Git的认证推倒阿帕奇 [英] Git Authenticated push over apache
问题描述
我有几个Git仓库。所有的人都可以通过Apache服务器和R / W访问被访问给予所有。但是,一些库应该验证推它。我做了这样的事情。
I have several Git repositories. All of them can be accessed through apache server and R/W access is given to all. But some repository should have authenticated push to it. I have done something like this
<LocationMatch "^/.*/git-receive-pack$">
AuthType Basic
AuthName "Git Access"
AuthBasicProvider file
# Password file created with htpasswd
AuthUserFile /sample/password
Require valid-user
</LocationMatch>
但它要求用户名和密码所有存储库。我想启用它只有很少的仓库。
But it is asking for username and password for all the repositories. I want to enable it for only few repositories.
推荐答案
的想法是,通过HTTP [S]按下时,Git会执行这样的请求。
Some background
The idea is that when pushing via HTTP[S], Git performs requests like this
http://user@server/git/foo.git/info/refs?service=git-receive-pack
此URI的一部分&LT;地点&gt; 或&LT; LocationMatch&GT;匹配时指令考虑
/git/foo.git/info/refs?service=git-receive-pack
有可以分解成几个部分:
It can be broken down into several parts:
-
共同preFIX,包括库的名称:
The common prefix, including the name of the repository:
/git/foo.git
这就是你的直接的讲述它的Git时指定存储库中的URI,
当做 git的克隆HTTP这样的:。//user@server/git/foo.git
That's what you directly specify in the repository's URI when telling about it to Git,
like when doing git clone http://user@server/git/foo.git.
该技术位,告诉服务器端的Git你从请求想要什么:
The technical bits, telling server-side Git what do you want from the request:
/info/refs?service=git-receive-pack
这部分是由客户端的Git加,你有没有对其进行控制。
This part is added by the client-side Git, and you have no control over it.
的。*在你的指令位零个或多个任意字符匹配,因此很明显在你的Git的URI匹配任何内容。
How to fix the problem at hand
The .* bit in your directive matches zero or more any characters, so it obviously matches anything in your Git URIs.
您需要完善这一模式以某种方式仅指你想推限制应用于回购。也请记住,如果你(在我上面的例子一样, / git的/ )使用通用preFIX它必须匹配为好。
You need to refine this pattern to somehow refer to only the repos you want the push restriction to be applied to. And also keep in mind that if you're using a common prefix (like that /git/ in my examples above) it will have to be matched as well.
现在它是写一个适当的定期EX pression。
Now it's about writing a proper regular expression.
的一种方法是直接与MDASH指定它们;利用所谓的改变&MDASH;像
One approach is to specify them directly—using the so-called alterations—like in
<LocationMatch "^/git/(repo1|repo2|repo3)/.*/git-receive-pack$">
而另一种是将所有的公用目录下需要保护的回购协议,比方说,私法,并使用类似
<LocationMatch "^/git/priv/.*/git-receive-pack$">
后一种做法不要求你更新Apache的配置并重新加载它,当你添加另一个仓库需要经过身份验证的推送:刚落,它通过映射一个目录 /私法 preFIX。
当然,这URI规范的确切部位取决于您的配置的其余部分(如是否使用 ^ / git的/ $ P $的PFIX未等)
Of course, exact parts of that URI specification depends on the rest of your configuration (like whether to use that ^/git/ prefix of not etc).
这篇关于Git的认证推倒阿帕奇的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
