Git身份验证推送过Apache
[英]Git Authenticated push over apache
问题描述
I have several Git repositories. 
我有几个Git存储库。 All of them can be accessed through apache server and R/W access is given to all. 所有这些都可以通过apache服务器进行访问,并且所有人都可以进行R / W访问。 But some repository should have authenticated push to it. 但是某些存储库应该已对其进行身份验证推送。 I have done something like this 我做了这样的事情
<LocationMatch "^/.*/git-receive-pack$">
AuthType Basic
AuthName "Git Access"
AuthBasicProvider file
# Password file created with htpasswd
AuthUserFile /sample/password
Require valid-user
</LocationMatch>
But it is asking for username and password for all the repositories. 但是它要求所有存储库的用户名和密码。 I want to enable it for only few repositories. 我只想为几个存储库启用它。
1 个解决方案
解决方案1
0 已采纳 2014-10-15 13:32:32
Some background 一些背景
The idea is that when pushing via HTTP[S], Git performs requests like this 这个想法是当通过HTTP [S]推送时,Git执行这样的请求
http://user@server/git/foo.git/info/refs?service=git-receive-pack
The part of this URI which <Location> or <LocationMatch> directives consider when matching is 匹配时<Location>或<LocationMatch>指令考虑的URI的一部分是
/git/foo.git/info/refs?service=git-receive-pack
It can be broken down into several parts: 它可以分为几个部分:
The common prefix, including the name of the repository:
通用前缀,包括存储库名称: /git/foo.gitThat's what you directly specify in the repository's URI when telling about it to Git, like when doing
git clone http://user@server/git/foo.git.这就是您在向Git讲它时, 直接在存储库URI中指定的内容,例如进行git clone http://user@server/git/foo.git。The technical bits, telling server-side Git what do you want from the request:
技术知识,告诉服务器端Git您从请求中想要什么: /info/refs?service=git-receive-packThis part is added by the client-side Git, and you have no control over it.
这部分是由客户端Git添加的,您无法控制它。
How to fix the problem at hand 如何解决眼前的问题
The .* bit in your directive matches zero or more any characters, so it obviously matches anything in your Git URIs. 指令中的.*位与零个或多个任何字符匹配,因此显然与Git URI中的任何字符匹配。
You need to refine this pattern to somehow refer to only the repos you want the push restriction to be applied to. 您需要改进此模式,以某种方式仅引用您要应用推送限制的存储库。 And also keep in mind that if you're using a common prefix (like that /git/ in my examples above) it will have to be matched as well. 另外请记住,如果您使用通用前缀(例如上面的示例中的/git/ ),则也必须将其匹配。
Now it's about writing a proper regular expression. 现在是关于编写适当的正则表达式。
One approach is to specify them directly—using the so-called alterations—like in 一种方法是使用所谓的更改直接指定它们,例如
<LocationMatch "^/git/(repo1|repo2|repo3)/.*/git-receive-pack$">
while another is to move all the repos requiring protection under a common directory, say, priv , and use something like 而另一种方法是将所有需要保护的存储库移到一个公共目录(例如priv ,并使用类似
<LocationMatch "^/git/priv/.*/git-receive-pack$">
The latter approach does not require you updating the Apache's configuration and reloading it when you add another repository requiring authenticated pushes: just drop it in a directory mapped by that /priv prefix. 后一种方法不需要您在添加另一个需要经过身份验证的推送的存储库时更新Apache的配置并重新加载它:只需将其放在该/priv前缀所映射的目录中即可。
Of course, exact parts of that URI specification depends on the rest of your configuration (like whether to use that ^/git/ prefix of not etc). 当然,该URI规范的确切部分取决于配置的其余部分(例如是否使用^/git/ not的前缀等)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.