git over smart-http with https secured by openldap on Centos

# git --version
git version 1.7.1
# apachectl -v
Server version: Apache/2.2.15 (Unix)

My repos will located at /opt/data/repo named “repo1” and “repo2”

mkdir /opt/data/repo
#create first repo
git init --bare repo1
cp repo1/hooks/post-update.sample repo1/hooks/post-update
chmod +x repo1/hooks/post-update
chown -R apache:apache repo1/
#create second repo
git init --bare repo2
cp repo2/hooks/post-update.sample repo2/hooks/post-update
chmod +x repo2/hooks/post-update
chown -R apache:apache repo2/

LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

## SSL Virtual Host Context
NameVirtualHost *:443

<Virualhost *:443>
ServerName myserver.com
DocumentRoot /var/www/html
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

<Files ~ “\.(cgi|shtml|phtml|php3?)$”>
SSLOptions +StdEnvVars
</Files>

<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent “.*MSIE.*” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

ScriptAlias /repo1/ /usr/libexec/git-core/git-http-backend/
ScriptAlias /repo2/ /usr/libexec/git-core/git-http-backend/

<LocationMatch “^/repo1/”>
AuthName “Authentication”
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://127.0.0.1/ou=People,dc=localhost
Require valid-user
SetEnv GIT_PROJECT_ROOT /opt/data/repo/repo1
SetEnv GIT_HTTP_EXPORT_ALL

</LocationMatch>

<LocationMatch “^/repo2/”>

AuthName “Authentication”
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://127.0.0.1/ou=People,dc=localhost
Require valid-user
SetEnv GIT_PROJECT_ROOT /opt/data/repo/repo2
SetEnv GIT_HTTP_EXPORT_ALL

</LocationMatch>

ScriptAliasMatch \
“(?x)^/git/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$” \
/usr/libexec/git-core/git-http-backend/$1

#Securing all apache with openLdap
<Location “/”>
AuthName “Authentication”
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://127.0.0.1/ou=People,dc=localhost
Require valid-user

</Location>
</Virtualhost>

Залишити відповідь

Ваша e-mail адреса не оприлюднюватиметься. Обов’язкові поля позначені *