Solve authentication problem

vitalyq · vitalyq · commit 4d65a9e6c285 · 2015-10-14T19:18:02.000+02:00
There is an issue with the authentication section. The initial ref
advertisement request will fail without even giving an opportunity for
authentication. This is described in the git-http-backend man page
examples.

Update authentication section according to the example to fix the problem.
Merge the section with the git-core access authorization section for
brevity.

Signed-off-by: Vitaly Kuznetsov &lt;vitalyq@users.noreply.github.com&gt;
diff --git a/book/04-git-server/sections/smart-http.asc b/book/04-git-server/sections/smart-http.asc
@@ -13,10 +13,10 @@ If you don't have Apache setup, you can do so on a Linux box with something like
 [source,console]
 ----
 $ sudo apt-get install apache2 apache2-utils
-$ a2enmod cgi alias env
+$ a2enmod cgi alias env rewrite
 ----
 
-This also enables the `mod_cgi`, `mod_alias`, and `mod_env` modules, which are all needed for this to work properly.
+This also enables the `mod_cgi`, `mod_alias`, `mod_env`, and `mod_rewrite` modules, which are all needed for this to work properly.
 
 You’ll also need to set the Unix user group of the `/opt/git` directories to `www-data` so your web server can read- and write-access the repositories, because the Apache instance running the CGI script will (by default) be running as that user:
 
@@ -36,28 +36,24 @@ ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
 
 If you leave out `GIT_HTTP_EXPORT_ALL` environment variable, then Git will only serve to unauthenticated clients the repositories with the `git-daemon-export-ok` file in them, just like the Git daemon did.
 
-Then you'll have to tell Apache to allow requests to that path with something like this:
+Finally you'll want to tell Apache to allow requests to `git-http-backend` and make writes be authenticated somehow, possibly with an Auth block like this:
 
 [source,console]
 ----
-<Directory "/usr/lib/git-core*">
-   Options ExecCGI Indexes
-   Order allow,deny
-   Allow from all
-   Require all granted
-</Directory>
-----
-
-Finally you'll want to make writes be authenticated somehow, possibly with an Auth block like this:
+RewriteEngine On
+RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
+RewriteCond %{REQUEST_URI} /git-receive-pack$
+RewriteRule ^/git/ - [E=AUTHREQUIRED]
 
-[source,console]
-----
-<LocationMatch "^/git/.*/git-receive-pack$">
+<Files "git-http-backend">
     AuthType Basic
     AuthName "Git Access"
     AuthUserFile /opt/git/.htpasswd
     Require valid-user
-</LocationMatch>
+    Order deny,allow
+    Deny from env=AUTHREQUIRED
+    Satisfy any
+</Files>
 ----
 
 That will require you to create a `.htpasswd` file containing the passwords of all the valid users.
