mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-02-04 08:13:38 +00:00
0b2d1265cb
On the Gitweb site, links that end with /HEAD (for example menu links after selecting 'tree' on the front page) are mistakenly redirected to the git-http-backend cgi script and an empty page is shown to the user. Modified Apache2 ScriptAliasMatch regex so that git-http-backend services get redirected only if they immediately follow repository's name path component. Links on Gitweb site have additional action component before /HEAD and those will be handled by the gitweb cgi script. The relevant git-http-backend source: https://repo.or.cz/git/debian.git/blob/refs/tags/v2.20.1:/http-backend.c#l706 Signed-off-by: Veiko Aasa <veiko17@disroot.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
74 lines
2.8 KiB
Plaintext
74 lines
2.8 KiB
Plaintext
##
|
|
## On all sites, enable gitweb web interface. Also enable git-http-backend on
|
|
## when performing upload/receive operations on the URL.
|
|
##
|
|
## Requires the following Apache modules to be enabled:
|
|
## mod_cgi or mod_cgid
|
|
## mod_rewrite
|
|
##
|
|
|
|
# All git operations are handled by git-http-backend CGI script. Rest of the
|
|
# HTTP requests (say sent by the browser) are handled by gitweb.
|
|
ScriptAliasMatch \
|
|
"(?x)^/gitweb/([^/]+/(HEAD | \
|
|
info/refs | \
|
|
objects/(info/[^/]+ | \
|
|
[0-9a-f]{2}/[0-9a-f]{38} | \
|
|
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
|
|
git-(upload|receive)-pack))$" \
|
|
/usr/lib/git-core/git-http-backend/$1
|
|
|
|
Alias /gitweb /usr/share/gitweb
|
|
|
|
<Directory /usr/share/gitweb>
|
|
# Make gitweb work with custom FreedomBox configuration.
|
|
SetEnv GITWEB_CONFIG /etc/gitweb-freedombox.conf
|
|
|
|
<If "%{HTTP_COOKIE} =~ /auth_pubtkt=.*tokens.*(admin|git-access)/">
|
|
Include includes/freedombox-single-sign-on.conf
|
|
<IfModule mod_auth_pubtkt.c>
|
|
TKTAuthToken "git-access" "admin"
|
|
</IfModule>
|
|
</If>
|
|
|
|
# Allow index.cgi symlink to gitweb.cgi to work. Treat gitweb.cgi as CGI
|
|
# script and execute it.
|
|
Options +FollowSymLinks +ExecCGI
|
|
AddHandler cgi-script .cgi
|
|
|
|
# Allow files in /usr/share/gitweb/static/ to be served directly by Apache.
|
|
# Pass every other URL as argument to gitweb.cgi to enable short and clean
|
|
# URLs.
|
|
RewriteEngine On
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteRule ^.* /gitweb/gitweb.cgi/$0 [L,PT]
|
|
</Directory>
|
|
|
|
<Directory /usr/lib/git-core/>
|
|
# Configure git-http-backend to work with our repository path.
|
|
SetEnv GIT_PROJECT_ROOT /var/lib/git
|
|
|
|
# Tell git-http-backend to work with all the projects even when they don't
|
|
# have the file 'git-daemon-export-ok'.
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
|
|
# Authentication is required when performing git push (git send-pack).
|
|
SetEnvIfExpr "%{QUERY_STRING} =~ /service=git-receive-pack/" AUTHREQUIRED
|
|
SetEnvIfExpr "%{REQUEST_URI} =~ /git-receive-pack$/" AUTHREQUIRED
|
|
# Authentication is required for any operation if repository is private.
|
|
SetEnvIfExpr "%{REQUEST_URI} =~ m#^/gitweb/([^/]+)# && ( -f '/var/lib/git/$1/private' || -f '/var/lib/git/$1.git/private' )" AUTHREQUIRED
|
|
|
|
# Either authentication is not required for this operation and repository
|
|
# combination, or...
|
|
<RequireAll>
|
|
Require all granted
|
|
Require not env AUTHREQUIRED
|
|
</RequireAll>
|
|
|
|
# ...user belongs to admin or git-access groups, with basic auth via LDAP.
|
|
Include includes/freedombox-auth-ldap.conf
|
|
Require ldap-group cn=admin,ou=groups,dc=thisbox
|
|
Require ldap-group cn=git-access,ou=groups,dc=thisbox
|
|
</Directory>
|