receive-pack services and nothing else.
+<LocationMatch "^/.+/info/refs$">
+    AuthType Basic
+    AuthName "Git Push Access"
+    AuthUserFile ${GIT_HTTP_AUTH_FILE}
+
+    <RequireAny>
+        # git clone/fetch, no auth
+        Require expr %{QUERY_STRING} == "service=git-upload-pack"
+
+        # git push, authenticated
+        <RequireAll>
+            Require expr %{QUERY_STRING} == "service=git-receive-pack"
+            Require valid-user
+        </RequireAll>
+    </RequireAny>
+</LocationMatch>
+
+# Allow git clone/fetch w/o auth.
+<LocationMatch "^/.+/git-upload-pack$">
+    Require all granted
+</LocationMatch>
\ No newline at end of file