feat: allow read without authentication

semantic-release · Jun 15, 2018 · f987ce0 · f987ce0
1 parent 8f5f1a1
commit f987ce0
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 17 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-# gitbox with gitlist v.0.5.0
+# gitbox with gitlist v.1.0.1
 # https://github.com/nmarus/docker-gitbox
 # Nicholas Marus <[email protected]>
 
@@ -38,14 +38,15 @@ RUN sed -i 's/FCGI_USER="www-data"/FCGI_USER="git"/g' /etc/init.d/fcgiwrap && \
 
 # Install gitlist
 RUN mkdir -p /var/www && \
-    wget -q -O /var/www/gitlist-0.5.0.tar.gz https://s3.amazonaws.com/gitlist/gitlist-0.5.0.tar.gz && \
-    tar -zxvf /var/www/gitlist-0.5.0.tar.gz -C /var/www && \
+    wget -q -O /var/www/gitlist-v1.0.1.tar.gz https://github.com/klaussilveira/gitlist/releases/download/v1.0.1/gitlist-v1.0.1.tar.gz && \
+    tar -zxvf /var/www/gitlist-v1.0.1.tar.gz -C /var/www && \
     chmod -R 777 /var/www/gitlist && \
     mkdir -p /var/www/gitlist/cache && \
     chmod 777 /var/www/gitlist/cache
 
 # Create config files for container startup and nginx
 COPY nginx.conf /etc/nginx/nginx.conf
+COPY git-http-backend.conf /etc/nginx/git-http-backend.conf
 
 # Create config files for container
 COPY config.ini /var/www/gitlist/config.ini

diff --git a/git-http-backend.conf b/git-http-backend.conf
@@ -0,0 +1,8 @@
+client_max_body_size 0;
+fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+fastcgi_param GIT_HTTP_EXPORT_ALL "";
+fastcgi_param GIT_PROJECT_ROOT /repos;
+fastcgi_param PATH_INFO $1;
+fastcgi_param REMOTE_USER $remote_user;
+include /etc/nginx/fastcgi_params;
+fastcgi_pass unix:/var/run/fcgiwrap.socket;
diff --git a/nginx.conf b/nginx.conf
@@ -7,7 +7,6 @@ events {
 }
 
 http {
-
     sendfile on;
     tcp_nopush on;
     tcp_nodelay on;
@@ -32,19 +31,32 @@ http {
         root /var/www/gitlist;
         index index.php;
 
-        auth_basic "Restricted";
-        auth_basic_user_file /ng-auth/htpasswd;
-
-        #git SMART HTTP
-        location ~ /git(/.*\.git.*) {
-            client_max_body_size 0;
-            fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
-            fastcgi_param GIT_HTTP_EXPORT_ALL "";
-            fastcgi_param GIT_PROJECT_ROOT /repos;
-            fastcgi_param PATH_INFO $1;
-            fastcgi_param REMOTE_USER $remote_user;
-            include /etc/nginx/fastcgi_params;
-            fastcgi_pass unix:/var/run/fcgiwrap.socket;
+        location ~ /git(/.*) {
+            if ($arg_service = git-receive-pack) {
+                rewrite /git(/.*) /git_write$1 last;
+            }
+
+            if ($uri ~ ^/git/.*/git-receive-pack$) {
+                rewrite /git(/.*) /git_write$1 last;
+            }
+
+            if ($arg_service = git-upload-pack) {
+              rewrite /git(/.*) /git_read$1 last;
+            }
+
+            if ($uri ~ ^/git/.*/git-upload-pack$) {
+              rewrite /git(/.*) /git_read$1 last;
+            }
+        }
+
+        location ~ /git_read(/.*) {
+          include git-http-backend.conf;
+        }
+
+        location ~ /git_write(/.*) {
+          auth_basic "Pushing to Git repositories is restricted";
+          auth_basic_user_file /ng-auth/htpasswd;
+          include git-http-backend.conf;
         }
 
         #robots