blob: d343443fe459fbd2cc89e7939cbf2d887b22dbfa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#
#
# Git Smart HTTP Support (read/write)
# git push, clone and fetch allowed
SetEnv GIT_PROJECT_ROOT /srv/git
SetEnv GIT_HTTP_EXPORT_ALL 1
# Expose git-upload/receive-pack and info/refs.
ScriptAliasMatch "^(/.+/(git-upload-pack|git-receive-pack|info/refs))$" \
/usr/libexec/git-core/git-http-backend$1
# Authenticate against git push.
<LocationMatch "^/.+/git-receive-pack$">
AuthType Basic
AuthName "Git Push Access"
AuthUserFile ${GIT_HTTP_AUTH_FILE}
Require valid-user
</LocationMatch>
# Only allow git-upload-pack or git-receive-pack services and nothing else.
<LocationMatch "^/.+/info/refs$">
AuthType Basic
AuthName "Git Push Access"
AuthUserFile ${GIT_HTTP_AUTH_FILE}
<RequireAny>
# git clone/fetch, no auth
Require expr %{QUERY_STRING} == "service=git-upload-pack"
# git push, authenticated
<RequireAll>
Require expr %{QUERY_STRING} == "service=git-receive-pack"
Require valid-user
</RequireAll>
</RequireAny>
</LocationMatch>
# Allow git clone/fetch w/o auth.
<LocationMatch "^/.+/git-upload-pack$">
Require all granted
</LocationMatch>
|
