| blob | 4a9ae863264bfee53bd0ac06fd33105b33695ac8 |
1 ## To convert this file to apache.conf using the current Girocco::Config values
2 ## either do "make" or "make apache.conf" or ./make-apache-conf.sh
3 ##
4 # This is an example configuration of a virtualhost running Girocco, as set up
5 # at repo.or.cz; unfortunately, completely independent from Girocco::Config.
6 # It is not essential for Girocco to use a special virtualhost, however.
7 <VirtualHost *:80>
9 ServerName @@httpdnsname@@
10 ServerAlias www.@@httpdnsname@@
11 ServerAdmin @@admin@@
13 ErrorLog /var/log/apache2/repo-error.log
14 CustomLog /var/log/apache2/repo-access.log combined
16 AddHandler cgi-script .cgi
18 DocumentRoot @@webroot@@
19 <Directory @@webroot@@>
20 # Add MultiViews only if pages are truly
21 # offered in more than a single language
22 Options Indexes FollowSymLinks ExecCGI
23 AllowOverride All
24 Order allow,deny
25 Allow from all
26 DirectoryIndex gitweb.cgi
27 Satisfy all
28 </Directory>
30 ScriptAlias /w @@cgiroot@@/gitweb.cgi
31 ScriptAlias /h @@cgiroot@@/html.cgi
33 <IfModule rewrite_module>
34 # Make the leading /w optional if the rest names an existing repo
35 RewriteEngine On
36 RewriteCond %{HTTP_USER_AGENT} !git/ [NC]
37 RewriteCond @@reporoot@@/$1/HEAD -f
38 # Might want to use [NC,L,R] instead of [NC,PT] maybe even [NC,L,R=301]
39 RewriteRule \
40 ^/(?!w/)((?:[a-z0-9+._-]+(?<!\.git)/)*[a-z0-9+._-]+?\.git)((?:/.*)?)$ \
41 /w/$1$2 [NC,PT]
42 </IfModule>
44 <Directory @@reporoot@@>
45 Options FollowSymLinks
46 AllowOverride None
47 Order allow,deny
48 Allow from all
49 Satisfy all
51 <IfModule rewrite_module>
52 # Everything fetched over the non-smart git http
53 # protocol should be an existing file. If the request
54 # is not for an existing file, just send back an error
55 # message without emitting anything into the error log.
56 RewriteEngine On
57 RewriteCond %{REQUEST_FILENAME} !-f
58 RewriteRule .* - [R=404,L]
59 </IfModule>
60 </Directory>
62 <Directory @@basedir@@/bin>
63 Options None
64 AllowOverride None
65 Order deny,allow
66 Deny from all
67 <Files git-http-backend-verify>
68 Options ExecCGI
69 Allow from all
70 </Files>
71 Satisfy all
72 </Directory>
74 SetEnv GIT_PROJECT_ROOT @@reporoot@@
75 SetEnv GIT_HTTP_EXPORT_ALL 1
77 # By default non-smart HTTP fetch access will be allowed, however
78 # by defining SmartHTTPOnly (or changing the sense of the IfDefine tests)
79 # non-smart HTTP requests can be denied directly by the web server
81 <IfDefine !SmartHTTPOnly>
82 # These accelerate non-smart HTTP access to loose objects and packs with the /r/ prefix
83 AliasMatch ^/r/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ @@reporoot@@/$1
84 AliasMatch ^/r/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ @@reporoot@@/$1
86 # These accelerate non-smart HTTP access for Git user agents without the /r/ prefix
87 <IfModule rewrite_module>
88 RewriteEngine On
89 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
90 RewriteRule "(?x) ^/((?!r/).*/objects/(?: \
91 (?:[0-9a-f]{2}/[0-9a-f]{38}) | \
92 (?:pack/pack-[0-9a-f]{40}.(?:pack|idx)) ))$" \
93 @@reporoot@@/$1 [L]
94 </IfModule>
95 </IfDefine>
97 <IfDefine SmartHTTPOnly>
98 # Disable non-smart HTTP access
99 RewriteEngine On
100 RewriteCond %{REQUEST_METHOD} !^POST$
101 RewriteRule ^/r/.*(?<!/info/refs)$ - [F]
102 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
103 RewriteCond %{REQUEST_METHOD} !^POST$
104 RewriteRule ^/(?!r/).*(?<!/info/refs)$ - [F]
105 RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
106 RewriteRule ^/r/.*/info/refs$ - [F]
107 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
108 RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
109 RewriteRule ^/(?!r/).*/info/refs$ - [F]
110 </IfDefine>
112 # SetEnv GIT_HTTP_BACKEND_BIN to override Config.pm $git_http_backend_bin
113 ScriptAlias /r/ @@basedir@@/bin/git-http-backend-verify/
115 # This allows HTTP access for Git user agents without the /r/ prefix
116 <IfModule rewrite_module>
117 RewriteEngine On
118 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
119 RewriteRule ^/(?!r/)(.*)$ \
120 @@basedir@@/bin/git-http-backend-verify/$1 \
121 [L,H=cgi-script]
122 </IfModule>
123 </VirtualHost>
126 # This comments out the following so this file can be used as-is
127 <IfDefine DummyThatIsNotDefined>
130 # This is an example configuration of an https virtualhost running Girocco, as set
131 # up at repo.or.cz; unfortunately, completely independent from Girocco::Config.
132 # It is not essential for Girocco to use a special virtualhost, however.
133 # The Config.pm $httpspushurl variable needs to be defined to properly enable
134 # https pushing.
135 <VirtualHost *:443>
137 # These certificate files will all be automatically generated, but the
138 # paths here may need to be corrected to match the paths
139 # (especially $certsdir) from Config.pm
141 SSLCertificateFile @@certsdir@@/girocco_www_crt.pem
142 SSLCertificateKeyFile @@certsdir@@/girocco_www_key.pem
143 SSLCertificateChainFile @@certsdir@@/girocco_www_chain.pem
144 # when using a paid www server cert, only the above three lines should
145 # be changed. Changing any of the below two lines (other than updating
146 # the paths to match $certsdir) will likely break https client auth
147 SSLCACertificateFile @@certsdir@@/girocco_root_crt.pem
148 SSLCADNRequestFile @@certsdir@@/girocco_client_crt.pem
150 SSLVerifyDepth 3
151 SSLOptions +FakeBasicAuth +StrictRequire
152 SSLEngine on
154 # This configuration allows fetching over https without a certificate
155 # while always requiring a certificate for pushing over https
156 RewriteEngine On
157 SSLVerifyClient optional
158 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
159 RewriteRule ^/r/.*/info/refs$ - [env=client_auth_required:1]
160 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
161 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
162 RewriteRule ^/(?!r/).*/info/refs$ - [env=client_auth_required:1]
163 RewriteRule ^/r/.*/git-receive-pack$ - [env=client_auth_required:1]
164 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
165 RewriteRule ^/(?!r/).*/git-receive-pack$ - [env=client_auth_required:1]
166 RewriteCond %{ENV:client_auth_required} 1
167 RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
168 RewriteRule .* %{REQUEST_URI} [R=401]
169 <Location />
170 SSLRequireSSL
171 Order deny,allow
172 Deny from env=client_auth_required
173 SSLOptions +FakeBasicAuth
174 AuthName "Git Client Authentication"
175 AuthType Basic
176 AuthBasicProvider anon
177 Anonymous *
178 Require valid-user
179 Satisfy any
180 </Location>
182 # *** IMPORTANT ***
183 #
184 # ALL the entire contents from the <VirtualHost *:80> section at
185 # the top of this file must be copied here.
186 #
187 # To avoid this duplication, the contents of the <VirtualHost *:80>
188 # section above can be moved to a separate file and then included
189 # both here and in the <VirtualHost *:80> section using an Include
190 # directive. Be careful not to place the new include file in one of the
191 # directories the standard apache configuration blindly includes all
192 # files from.
194 </VirtualHost>
197 # End commenting
198 </IfDefine>