Merge branch 'baserock/richardipsum/gitano_http'

This series contains the changes needed
to let trove use gitano's new http services

The main changes:
    * trove-early-setup now generates an ssl certificate
    so we can do https

    * there are two lighttpd processes: one for gitano
    and one for morph cache server. We do this because
    gitano needs to run as the git user and morph
    cache server needs to run as the cache user

The ruleset has also been updated to allow
anonymous clones over http

Reviewed by:
    Richard Maw

4 files changed, 83 insertions, 11 deletions

diff --git a/etc/gitano-setup.clod b/etc/gitano-setup.clod
index 96377c2..b63aeb6 100644
--- a/etc/gitano-setup.clod
+++ b/etc/gitano-setup.clod
@@ -13,4 +13,6 @@ admin.keyname "trove"
 site.name "##TROVE_TITLE## for ##TROVE_COMPANY##"
 log.prefix "##TROVE_LOG_PREFIX##"
 
+use.htpasswd "yes"
+
 setup.batch = true
diff --git a/etc/lighttpd/git-auth.conf b/etc/lighttpd/git-auth.conf
new file mode 100644
index 0000000..9b7a010
--- /dev/null
+++ b/etc/lighttpd/git-auth.conf
@@ -0,0 +1,10 @@
+auth.require = (
+	"/" => (
+		"method" => "basic",
+		"realm" => "Git Access",
+		"require" => "valid-user"
+	       )
+)
+
+auth.backend = "htpasswd"
+auth.backend.htpasswd.userfile = "/home/git/htpasswd"
diff --git a/etc/lighttpd/git-httpd.conf b/etc/lighttpd/git-httpd.conf
new file mode 100644
index 0000000..94e9c26
--- /dev/null
+++ b/etc/lighttpd/git-httpd.conf
@@ -0,0 +1,67 @@
+server.document-root = "/var/www/htdocs"
+
+server.port = 80
+
+server.username = "git"
+server.groupname = "git"
+
+server.modules = (
+    "mod_access",
+    "mod_alias",
+    "mod_compress",
+    "mod_redirect",
+    "mod_cgi",
+    "mod_auth",
+    "mod_setenv",
+)
+
+$SERVER["socket"] == ":443" {
+  ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
+}
+
+index-file.names = ("index.html")
+
+cgi.assign = ("gitano-command.cgi" => "/usr/bin/lua5.1",
+	"gitano-smart-http.cgi" => "/usr/bin/lua5.1",
+	"cgit.cgi" => ""
+)
+cgi.execute-x-only = "enable"
+
+mimetype.assign = (
+  ".html" => "text/html",
+  ".txt" => "text/plain",
+  ".jpg" => "image/jpeg",
+  ".png" => "image/png",
+  ".css" => "text/css"
+)
+
+$HTTP["url"] =~ ".*/gitano-command.cgi$" {
+        setenv.add-environment = (
+                "HOME" => "/home/git",
+                "GITANO_ROOT" => "/home/git/repos"
+        )
+}
+
+$HTTP["url"] =~ "^/git/.*$" {
+        alias.url += ( "/git" => "/var/www/htdocs/gitano-smart-http.cgi" )
+
+        cgi.assign = ("" => "")
+        setenv.add-environment = (
+                "GIT_HTTP_EXPORT_ALL" => "",
+                "GIT_PROJECT_ROOT" => "/home/git/repos",
+                "HOME" => "/home/git",
+                "GITANO_ROOT" => "/home/git/repos"
+        )
+}
+
+$HTTP["scheme"] == "https" {
+        include "git-auth.conf"
+
+        $HTTP["querystring"] =~ "service=git-receive-pack" {
+                include "git-auth.conf"
+        }
+
+        $HTTP["url"] =~ "^/git/.*/git-receive-pack$" {
+                include "git-auth.conf"
+        }
+}
diff --git a/etc/lighttpd.conf b/etc/lighttpd/morph-cache-httpd.conf
index a69407f..65b9b22 100644
--- a/etc/lighttpd.conf
+++ b/etc/lighttpd/morph-cache-httpd.conf
@@ -1,16 +1,12 @@
 server.document-root = "/var/www/htdocs"
 
-server.port = 80
+server.port = 8080
 
-server.username = "git"
-server.groupname = "git"
+server.username = "cache"
+server.groupname = "cache"
 
 server.modules += ("mod_cgi", "mod_fastcgi")
 
-index-file.names = ("index.html")
-
-cgi.assign = ("cgit.cgi" => "")
-
 mimetype.assign = (
   ".html" => "text/html",
   ".txt" => "text/plain",
@@ -19,7 +15,6 @@ mimetype.assign = (
   ".css" => "text/css"
 )
 
-
 $SERVER["socket"] == ":8080" {
     server.username = "cache"
     server.groupname = "cache"
@@ -37,11 +32,9 @@ $SERVER["socket"] == ":8080" {
     )
 }
 
-
 $SERVER["socket"] == ":8081" {
     server.username = "cache"
-    server.groupname = "cache"
-    fastcgi.server = (
+    server.groupname = "cache" fastcgi.server = (
         "" =>
         (
             "python-fcgi" =>