diff options
Diffstat (limited to 'ansible/roles/trove-setup')
-rw-r--r-- | ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf index f2d61c9..be51358 100644 --- a/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf +++ b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf @@ -26,8 +26,8 @@ $SERVER["socket"] == ":443" { index-file.names = ("index.html") cgi.assign = ("gitano-command.cgi" => "/usr/bin/lua5.1", - "gitano-smart-http.cgi" => "/usr/bin/lua5.1", - "cgit.cgi" => "" + "gitano-smart-http.cgi" => "/usr/bin/lua5.1", + "cgit.cgi" => "" ) cgi.execute-x-only = "enable" @@ -48,6 +48,15 @@ $HTTP["url"] =~ ".*/gitano-command.cgi$" { "HOME" => "/home/git", "GITANO_ROOT" => "/home/git/repos" ) + + $HTTP["scheme"] == "https" { + # gitano-command.cgi controls access over HTTP[S] according to + # the REMOTE_USER variable set by mod_auth and passed through + # the environment. If the web server doesn't set REMOTE_USER, + # then Gitano will treat the request as anonymous and deny + # access appropriately. + include "git-auth.conf" + } } $HTTP["url"] =~ "^/git/.*$" { @@ -60,6 +69,15 @@ $HTTP["url"] =~ "^/git/.*$" { "HOME" => "/home/git", "GITANO_ROOT" => "/home/git/repos" ) + + $HTTP["scheme"] == "https" { + # gitano-smart-http.cgi controls access over HTTP[S] according to + # the REMOTE_USER variable set by mod_auth and passed through + # the environment. If the web server doesn't set REMOTE_USER, + # then Gitano will treat the request as anonymous and deny + # access appropriately. + include "git-auth.conf" + } } # Avoid needlessly long cgit URLs. This must correspond with the @@ -75,14 +93,3 @@ $HTTP["url"] =~ "^/(baserock|delta)(/.*)?$" { url.redirect = ( "^/(.*)" => "/cgit/$1" ) } -$HTTP["scheme"] == "https" { - include "git-auth.conf" - - $HTTP["querystring"] =~ "service=git-receive-pack" { - include "git-auth.conf" - } - - $HTTP["url"] =~ "^/git/.*/git-receive-pack$" { - include "git-auth.conf" - } -} |