commit 9bb74a39aab4d38efac0fc20c2952d9d4078c6b4
parent f1802398b53e57deb5e18c63bcfe69b5c7037b5a
Author: JayVii <jayvii[AT]posteo[DOT]de>
Date: Sat, 27 Apr 2024 21:10:03 +0200
Protect private repos via basic auth
Diffstat:
4 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: AGPL-3.0-or-later
-# SPDX-FileCopyrightText: 2021-2024 JayVii <jayvii[AT]posteo[DOT]de>
-
-.bash_history
-.config/*
-.selected_editor
-.ssh/*
-priv/*
-pub/*
diff --git a/README b/README
@@ -58,6 +58,19 @@ Setup
- Setup git-user:
useradd -r -m -U -d /var/www/git.myserver.com -s /bin/sh git
+Private Repositories
+--------------------
+
+Private repositories reside within priv/, while your public repositories
+are in pub/. Access to the private repositories is restricted via HTTP Basic
+Authentication
+(https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication).
+
+A .htaccess file is provided within the priv/ directory, however you also need
+to set up a user/password for the web-access, e.g. here for the user "username":
+
+ sudo htpasswd -c /etc/apache2/.htpasswd username
+
Optional Tweaks
---------------
diff --git a/priv/.htaccess b/priv/.htaccess
@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# SPDX-FileCopyrightText: 2021-2024 JayVii <jayvii[AT]posteo[DOT]de>
+
+# Set 404 Document
+ErrorDocument 404 /404.html
+ErrorDocument 403 /404.html
+
+# Disallow file browsing
+Options -Indexes
+
+# Disallow browsing of certain sub-directories (redirect to 404)
+RedirectMatch 404 ^/.git/.*$
+RedirectMatch 404 ^/bin/.*$
+RedirectMatch 404 ^/templates/.*$
+
+# Protected / Private repositories
+AuthType Basic
+AuthName "Private Repositories! You need a password to access them."
+AuthUserFile /etc/apache2/.htpasswd
+Require valid-user
diff --git a/pub/.empty b/pub/.empty
