Hello,
I'm trying to host a git repository via smart http on apache 2.4. I'm
also trying to make it viewable using gitweb. The goal is for all
transactions to happen over https so I've got a letsencrypt
certificate. Both reading and writing to the repo on the server should
prompt for a password. I'd appreciate knowing where i'm missing
something.
Another issue is if I go https://example.com/repos/myrepo.git I get a
repository not found but if I go to https://example.com/myrepo.git
that works, I'd like the former.
Any suggestions appreciated.
Thanks.
Dave.
# The git.example.com http virtual host
<VirtualHost *:80>
ServerAdmin webmaster@xxxxxxxxxxx
ServerName git.example.com
# share well-known for renewal via Let's Encrypt!
Alias "/.well-known/acme-challenge/" "/usr/local/www/.well-known/"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %(REQUEST_URI) !/\.well\-known/acme\-challenge/?.*
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# Access to .well-known for acme-challenge keys
<Directory "/usr/local/www/.well-known/">
Options None
AllowOverride None
Require all granted
Header add Content-Type text/plain
<LimitExcept GET POST HEAD>
Require all denied
</LimitExcept>
</Directory>
</VirtualHost>
# The git.example.com https virtual host
<VirtualHost *:443>
ServerAdmin webmaster@xxxxxxxxxxx
ServerName git.example.com
SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme/example.com/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/example.com/privkey.pem"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!3DES
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# gitweb
#RedirectMatch ^/$ /gitweb.cgi
#SetEnv GITWEB_PROJECTROOT /usr/local/www/gitweb
#Alias /gitweb.js /usr/local/www/gitweb/gitweb.js
#Alias /gitweb.css /usr/local/www/gitweb/gitweb.css
#Alias /git-logo.png /usr/local/www/gitweb/git-logo.png
#Alias /git-favicon.png /usr/local/www/gitweb/git-favicon.png
#ScriptAlias / "/usr/local/www/gitweb/"
#<Directory "/usr/local/www/gitweb/">
#AllowOverride None
#Options Indexes FollowSymLinks ExecCGI
#AddHandler cgi-script .cgi
#DirectoryIndex gitweb.cgi
#AuthType Basic
#AuthName "Authorization Required"
#AuthUserFile /usr/local/www/git/htpasswd
#Require valid-user
#</Directory>
<Location />
AuthType Basic
AuthName "Authorization Required"
AuthUserFile /usr/local/www/git/htpasswd
Require valid-user
</Location>
SetEnv GIT_PROJECT_ROOT /usr/local/www/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
"/usr/local/libexec/git-core/git-http-backend/$1"
Alias /repos /usr/local/www/git/repos
<Directory /usr/local/www/git/repos>
Options none
AllowOverride None
AuthType Basic
AuthName "Authorization Required"
AuthUserFile /usr/local/www/git/htpasswd
Require valid-user
</Directory>
<Directory /usr/local/libexec/git-core>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch -Includes
require all granted
AllowOverride None
</Directory>
CustomLog "/var/log/git-access.log" common
ErrorLog "/var/log/git-error.log"
</VirtualHost>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|