| blob | eee64ae59593df208bf31ff9a9a54e8eb362ad22 |
1 # This is example configuration of a virtualhost running Girocco, as set up
2 # at repo.or.cz; unfortunately, completely independent from Girocco::Config.
3 # It is not essential for Girocco to use a special virtualhost, however.
4 <VirtualHost *:80>
6 ServerName repo.or.cz
7 ServerAlias www.repo.or.cz
8 ServerAdmin admin@repo.or.cz
10 ErrorLog /var/log/apache2/repo-error.log
11 CustomLog /var/log/apache2/repo-access.log combined
13 AddHandler cgi-script .cgi
15 DocumentRoot /home/repo/WWW
16 <Directory /home/repo/WWW>
17 # Add MultiViews only if pages are truly
18 # offered in more than a single language
19 Options Indexes FollowSymLinks ExecCGI
20 AllowOverride All
21 Order allow,deny
22 Allow from all
23 DirectoryIndex gitweb.cgi
24 Satisfy all
25 </Directory>
27 ScriptAlias /w /home/repo/WWW/gitweb.cgi
28 ScriptAlias /h /home/repo/WWW/html.cgi
30 <IfModule rewrite_module>
31 # Make the leading /w optional if the rest names an existing repo
32 RewriteEngine On
33 RewriteCond %{HTTP_USER_AGENT} !git/ [NC]
34 RewriteCond /srv/git/$1/HEAD -f
35 # Might want to use [NC,L,R] instead of [NC,PT] maybe even [NC,L,R=301]
36 RewriteRule \
37 ^/(?!w/)((?:[a-z0-9+._-]+(?<!\.git)/)*[a-z0-9+._-]+?\.git)((?:/.*)?)$ \
38 /w/$1$2 [NC,PT]
39 </IfModule>
41 <Directory /srv/git>
42 Options FollowSymLinks
43 AllowOverride None
44 Order allow,deny
45 Allow from all
46 Satisfy all
48 <IfModule rewrite_module>
49 # Everything fetched over the non-smart git http
50 # protocol should be an existing file. If the request
51 # is not for an existing file, just send back an error
52 # message without emitting anything into the error log.
53 RewriteEngine On
54 RewriteCond %{REQUEST_FILENAME} !-f
55 RewriteRule .* - [R=404,L]
56 </IfModule>
57 </Directory>
59 <Directory /home/repo/repomgr/bin>
60 Options None
61 AllowOverride None
62 Order deny,allow
63 Deny from all
64 <Files git-http-backend-verify>
65 Options ExecCGI
66 Allow from all
67 </Files>
68 Satisfy all
69 </Directory>
71 SetEnv GIT_PROJECT_ROOT /srv/git
72 SetEnv GIT_HTTP_EXPORT_ALL 1
74 # By default non-smart HTTP fetch access will be allowed, however
75 # by defining SmartHTTPOnly (or changing the sense of the IfDefine tests)
76 # non-smart HTTP requests can be denied directly by the web server
78 <IfDefine !SmartHTTPOnly>
79 # These accelerate non-smart HTTP access to loose objects and packs with the /r/ prefix
80 AliasMatch ^/r/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/git/$1
81 AliasMatch ^/r/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/$1
83 # These accelerate non-smart HTTP access for Git user agents without the /r/ prefix
84 <IfModule rewrite_module>
85 RewriteEngine On
86 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
87 RewriteRule "(?x) ^/((?!r/).*/objects/(?: \
88 (?:[0-9a-f]{2}/[0-9a-f]{38}) | \
89 (?:pack/pack-[0-9a-f]{40}.(?:pack|idx)) ))$" \
90 /srv/git/$1 [L]
91 </IfModule>
92 </IfDefine>
94 <IfDefine SmartHTTPOnly>
95 # Disable non-smart HTTP access
96 RewriteEngine On
97 RewriteCond %{REQUEST_METHOD} !^POST$
98 RewriteRule ^/r/.*(?<!/info/refs)$ - [F]
99 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
100 RewriteCond %{REQUEST_METHOD} !^POST$
101 RewriteRule ^/(?!r/).*(?<!/info/refs)$ - [F]
102 RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
103 RewriteRule ^/r/.*/info/refs$ - [F]
104 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
105 RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
106 RewriteRule ^/(?!r/).*/info/refs$ - [F]
107 </IfDefine>
109 # SetEnv GIT_HTTP_BACKEND_BIN to override Config.pm $git_http_backend_bin
110 ScriptAlias /r/ /home/repo/repomgr/bin/git-http-backend-verify/
112 # This allows HTTP access for Git user agents without the /r/ prefix
113 <IfModule rewrite_module>
114 RewriteEngine On
115 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
116 RewriteRule ^/(?!r/)(.*)$ \
117 /home/repo/repomgr/bin/git-http-backend-verify/$1 \
118 [L,H=cgi-script]
119 </IfModule>
120 </VirtualHost>
123 # This comments out the following so this file can be used as-is
124 <IfDefine DummyThatIsNotDefined>
127 # This is example configuration of an https virtualhost running Girocco, as set
128 # up at repo.or.cz; unfortunately, completely independent from Girocco::Config.
129 # It is not essential for Girocco to use a special virtualhost, however.
130 # The Config.pm $httpspushurl variable needs to be defined to properly enable
131 # https pushing.
132 <VirtualHost *:443>
134 # These certificate files will all be automatically generated, but the
135 # paths here may need to be corrected to match the paths
136 # (especially $certsdir) from Config.pm
138 SSLCertificateFile /home/repo/certs/girocco_www_crt.pem
139 SSLCertificateKeyFile /home/repo/certs/girocco_www_key.pem
140 SSLCertificateChainFile /home/repo/certs/girocco_www_chain.pem
141 # when using a paid www server cert, only the above three lines should
142 # be changed. Changing any of the below two lines (other than updating
143 # the paths to match $certsdir) will likely break https client auth
144 SSLCACertificateFile /home/repo/certs/girocco_root_crt.pem
145 SSLCADNRequestFile /home/repo/certs/girocco_client_crt.pem
147 SSLVerifyDepth 3
148 SSLOptions +FakeBasicAuth +StrictRequire
149 SSLEngine on
151 # This configuration allows fetching over https without a certificate
152 # while always requiring a certificate for pushing over https
153 RewriteEngine On
154 SSLVerifyClient optional
155 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
156 RewriteRule ^/r/.*/info/refs$ - [env=client_auth_required:1]
157 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
158 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
159 RewriteRule ^/(?!r/).*/info/refs$ - [env=client_auth_required:1]
160 RewriteRule ^/r/.*/git-receive-pack$ - [env=client_auth_required:1]
161 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
162 RewriteRule ^/(?!r/).*/git-receive-pack$ - [env=client_auth_required:1]
163 RewriteCond %{ENV:client_auth_required} 1
164 RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
165 RewriteRule .* %{REQUEST_URI} [R=401]
166 <Location />
167 SSLRequireSSL
168 Order deny,allow
169 Deny from env=client_auth_required
170 SSLOptions +FakeBasicAuth
171 AuthName "Git Client Authentication"
172 AuthType Basic
173 AuthBasicProvider anon
174 Anonymous *
175 Require valid-user
176 Satisfy any
177 </Location>
179 # *** IMPORTANT ***
180 #
181 # ALL the entire contents from the <VirtualHost *:80> section at
182 # the top of this file must be copied here.
183 #
184 # To avoid this duplication, the contents of the <VirtualHost *:80>
185 # section above can be moved to a separate file and then included
186 # both here and in the <VirtualHost *:80> section using an Include
187 # directive. Be careful not to place the new include file in one of the
188 # directories the standard apache configuration blindly includes all
189 # files from.
191 </VirtualHost>
194 # End commenting
195 </IfDefine>