[英]Git repository over http, Apache2 configuration not working
My goal is to get anonymous read access ( git clone
/ git pull
) and authentified write access ( git push
) to a git bare repository via HTTP/HTTPS over an Apache2 web-server 2.4.29. My goal is to get anonymous read access (
git clone
/ git pull
) and authentified write access ( git push
) to a git bare repository via HTTP/HTTPS over an Apache2 web-server 2.4.29.
I try out the documented configuration ( https://git-scm.com/docs/git-http-backend ):我尝试了记录的配置( https://git-scm.com/docs/git-http-backend ):
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
... in both variants... ...在两种变体中...
Variant 1) With module mod_rewrite
:变体 1) 使用模块
mod_rewrite
:
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
<LocationMatch "^/git/">
Order Deny,Allow
Deny from env=AUTHREQUIRED
AuthType Basic
AuthName "Git Access"
AuthBasicProvider ldap
AuthLDAPURL ldap://ldapserver:386
Require user test
Satisfy Any
</LocationMatch>
Variant 2: Without module mod_rewrite
:变体 2:没有模块
mod_rewrite
:
<LocationMatch "^/git/.*/git-receive-pack$">
AuthType Basic
AuthName "Git Access"
AuthBasicProvider ldap
AuthLDAPURL ldap://ldapserver:386
Require user test
</LocationMatch>
<LocationMatch "^/git/">
Require all granted
Allow from all
</LocationMatch>
I am using debian package apache2 (2.4.29-1ubuntu4.14) on server side and git 2.29.2 on client side to test the configuration. I am using debian package apache2 (2.4.29-1ubuntu4.14) on server side and git 2.29.2 on client side to test the configuration.
Both variants are not working.两种变体都不起作用。
The problem is caused by uncomplete documentation https://git-scm.com/docs/git-http-backend .该问题是由不完整的文档https://git-scm.com/docs/git-http-backend引起的。
For Variant 1 (with module mod_rewrite
) it is needed to enable the rewrite engine.对于变体 1(带有模块
mod_rewrite
) ,需要启用重写引擎。 Adding RewriteEngine On
solves the problem.添加
RewriteEngine On
解决了这个问题。 With the proper LogLevel
statement (commented out in the following example), you can observe the proper behavior in apache2 log file.使用正确的
LogLevel
语句(在以下示例中注释掉),您可以在 apache2 日志文件中观察到正确的行为。
RewriteEngine On
#LogLevel alert rewrite:trace6
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
For Variant 2 (without module rewrite_mod
) the LocationMatch will not match in my case, because a git pull
is done with a query string:对于变体 2(没有模块
rewrite_mod
) ,在我的情况下 LocationMatch 将不匹配,因为git pull
是使用查询字符串完成的:
GET /git/repo.git/info/refs?service=git-receive-pack
The described LocationMatch is not able to check the query string of the request.所描述的 LocationMatch 无法检查请求的查询字符串。
See http://httpd.apache.org/docs/2.0/en/mod/core.html#location ...见http://httpd.apache.org/docs/2.0/en/mod/core.html#location ...
No scheme, hostname, port, or query string may be included.
不得包含方案、主机名、端口或查询字符串。
A solution is to add <If>...</If><Else>...</Else>
inside LocationMatch (see also 2019594 ).一种解决方案是在 LocationMatch 中添加
<If>...</If><Else>...</Else>
(另请参见2019594 )。 With the CustomLog
statement it is possible to check in log file if LocationMatch is working as desired (see https://serverfault.com/questions/718234/how-to-check-if-locationmatch-regex-is-working ).使用
CustomLog
语句,可以检查 LocationMatch 是否按需要工作(请参阅https://serverfault.com/questions/718234/how-to-check-if-locationmatch-regex-is-working )。
CustomLog ${APACHE_LOG_DIR}/location.log "%h %l %u %t \"%r\" %>s %b what:%{INDICATOR_VAR}e"
<LocationMatch "^/git/">
<If "%{QUERY_STRING} =~ /service=git-receive-pack/">
SetEnv INDICATOR_VAR "git push"
AuthType Basic
AuthName "Git Access"
AuthBasicProvider ldap
AuthLDAPURL ldap://ldapserver:386
Require user test
Allow from all
</If>
<Else>
SetEnv INDICATOR_VAR "git pull"
Require all granted
Allow from all
</Else>
</LocationMatch>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.