| blob | ec3c8371253e3cbcb8c205cdb7fa70ed628fc0a3 |
1 ## To convert this file to apache.conf using the current Girocco::Config values
2 ## either do "make" or "make apache.conf" or ./make-apache-conf.sh
3 ##
4 # This is an example configuration of a virtualhost running Girocco, as set up
5 # at repo.or.cz; unfortunately, completely independent from Girocco::Config.
6 # It is not essential for Girocco to use a special virtualhost, however.
7 <VirtualHost *:80>
9 ServerName @@httpdnsname@@
10 ServerAlias www.@@httpdnsname@@
11 ServerAdmin @@admin@@
13 ErrorLog /var/log/apache2/repo-error.log
14 CustomLog /var/log/apache2/repo-access.log combined
16 AddHandler cgi-script .cgi
18 DocumentRoot @@webroot@@
19 <Directory @@webroot@@>
20 # Add MultiViews only if pages are truly
21 # offered in more than a single language
22 Options Indexes FollowSymLinks ExecCGI
23 AllowOverride All
24 Order allow,deny
25 Allow from all
26 DirectoryIndex gitweb.cgi
27 Satisfy all
28 </Directory>
30 ScriptAlias /w @@cgiroot@@/gitweb.cgi
31 ScriptAlias /h @@cgiroot@@/html.cgi
33 <IfModule rewrite_module>
34 RewriteEngine On
35 # Redirect bare /w requests without .git that name an existing repo...
36 RewriteCond @@reporoot@@/$1.git/HEAD -f
37 RewriteRule \
38 ^/w/((?:[a-zA-Z0-9+._-]+(?<!\.git)/)*[a-zA-Z0-9+._-]+(?<!\.git))/?$ \
39 /w/$1.git [L,R=301]
41 # ...and also make the leading /w optional for those types of requests
42 RewriteCond %{HTTP_USER_AGENT} !git/ [NC]
43 RewriteCond @@reporoot@@/$1.git/HEAD -f
44 RewriteRule \
45 ^/(?!w/)((?:[a-zA-Z0-9+._-]+(?<!\.git)/)*[a-zA-Z0-9+._-]+(?<!\.git))/?$ \
46 /$1.git [L,R=301]
48 # Make the leading /w optional if the rest names an existing repo
49 RewriteCond %{HTTP_USER_AGENT} !git/ [NC]
50 RewriteCond @@reporoot@@/$1/HEAD -f
51 # Might want to use [L,R] instead of [PT] maybe even [L,R=301]
52 RewriteRule \
53 ^/(?!w/)((?:[a-zA-Z0-9+._-]+(?<!\.git)/)*[a-zA-Z0-9+._-]+?\.git)((?:/.*)?)$ \
54 /w/$1$2 [PT]
55 </IfModule>
57 <Directory @@reporoot@@>
58 Options FollowSymLinks
59 AllowOverride None
60 Order allow,deny
61 Allow from all
62 Satisfy all
64 <IfModule rewrite_module>
65 # Everything fetched over the non-smart git http
66 # protocol should be an existing file. If the request
67 # is not for an existing file, just send back an error
68 # message without emitting anything into the error log.
69 RewriteEngine On
70 RewriteCond %{REQUEST_FILENAME} !-f
71 RewriteRule .* - [R=404,L]
72 </IfModule>
73 </Directory>
75 <Directory @@basedir@@/bin>
76 Options None
77 AllowOverride None
78 Order deny,allow
79 Deny from all
80 <Files git-http-backend-verify>
81 Options ExecCGI
82 Allow from all
83 </Files>
84 Satisfy all
85 </Directory>
87 SetEnv GIT_PROJECT_ROOT @@reporoot@@
88 SetEnv GIT_HTTP_EXPORT_ALL 1
90 # By default non-smart HTTP fetch access will be allowed, however
91 # by defining SmartHTTPOnly (or changing the sense of the IfDefine tests)
92 # non-smart HTTP requests can be denied directly by the web server
94 <IfDefine !SmartHTTPOnly>
95 # These accelerate non-smart HTTP access to loose objects and packs with the /r/ prefix
96 AliasMatch ^/r/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ @@reporoot@@/$1
97 AliasMatch ^/r/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ @@reporoot@@/$1
99 # These accelerate non-smart HTTP access for Git user agents without the /r/ prefix
100 <IfModule rewrite_module>
101 RewriteEngine On
102 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
103 RewriteRule "(?x) ^/((?!r/).*/objects/(?: \
104 (?:[0-9a-f]{2}/[0-9a-f]{38}) | \
105 (?:pack/pack-[0-9a-f]{40}.(?:pack|idx)) ))$" \
106 @@reporoot@@/$1 [L]
107 </IfModule>
108 </IfDefine>
110 <IfDefine SmartHTTPOnly>
111 # Disable non-smart HTTP access
112 RewriteEngine On
113 RewriteCond %{REQUEST_METHOD} !^POST$
114 RewriteRule ^/r/.*(?<!/info/refs)$ - [F]
115 RewriteCond %{REQUEST_URI} !^/authrequired[.]cgi$
116 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
117 RewriteCond %{REQUEST_METHOD} !^POST$
118 RewriteRule ^/(?!r/).*(?<!/info/refs)$ - [F]
119 RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
120 RewriteRule ^/r/.*/info/refs$ - [F]
121 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
122 RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
123 RewriteRule ^/(?!r/).*/info/refs$ - [F]
124 </IfDefine>
126 # SetEnv GIT_HTTP_BACKEND_BIN to override Config.pm $git_http_backend_bin
127 ScriptAlias /r/ @@basedir@@/bin/git-http-backend-verify/
129 # This allows HTTP access for Git user agents without the /r/ prefix
130 <IfModule rewrite_module>
131 RewriteEngine On
132 RewriteCond %{REQUEST_URI} !^/authrequired[.]cgi$
133 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
134 RewriteRule ^/(?!r/)(.*)$ \
135 @@basedir@@/bin/git-http-backend-verify/$1 \
136 [L,H=cgi-script]
137 </IfModule>
138 </VirtualHost>
141 # This comments out the following so this file can be used as-is
142 <IfDefine DummyThatIsNotDefined>
145 # This is an example configuration of an https virtualhost running Girocco, as set
146 # up at repo.or.cz; unfortunately, completely independent from Girocco::Config.
147 # It is not essential for Girocco to use a special virtualhost, however.
148 # The Config.pm $httpspushurl variable needs to be defined to properly enable
149 # https pushing.
150 <VirtualHost *:443>
152 # These certificate files will all be automatically generated, but the
153 # paths here may need to be corrected to match the paths
154 # (especially $certsdir) from Config.pm
156 SSLCertificateFile @@certsdir@@/girocco_www_crt.pem
157 SSLCertificateKeyFile @@certsdir@@/girocco_www_key.pem
158 SSLCertificateChainFile @@certsdir@@/girocco_www_chain.pem
159 # when using a paid www server cert, only the above three lines should
160 # be changed. Changing any of the below two lines (other than updating
161 # the paths to match $certsdir) will likely break https client auth
162 SSLCACertificateFile @@certsdir@@/girocco_root_crt.pem
163 SSLCADNRequestFile @@certsdir@@/girocco_client_crt.pem
165 SSLVerifyDepth 3
166 SSLOptions +FakeBasicAuth +StrictRequire
167 SSLEngine on
169 # This configuration allows fetching over https without a certificate
170 # while always requiring a certificate for pushing over https
171 RewriteEngine On
172 SSLVerifyClient optional
173 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
174 RewriteRule ^/r/.*/info/refs$ - [env=client_auth_required:1]
175 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
176 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
177 RewriteRule ^/(?!r/).*/info/refs$ - [env=client_auth_required:1]
178 RewriteRule ^/r/.*/git-receive-pack$ - [env=client_auth_required:1]
179 RewriteCond %{HTTP_USER_AGENT} git/ [NC]
180 RewriteRule ^/(?!r/).*/git-receive-pack$ - [env=client_auth_required:1]
181 RewriteCond %{ENV:client_auth_required} 1
182 RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
183 RewriteRule .* %{REQUEST_URI} [R=401]
184 <Location />
185 SSLRequireSSL
186 Order deny,allow
187 Deny from env=client_auth_required
188 SSLOptions +FakeBasicAuth
189 AuthName "Git Client Authentication"
190 AuthType Basic
191 AuthBasicProvider anon
192 Anonymous *
193 Require valid-user
194 Satisfy any
195 </Location>
196 ErrorDocument 401 /authrequired.cgi
198 # *** IMPORTANT ***
199 #
200 # ALL the entire contents from the <VirtualHost *:80> section at
201 # the top of this file must be copied here.
202 #
203 # To avoid this duplication, the contents of the <VirtualHost *:80>
204 # section above can be moved to a separate file and then included
205 # both here and in the <VirtualHost *:80> section using an Include
206 # directive. Be careful not to place the new include file in one of the
207 # directories the standard apache configuration blindly includes all
208 # files from.
210 </VirtualHost>
213 # End commenting
214 </IfDefine>