Difference between revisions of "Git, Apache and HTTPS with a free certificate"

From Wiki de Caballero
Jump to navigation Jump to search
Line 12: Line 12:
# Enable necessary modules <source lang="bash">
# Enable necessary modules <source lang="bash">
a2enmod cgi alias env
a2enmod cgi alias env
</source>
# To allow to obtain a git repository using https, add the following to the apache2.conf <source lang="bash">
# Path to the Git directory, inside the OS
SetEnv GIT_PROJECT_ROOT /git
SetEnv GIT_HTTP_EXPORT_ALL
# Defines the URL path where git is located, as seen from outside the OS/Server
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
# Enable Basic HTTP Authentication
<Files "git-http-backend">
AuthType Basic
AuthName "Git Access"
AuthUserFile /git/.htpasswd
# The following line allows to obtain a repository (pull/fetch) without having a user/pass combo
# Comment it if user/pass are needed to obtain info as well
Require expr !(%{QUERY_STRING} -strmatch '*service=git-receive-pack*' || %{REQUEST_URI} =~ m#/git-receive-pack$#)
Require valid-user
</Files>
</source>
</source>



Revision as of 21:34, 21 June 2017

Prerequisites

  • Ubuntu CLI understanding
  • Git knowledge
  • Ubuntu, this was tested using Ubuntu 16
  • Apache 2

Git using Apache

  1.  Install Apache
    sudo apt-get install apache2 apache2-utils
  2. Enable necessary modules
    a2enmod cgi alias env
  3. To allow to obtain a git repository using https, add the following to the apache2.conf
    # Path to the Git directory, inside the OS
    SetEnv GIT_PROJECT_ROOT /git
    
    SetEnv GIT_HTTP_EXPORT_ALL
    
    # Defines the URL path where git is located, as seen from outside the OS/Server
    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    
    # Enable Basic HTTP Authentication
    <Files "git-http-backend">
    	AuthType Basic
    	AuthName "Git Access"
    	AuthUserFile /git/.htpasswd
    	# The following line allows to obtain a repository (pull/fetch) without having a user/pass combo
    	# Comment it if user/pass are needed to obtain info as well
    	Require expr !(%{QUERY_STRING} -strmatch '*service=git-receive-pack*' || %{REQUEST_URI} =~ m#/git-receive-pack$#)
    	Require valid-user
    </Files>

More sites:

Self signed Certificate

How Certificates work

More info:

How to

How to create a Root Certificate authority and child certificates:

Other sites:

Adding the certificate to Apache

Ensuring the right protocol:

Other links:

Configuring Git to use the self signed certificate

More sites:

Client based authentication using certificates in Apache

Used links:

Other links:

(Possibly) Giving Git a Client Certificate

More (possibly useful) info