Tommi's stuff » Open Source http://tommi.org Wed, 11 Jan 2012 17:25:37 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Git through apache, anonymous pull but authenticated push http://tommi.org/2012/01/git-through-apache-anonymous-pull-but-authenticated-push/ http://tommi.org/2012/01/git-through-apache-anonymous-pull-but-authenticated-push/#comments Wed, 11 Jan 2012 17:20:53 +0000 tommi http://tommi.org/?p=33 Continue reading ]]> I have been having this annoying issue where I needed to open ssh up to the internet in order to allow authenticated push with a centralized git server. After hours and hours of trying to master anonymous pull and authenticated push over http I finally made it, here goes:

Set the project root, where your git repositories are and you want to export everything:

SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL

Next we have to map the git http backend to a URL

# Enable git-http-backend
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

Get mod_rewrite to set a environment variable on push

# Enable mod_rewrite
RewriteEngine On

# Detect git push
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR,NC]
RewriteCond %{REQUEST_URI} ^/git/.*/git-receive-pack$ [NC]
RewriteRule .* - [E=AUTHREQUIRED:yes]

Demand auth on /git when pushing through Location

<Location /git>
        # If any deny clause matches, if authrequired is set
        Order Allow,Deny
        Deny from env=AUTHREQUIRED
        Allow from all
        # Satisfy either Allow/Deny or Require valid-user
        Satisfy Any
        # Auth info
        AuthType Basic
        AuthName "Git Access"
        # Password file created with htpasswd
        AuthUserFile /etc/httpd/conf.d/passwd
        Require valid-user
</Location>

Happy git push’ing!

Share

]]> http://tommi.org/2012/01/git-through-apache-anonymous-pull-but-authenticated-push/feed/ 0