Albert Lea Data Wiki

User Tools

Site Tools

Trace:
tech:devops:git

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
tech:devops:git [2019/04/20 21:26]
rk4n3 		tech:devops:git [2019/06/08 13:19] (current)
rk4n3
Line 89: Line 89:
 ===== Git Service over HTTP/HTTPS ===== ===== Git Service over HTTP/HTTPS =====
 ==== ... for Apache ==== ==== ... for Apache ====
 +First //(as root)//:<​code>​
 +mkdir -p /​var/​www/​git
 +chown msamud1:​apache /​var/​www/​git
 +chmod 2750 /​var/​www/​git
 +chcon -t httpd_sys_content_t /​var/​www/​git
 +</​code>​
 +Then, create auth file with something like:  ''​htpasswd -c /​var/​www/​git/​.htpasswd git''​ //... prompted for password//
 +
 +=== For anonymous read/write ... ===
 In ''/​etc/​httpd/​conf.d/​git.conf'':<​code>​ In ''/​etc/​httpd/​conf.d/​git.conf'':<​code>​
 # Git-smart HTTP/HTTPS back-end # Git-smart HTTP/HTTPS back-end
-SetEnv GIT_PROJECT_ROOT /home/www/git+SetEnv GIT_PROJECT_ROOT /var/www/git
 SetEnv GIT_HTTP_EXPORT_ALL SetEnv GIT_HTTP_EXPORT_ALL
 ScriptAlias /git/ /​usr/​libexec/​git-core/​git-http-backend/​ ScriptAlias /git/ /​usr/​libexec/​git-core/​git-http-backend/​
Line 100: Line 109:
 </​Directory>​ </​Directory>​
  
-<Directory ​"/home/www/​git">​+<LocationMatch ​"^/git/.*/git-receive-pack$">
  Order allow,deny  Order allow,deny
 + Allow from all
 +</​LocationMatch>​
 +</​code>​
 +
 +
 +=== ... or, for anonymous read and authenticated write ... ===
 +In ''/​etc/​httpd/​conf.d/​git.conf'':<​code>​
 +# Git-smart HTTP/HTTPS back-end
 +SetEnv GIT_PROJECT_ROOT /​var/​www/​git
 +SetEnv GIT_HTTP_EXPORT_ALL
 +ScriptAlias /git/ /​usr/​libexec/​git-core/​git-http-backend/​
 +
 +<​Directory "/​usr/​libexec/​git-core">​
 + Options +ExecCGI
 + Require all granted
 </​Directory>​ </​Directory>​
  
 <​LocationMatch "​^/​git/​.*/​git-receive-pack$">​ <​LocationMatch "​^/​git/​.*/​git-receive-pack$">​
  Order allow,deny  Order allow,deny
- Allow from all+ AuthType Basic 
 + AuthName "Git Access"​ 
 + AuthUserFile /​var/​www/​git/​.htpasswd 
 + Require valid-user 
 +# Require group committers
 </​LocationMatch>​ </​LocationMatch>​
 </​code>​ </​code>​
  
 +
 +=== ... or, for authenticated read/write ... ===
 +In ''/​etc/​httpd/​conf.d/​git.conf'':<​code>​
 +# Git-smart HTTP/HTTPS back-end
 +SetEnv GIT_PROJECT_ROOT /​var/​www/​git
 +SetEnv GIT_HTTP_EXPORT_ALL
 +ScriptAlias /git/ /​usr/​libexec/​git-core/​git-http-backend/​
 +
 +<​Directory "/​usr/​libexec/​git-core">​
 + Options +ExecCGI
 + Order deny,allow
 + AuthType Basic
 + AuthName "​Private Git Access"​
 + AuthUserFile /​var/​www/​git/​.htpasswd
 + Require valid-user
 +</​Directory>​
 +</​code>​
 +
 +=== ... or, for LDAP authentication ... ===
 +Ensure ''​mod_ldap''​ is installed, then in ''/​etc/​httpd/​conf.d/​git.conf'':​
 +<​code> ​
 +<​Directory "/​usr/​libexec/​git-core">​
 + Options +ExecCGI
 + Order deny,allow
 + AuthType Basic
 + AuthName "​Private Git Access"​
 + AuthBasicProvider ldap
 + AuthLDAPURL "​ldap://​cosmos.samudio.net/​dc=samudio,​dc=net?​uid?​sub?"​
 + Require valid-user
 +</​Directory>​
 +</​code>​
 +
 +=== ... Active Directory AuthLDAPURL ... ===
 +<​code>​AuthLDAPURL "​ldap://​ad-ldap-prod.uhc.com/​dc=ms,​dc=ds,​dc=uhc,​dc=com?​sAMAccountName?​sub?​(objectCategory=person)(objectClass=user)"</​code>​
 +
 +=== ... add specific location auth ... ===
 +<​code>​
 +<​LocationMatch "​^/​git/​yourrepo.*">​
 +... add same LDAP constructs, except for ...
 + Require ldap-attribute sAMAccountName="​yourlogin"​
 +</​LocationMatch>​
 +</​code>​
  
  \\  \\
 // Links: [[tech:​start|Tech Info]] ... [[tech:​devops:​start|Devops Info]] // \\ // Links: [[tech:​start|Tech Info]] ... [[tech:​devops:​start|Devops Info]] // \\
  
tech/devops/git.1555813575.txt.gz · Last modified: 2019/04/20 21:26 by rk4n3

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki