我使用 Nginx 托管了一个私有 git 服务器。我希望任何人都可以克隆到我的存储库(未经授权),但如果他们尝试推送提交,则需要授权。
我的Nginx配置如下:
server {
listen 443 ssl;
server_name git.example.com;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|recieve)-pack) {
root /usr/share/nginx/git;
# --- incorrect solution ---
# if ($1 = git-upload-pack) {
# auth_basic "Restricted";
# auth_basic_user_file /usr/share/nginx/htpasswd;
# }
client_max_body_size 0;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT $realpath_root;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $uri;
fastcgi_param unix:/var/fcgiwrap.socket;
}
根据我的理解,一个git push请求发送git-receive-pack到我的服务器。我的简单解决方案是$1使用 if 语句捕获此后缀,但我很快发现这不是 ifs ( ifisevil )的正确用法。
对于我要完成的工作,是否有更合适的解决方案?
尝试分离位置:
server {
listen 443 ssl;
server_name git.example.com;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-recieve-pack) {
# Do your stuff
location ~ ^.*\.git/git-upload-pack {
auth_basic "Restricted";
auth_basic_user_file /usr/share/nginx/htpasswd;
# Do your stuff
| 归档时间: |
|
| 查看次数: |
331 次 |
| 最近记录: |