| blob | 9e70102aabf53c478328eb7a74998c6ace844a15 |
1 # This is example configuration of a virtualhost running Girocco, as set up
2 # at repo.or.cz; unfortunately, completely independent from Girocco::Config.
3 # It is not essential for Girocco to use a special virtualhost, however.
4 <VirtualHost *:80>
6 ServerName repo.or.cz
7 ServerAlias www.repo.or.cz
8 ServerAdmin admin@repo.or.cz
10 ErrorLog /var/log/apache2/repo-error.log
11 CustomLog /var/log/apache2/repo-access.log combined
13 AddHandler cgi-script .cgi
15 DocumentRoot /home/repo/WWW
16 <Directory /home/repo/WWW>
17 # Add MultiViews only if pages are truly
18 # offered in more than a single language
19 Options Indexes FollowSymLinks ExecCGI
20 AllowOverride All
21 Order allow,deny
22 Allow from all
23 DirectoryIndex gitweb.cgi
24 Satisfy all
25 </Directory>
27 ScriptAlias /w /home/repo/WWW/gitweb.cgi
28 ScriptAlias /h /home/repo/WWW/html.cgi
30 <Directory /srv/git>
31 Options FollowSymLinks
32 AllowOverride None
33 Order allow,deny
34 Allow from all
35 Satisfy all
37 <IfModule rewrite_module>
38 # Everything fetched over the non-smart git http
39 # protocol should be an existing file. If the request
40 # is not for an existing file, just send back an error
41 # message without emitting anything into the error log.
42 RewriteEngine On
43 RewriteCond %{REQUEST_FILENAME} !-f
44 RewriteRule .* - [R=404,L]
45 </IfModule>
46 </Directory>
48 <Directory /home/repo/repomgr/bin>
49 Options None
50 AllowOverride None
51 Order deny,allow
52 Deny from all
53 <Files git-http-backend-verify>
54 Allow from all
55 </Files>
56 Satisfy all
57 </Directory>
59 SetEnv GIT_PROJECT_ROOT /srv/git
60 SetEnv GIT_HTTP_EXPORT_ALL 1
62 # By default non-smart HTTP fetch access will be allowed, however
63 # by defining SmartHTTPOnly (or changing the sense of the IfDefine tests)
64 # non-smart HTTP requests can be denied directly by the web server
66 <IfDefine !SmartHTTPOnly>
67 # These accelerate non-smart HTTP access to loose objects and packs
68 AliasMatch ^/r/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/git/$1
69 AliasMatch ^/r/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/$1
70 </IfDefine>
72 <IfDefine SmartHTTPOnly>
73 # Disable non-smart HTTP access
74 RewriteEngine On
75 RewriteCond %{REQUEST_METHOD} !^POST$
76 RewriteRule ^/r/.*(?<!/info/refs)$ - [F]
77 RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
78 RewriteRule ^/r/.*/info/refs$ - [F]
79 </IfDefine>
81 # SetEnv GIT_HTTP_BACKEND_BIN to override Config.pm $git_http_backend_bin
82 ScriptAlias /r/ /home/repo/repomgr/bin/git-http-backend-verify/
84 </VirtualHost>
87 # This comments out the following so this file can be used as-is
88 <IfDefine DummyThatIsNotDefined>
91 # This is example configuration of an https virtualhost running Girocco, as set
92 # up at repo.or.cz; unfortunately, completely independent from Girocco::Config.
93 # It is not essential for Girocco to use a special virtualhost, however.
94 # The Config.pm $httpspushurl variable needs to be defined to properly enable
95 # https pushing.
96 <VirtualHost *:443>
98 # These certificate files will all be automatically generated, but the
99 # paths here may need to be corrected to match the paths
100 # (especially $certsdir) from Config.pm
102 SSLCertificateFile /home/repo/certs/girocco_www_crt.pem
103 SSLCertificateKeyFile /home/repo/certs/girocco_www_key.pem
104 SSLCertificateChainFile /home/repo/certs/girocco_www_chain.pem
105 # when using a paid www server cert, only the above three lines should
106 # be changed. Changing any of the below two lines (other than updating
107 # the paths to match $certsdir) will likely break https client auth
108 SSLCACertificateFile /home/repo/certs/girocco_root_crt.pem
109 SSLCADNRequestFile /home/repo/certs/girocco_client_crt.pem
111 SSLVerifyDepth 3
112 SSLOptions +FakeBasicAuth +StrictRequire
113 SSLEngine on
114 <Location />
115 SSLRequireSSL
116 </Location>
118 # This configuration allows fetching over https without a certificate
119 # while always requiring a certificate for pushing over https
120 RewriteEngine On
121 SSLVerifyClient optional
122 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
123 RewriteRule ^/r/.*/info/refs$ - [env=client_auth_required:1]
124 RewriteRule ^/r/.*/git-receive-pack$ - [env=client_auth_required:1]
125 RewriteCond %{ENV:client_auth_required} 1
126 RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
127 RewriteRule .* %{REQUEST_URI} [R=401]
128 <LocationMatch ^/r/>
129 Order deny,allow
130 Deny from env=client_auth_required
131 SSLOptions +FakeBasicAuth
132 AuthName "Git Client Authentication"
133 AuthType Basic
134 AuthBasicProvider anon
135 Anonymous *
136 Require valid-user
137 Satisfy any
138 </LocationMatch>
140 # *** IMPORTANT ***
141 #
142 # ALL the entire contents from the <VirtualHost *:80> section at
143 # the top of this file must be copied here.
144 #
145 # To avoid this duplication, the contents of the <VirtualHost *:80>
146 # section above can be moved to a separate file and then included
147 # both here and in the <VirtualHost *:80> section using an Include
148 # directive. Be careful not to place the new include file in one of the
149 # directories the standard apache configuration blindly includes all
150 # files from.
152 </VirtualHost>
155 # End commenting
156 </IfDefine>