Differences

This shows you the differences between two versions of the page.

--- tech:devops:git [2019/04/20 21:17]
rk4n3
+++ tech:devops:git [2019/06/08 13:19] (current)
rk4n3
@@ Line 87: / Line 87: @@
-===== Set active branch in bare repo =====
+===== Git Service over HTTP/HTTPS =====
+==== ... for Apache ====
+First //(as root)//:<code>
+mkdir -p /var/www/git
+chown msamud1:apache /var/www/git
+chmod 2750 /var/www/git
+chcon -t httpd_sys_content_t /var/www/git
+</code>
+Then, create auth file with something like:  ''htpasswd -c /var/www/git/.htpasswd git'' //... prompted for password//
+=== For anonymous read/write ... ===
 In ''/etc/httpd/conf.d/git.conf'':<code>
 # Git-smart HTTP/HTTPS back-end
-SetEnv GIT_PROJECT_ROOT /home/www/git
+SetEnv GIT_PROJECT_ROOT /var/www/git
 SetEnv GIT_HTTP_EXPORT_ALL
 ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
 <Directory "/usr/libexec/git-core">
-        Options +ExecCGI
+	Options +ExecCGI
-        Require all granted
+	Require all granted
 </Directory>
-<Directory "/home/www/git">
+<LocationMatch "^/git/.*/git-receive-pack$">
-        Order allow,deny
+	Order allow,deny
+	Allow from all
+</LocationMatch>
+</code>
+=== ... or, for anonymous read and authenticated write ... ===
+In ''/etc/httpd/conf.d/git.conf'':<code>
+# Git-smart HTTP/HTTPS back-end
+SetEnv GIT_PROJECT_ROOT /var/www/git
+SetEnv GIT_HTTP_EXPORT_ALL
+ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
+<Directory "/usr/libexec/git-core">
+	Options +ExecCGI
+	Require all granted
 </Directory>
 <LocationMatch "^/git/.*/git-receive-pack$">
-        Order allow,deny
+	Order allow,deny
-        Allow from all
+	AuthType Basic
+	AuthName "Git Access"
+	AuthUserFile /var/www/git/.htpasswd
+	Require valid-user
+#	Require group committers
 </LocationMatch>
 </code>
-In ''/etc/httpd/conf.modules.d/00-git.conf'':<code>
+=== ... or, for authenticated read/write ... ===
+In ''/etc/httpd/conf.d/git.conf'':<code>
 # Git-smart HTTP/HTTPS back-end
+SetEnv GIT_PROJECT_ROOT /var/www/git
+SetEnv GIT_HTTP_EXPORT_ALL
+ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
+<Directory "/usr/libexec/git-core">
+	Options +ExecCGI
+	Order deny,allow
+	AuthType Basic
+	AuthName "Private Git Access"
+	AuthUserFile /var/www/git/.htpasswd
+	Require valid-user
+</Directory>
 </code>
+=== ... or, for LDAP authentication ... ===
+Ensure ''mod_ldap'' is installed, then in ''/etc/httpd/conf.d/git.conf'':
+<code>
+<Directory "/usr/libexec/git-core">
+	Options +ExecCGI
+	Order deny,allow
+	AuthType Basic
+	AuthName "Private Git Access"
+	AuthBasicProvider ldap
+	AuthLDAPURL "ldap://cosmos.samudio.net/dc=samudio,dc=net?uid?sub?"
+	Require valid-user
+</Directory>
+</code>
+=== ... Active Directory AuthLDAPURL ... ===
+<code>AuthLDAPURL "ldap://ad-ldap-prod.uhc.com/dc=ms,dc=ds,dc=uhc,dc=com?sAMAccountName?sub?(objectCategory=person)(objectClass=user)"</code>
+=== ... add specific location auth ... ===
+<code>
+<LocationMatch "^/git/yourrepo.*">
+... add same LDAP constructs, except for ...
+	Require ldap-attribute sAMAccountName="yourlogin"
+</LocationMatch>
+</code>
  \\
 // Links: [[tech:start|Tech Info]] ... [[tech:devops:start|Devops Info]] // \\

Albert Lea Data Wiki

User Tools

Site Tools

Differences

Page Tools