我使用 Nginx 托管一个私有(private) git 服务器。我希望任何人都可以克隆到我的存储库(未经授权),但如果他们尝试推送提交,则需要授权。
我的 Nginx 配置如下:
server {
listen 443 ssl;
server_name git.example.com;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|recieve)-pack) {
root /usr/share/nginx/git;
# --- incorrect solution ---
# if ($1 = git-upload-pack) {
# auth_basic "Restricted";
# auth_basic_user_file /usr/share/nginx/htpasswd;
# }
client_max_body_size 0;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT $realpath_root;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $uri;
fastcgi_param unix:/var/fcgiwrap.socket;
}
据我了解,
git push请求发送 git-receive-pack到我的服务器。我的简单解决方案是使用 $1 捕获这个后缀。并使用 if 语句,但我很快发现这不是 ifs ( ifisevil ) 的正确用法。对于我要完成的工作,是否有更合适的解决方案?
最佳答案
尝试分离位置:
server {
listen 443 ssl;
server_name git.example.com;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-recieve-pack) {
# Do your stuff
location ~ ^.*\.git/git-upload-pack {
auth_basic "Restricted";
auth_basic_user_file /usr/share/nginx/htpasswd;
# Do your stuff
关于git - Nginx HTTP 授权仅用于 git push,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59868488/