I'm setting up git repos to be served by Apache on windows. Httpd.conf is pretty straight forward - it forwards requests to git-http-backend and tells Apache to allow access for authenticated users only. It works fine. However what is needed is the ability to specify different AuthUserFile for each repo - for RepoOne.git user usersOneGroup, for RepoTwo.git usersTwoGroup.
I tried specifying different folders within Directory (DirectoryMatch etc) directives but couldn't get it working. Is there a way to set it up? If so how?
The relevant httpd.conf section (borrowed from this post mainly):
<Directory />
AuthType Basic
AuthName "git repos"
AuthUserFile "c:\CommittersPasswords"
Require valid-user
</Directory>
SetEnv GIT_PROJECT_ROOT C:/Repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
"C:/Program Files (x86)/git/libexec/git-core/git-http-backend.exe/$1"
Thanks
If you can live without Apache (or if you are willing to use Apache as a reverse proxy) you might see if Gitblit would work for you. Gitblit was written to be an integrated pure Java Git solution for small workgroups.
Related
I have created SVN host using:
<Location /svn>
DAV svn
SVNParentPath /home/xxx/xxx/xxx/xxx/Main_Folder/company-1
AuthType Basic
SVNListParentPath On
AuthName "Test"
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>`
Although I have specified user privileges in svnserve.conf, it does not seem to "take it" because I can access the repository (see below) without any prompt for user/password.
Can you please point what am I doing wrong?
Thanks!
Read the docs, it seems that you use a wrong configuration file.
Configuration settings in the file svnserve.conf do not have any effect in this particular case. Your server runs Apache and Apache does not process svnserve.conf. This configuration file is used by svnserve custom server only.
In my Flask application I have a def that queries a database. When I changed the file, the SQL, the results did not show up on the webpage. When I stopped and started Apache, service apache2 restart (on Debian 7), then the new query results showed up.
I am running my WSGI process in daemon mode using mod_wsgi, v. 3.3, Apache 2.2.
I am not using SQLAlchemy or any other ORM, straight up SQL with a pymssql connect statement.
I am using Blueprints.
If I touch the .wsgi file, Apache will load the results as expected.
I am not sure how Flask-Cache can help me (or any other Flask module).
WSGIDaemonProcess myapp python-path=/var/www/intranet/application/flask:/var/www/intranet/application/flask/lib/python2.7/site-packages
WSGIProcessGroup myapp
WSGIScriptAlias /myapp/var/www/intranet/intranet.wsgi
<Directory /var/www/intranet>
WSGIApplicationGroup %{GLOBAL}
Order allow,deny
Allow from all
</Directory>
<Location />
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /etc/apache2/dav_svn.passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
I have read much of this, https://code.google.com/p/modwsgi/wiki/ReloadingSourceCode, but I do not know if this is something Flask may already have built in for production.
How can I make a code change take effect without restarting Apache?
Edit: My query is not in the .wsgi file.
What I ended up doing was use a post-receive hook in my --bare directory.
I started from here:
http://krisjordan.com/essays/setting-up-push-to-deploy-with-git
and added a touch to the end of it. Here is what I did:
#!/usr/bin/ruby
#Changed shebang a little from the website version for mine, Debian 7.
# post-receive
#johnny
require 'fileutils'
#
# 1. Read STDIN (Format: "from_commit to_commit branch_name")
from, to, branch = ARGF.read.split " "
# 2. Only deploy if master branch was pushed
if (branch =~ /master$/) == nil
puts "Received branch #{branch}, not deploying."
exit
end
# 3. Copy files to deploy directory
deploy_to_dir = File.expand_path('../deploy')
`GIT_WORK_TREE="#{deploy_to_dir}" git checkout -f master`
puts "DEPLOY: master(#{to}) copied to '#{deploy_to_dir}'"
# 4.TODO: Deployment Tasks
# i.e.: Run Puppet Apply, Restart Daemons, etc
#johnny
FileUtils.touch('/path/to/my/file.wsgi')
I commit:
git commit -a -m'my commit message'
then,
git push production master
After much reading most people do not seem to like the auto update. Where I work, they need to see things immediately. Most things are database reads or static templates, so I don't mind using the "auto" touch for this particular application.
I am trying to setup SVN with APACHE so that each repository has its own set of .access and .passwd files.
Basically lets take this url: http://svn.thissite.com/repo1 is an address of one of the repository
I have one folder in /var/www/svn/ which contains about 20 different repositories and a set of .access and .passwd files
For the repo1 repository there would be 3 paths relevant:
/var/www/svn/repo1 (SVN repository itself)
/var/www/svn/repo1.access (Contains svn access info)
/var/www/svn/repo1.passwd (Contains SVN user and password for that specific repo)
I have about 20 repositories + relevant .access and .passwd files
So my question is:
What do I need to write in my APACHE2 config files so that it uses the repository name to access the proper .access and .passwd files? I would like a way of having it simple and not a simple copy paste of 20 blocks of tags in APACHE if possible.
Thank you!
EDIT:
Content of repo1.access (Starts with [/] for all 20 repos):
[/]
Name1 = rw
Name2 = rw
Name3 = rw
Content of repo1.passwd (password actually hidden):
Name1:XXXXXXXXXX
Name2:XXXXXXXXXX
Name3:XXXXXXXXXX
I have SVN running via Apache on my home server with multiple repositories. I have each repository set up as a Virtual Host, which then lets you specify unique auth and acl files via the AuthUserFile and AuthzSVNAcces parameters in the config file.
An example Virtual Host for my SVN installation:
<VirtualHost 192.168.1.42:80>
ServerName svn.eidola.its
DocumentRoot /Istas/Library/WebRoot/
<Location "/">
DAV svn
SVNPath /Istas/Library/Subversion/eidola.its
SVNPathAuthz off
AuthType Basic
AuthName "Eidola Repository"
AuthUserFile /Istas/Library/Config/Subversion/users.basic
AuthzSVNAccessFile /Istas/Library/Config/Subversion/eidola.acl
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Include /Istas/Library/Config/Apache2/svn_rewrite.conf
</VirtualHost>
The svn_rewrite.conf file is used to allow me to access the repository directly at the ServerName, or via WebSVN at a rewritten URL. Obviously, that line would not pertain to your situation. :)
I set up SVN on Ubuntu using the tutorial How to set up a Subversion (SVN) server on GNU/Linux - Ubuntu, but when I try access the repository from other machine using CMD it says Access to /SVN is forbidden.
I changed the permission of the folder and tried other methods to resolve the issue like configuration of the Apache server, but that did not solve my problem.
How can I fix this problem?
Apache can read and write the repository, but its user (www-data) needs to be given ownership of it:
sudo chown -R www-data:www-data /var/svn/repositories/your_repo
To be able to authenticate users who access the repository a password file is needed:
sudo htpasswd -c /etc/subversion/passwd your_user_name
Enter a password for the user your_user_name. For additional users repeat the command without the -c option to make sure the existing file is appended to rather than replaced.
Then edit the Apache configuration file:
sudo gedit /etc/apache2/apache2.conf
Add the following to the end of the file:
#svn users
<Location /svn>
DAV svn
SVNParentPath /var/svn/repositories/
SVNListParentPath On
AuthType Basic
AuthName "Test"
AuthUserFile /etc/subversion/passwd
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Save the configuration file and restart Apache:
sudo /etc/init.d/apache2 restart
The test repository can now be accessed via:
http://localhost/svn/your_repo
Make sure you have your virtual host set up like this for Apache:
<VirtualHost *:80>
DocumentRoot /home/svn/html
ServerName svn.domainname
ErrorLog logs/svn.domain.com-error_log
CustomLog logs/svn.domain.com-access_log common
<Directory "/home/svn/html">
Order allow,deny
Allow from all
AllowOverride all
</Directory>
<Location /repos>
DAV svn
SVNParentPath /home/svn/repos
Require valid-user
SVNListParentPath on
AuthType Basic
AuthName "Your Super SVN"
AuthUserFile /home/svn/svn-passwords-file-to-be-used-only-when-AuthType-is-used
AuthzSVNAccessFile /home/svn/svn-repos-acl-file-but-optional
</Location>
</VirtualHost>
And make sure Apache can access the repos folder mentioned in SVNParentPath. This issue is mostly because of permissions. Try chmod -R 0777 repos-folder and try again.
This might help someone if they are troubleshooting a setup that had previously been working. Today the new guy at our company inadvertently introduced a typo in the file used by AuthzSVNAccessFile and that caused all of us to experience the dreaded E175013
We have a Perl app which runs under Apache on Solaris using CGI::Application. That's all running fine. We'd like to get access to the USER_ID variable passed by the IE browser, and do some Database queries and LDAP queries.
I've looked at the Apache documentation and I can't figure out how to achieve this. We don't have internet access (it's an intranet) from the solaris servers so we need to compile everything ourselves.
Does anyone have a check list (or tutorial) of what Apache needs (modules/plugins) in order to achieve this, and how it should be configured?
NTLM Winbind
I use the module auth_ntlm_winbind_module (mod_auth_ntlm_winbind.so) on our server. You need to have Samba and winbind installed, properly configured and running.
You can download the module from the Samba project tree:
git clone git://git.samba.org/jerry/mod_auth_ntlm_winbind.git
In order to authenticate users via NTLM you have to add the following directives to your directory settings:
<Directory /srv/http>
Allow from all
AuthName "NTLM Authentication thingy"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
AllowOverride all
</Directory>
Of course you need to load the module, too:
LoadModule auth_ntlm_winbind_module /usr/lib/httpd/modules/mod_auth_ntlm_winbind.so
The Windows user account is passed to the application as the REMOTE_USER:
#!/usr/bin/perl
use CGI;
my $query = new CGI;
# get the windows account from the header
my $windows_account = $query->remote_user();
Note that IE only sends the user authentication data to trusted sites.
Here's a website with a bit more info on the module.
Direct Authentication via LDAP
Another method is to use the module authnz_ldap_module (mod_authnz_ldap.so). This is probably loaded by default already. Note that this is not true Single signon as the user is prompted for a password.
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
Add this to your directory definition:
<Directory /srv/http>
AuthName "Authentication required"
AuthType Basic
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
# "protocol://hostname:port/base?attribute?scope?filter" NONE
# NONE indicates that an unsecure connection should be used for LDAP, i.e. port 389
AuthLDAPURL "ldap://your.ldap.server.net:389/OU=the,OU=search,OU=node,DC=domain,DC=net?sAMAccountName?sub?(objectClass=*)" NONE
# This is only needed if your LDAP server doesn't allow anonymous binds
AuthLDAPBindDN "CN=AD Bind User,OU=the,OU=bind,OU=node,DC=domain,DC=net"
AuthLDAPBindPassword super-secret
Require valid-user
AllowOverride all
</Directory>
More info about the module.
There are mod_ntlm and mod_ldap plugins for apache which you can use to authenticate.
In your case, i'd assume that you actually do want to use mod_ntlm and ldap or "active directory" is only its backend?
Here's on tutorial that covers the setting up phase: http://sivel.net/2007/05/sso-apache-ad-1/
Compilation phase in the tutorial is aimed for rpm based linux platform though but twiki has some more info about compiling for solaris10 here: http://twiki.org/cgi-bin/view/Codev/NtlmForSolaris10#How_to_build_your_own_mod_ntlm_b