-<?xml version="1.0" encoding="UTF-8"?>\r
-<classpath>\r
- <classpathentry kind="src" path="src"/>\r
- <classpathentry kind="src" path="tests"/>\r
- <classpathentry kind="src" path="resources"/>\r
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>\r
- <classpathentry kind="lib" path="ext/log4j-1.2.16.jar" sourcepath="ext/log4j-1.2.16-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/slf4j-api-1.6.1.jar" sourcepath="ext/slf4j-api-1.6.1-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/slf4j-log4j12-1.6.1.jar" sourcepath="ext/slf4j-log4j12-1.6.1-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/jcommander-1.17.jar" sourcepath="ext/jcommander-1.17-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/bcprov-jdk16-1.46.jar" sourcepath="ext/bcprov-jdk16-1.46-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/bcmail-jdk16-1.46.jar" sourcepath="ext/bcmail-jdk16-1.46-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/jsch-0.1.44-1.jar" sourcepath="ext/jsch-0.1.44-1-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/rome-0.9-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/jdom-1.1.jar" sourcepath="ext/jdom-1.1-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/junit-4.8.2.jar"/>\r
- <classpathentry kind="lib" path="ext/jetty-webapp-7.4.3.v20110701.jar" sourcepath="ext/jetty-webapp-7.4.3.v20110701-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/gson-1.7.1.jar" sourcepath="ext/gson-1.7.1-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/mail-1.4.3.jar" sourcepath="ext/mail-1.4.3-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/googlecharts-1.4.18.jar" sourcepath="ext/googlecharts-1.4.18-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/javax.servlet-3.0.1.jar" sourcepath="ext/javax.servlet-3.0.1-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/markdownpapers-core-1.2.5.jar" sourcepath="ext/markdownpapers-core-1.2.5-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/wicket-1.4.19.jar" sourcepath="ext/wicket-1.4.19-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/wicket-auth-roles-1.4.19.jar" sourcepath="ext/wicket-auth-roles-1.4.19-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/wicket-extensions-1.4.19.jar" sourcepath="ext/wicket-extensions-1.4.19-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/org.eclipse.jgit-1.2.0.201112221803-r.jar" sourcepath="ext/org.eclipse.jgit-1.1.0.201109151100-r-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/org.eclipse.jgit.http.server-1.2.0.201112221803-r.jar" sourcepath="ext/org.eclipse.jgit.http.server-1.2.0.201112221803-r-sources.jar"/>\r
- <classpathentry kind="lib" path="ext/groovy-all-1.8.5.jar" sourcepath="ext/groovy-all-1.8.5-sources.jar"/>\r
- <classpathentry kind="output" path="bin"/>\r
-</classpath>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src"/>
+ <classpathentry kind="src" path="tests"/>
+ <classpathentry kind="src" path="resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+ <classpathentry kind="lib" path="ext/log4j-1.2.16.jar" sourcepath="ext/log4j-1.2.16-sources.jar"/>
+ <classpathentry kind="lib" path="ext/slf4j-api-1.6.1.jar" sourcepath="ext/slf4j-api-1.6.1-sources.jar"/>
+ <classpathentry kind="lib" path="ext/slf4j-log4j12-1.6.1.jar" sourcepath="ext/slf4j-log4j12-1.6.1-sources.jar"/>
+ <classpathentry kind="lib" path="ext/jcommander-1.17.jar" sourcepath="ext/jcommander-1.17-sources.jar"/>
+ <classpathentry kind="lib" path="ext/bcprov-jdk16-1.46.jar" sourcepath="ext/bcprov-jdk16-1.46-sources.jar"/>
+ <classpathentry kind="lib" path="ext/bcmail-jdk16-1.46.jar" sourcepath="ext/bcmail-jdk16-1.46-sources.jar"/>
+ <classpathentry kind="lib" path="ext/jsch-0.1.44-1.jar" sourcepath="ext/jsch-0.1.44-1-sources.jar"/>
+ <classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/rome-0.9-sources.jar"/>
+ <classpathentry kind="lib" path="ext/jdom-1.1.jar" sourcepath="ext/jdom-1.1-sources.jar"/>
+ <classpathentry kind="lib" path="ext/junit-4.8.2.jar"/>
+ <classpathentry kind="lib" path="ext/jetty-webapp-7.4.3.v20110701.jar" sourcepath="ext/jetty-webapp-7.4.3.v20110701-sources.jar"/>
+ <classpathentry kind="lib" path="ext/gson-1.7.1.jar" sourcepath="ext/gson-1.7.1-sources.jar"/>
+ <classpathentry kind="lib" path="ext/mail-1.4.3.jar" sourcepath="ext/mail-1.4.3-sources.jar"/>
+ <classpathentry kind="lib" path="ext/googlecharts-1.4.18.jar" sourcepath="ext/googlecharts-1.4.18-sources.jar"/>
+ <classpathentry kind="lib" path="ext/javax.servlet-3.0.1.jar" sourcepath="ext/javax.servlet-3.0.1-sources.jar"/>
+ <classpathentry kind="lib" path="ext/markdownpapers-core-1.2.5.jar" sourcepath="ext/markdownpapers-core-1.2.5-sources.jar"/>
+ <classpathentry kind="lib" path="ext/wicket-1.4.19.jar" sourcepath="ext/wicket-1.4.19-sources.jar"/>
+ <classpathentry kind="lib" path="ext/wicket-auth-roles-1.4.19.jar" sourcepath="ext/wicket-auth-roles-1.4.19-sources.jar"/>
+ <classpathentry kind="lib" path="ext/wicket-extensions-1.4.19.jar" sourcepath="ext/wicket-extensions-1.4.19-sources.jar"/>
+ <classpathentry kind="lib" path="ext/org.eclipse.jgit-1.2.0.201112221803-r.jar" sourcepath="ext/org.eclipse.jgit-1.1.0.201109151100-r-sources.jar"/>
+ <classpathentry kind="lib" path="ext/org.eclipse.jgit.http.server-1.2.0.201112221803-r.jar" sourcepath="ext/org.eclipse.jgit.http.server-1.2.0.201112221803-r-sources.jar"/>
+ <classpathentry kind="lib" path="ext/groovy-all-1.8.5.jar" sourcepath="ext/groovy-all-1.8.5-sources.jar"/>
+ <classpathentry kind="lib" path="ext/jetty-ajp-7.4.3.v20110701.jar" sourcepath="ext/jetty-ajp-7.4.3.v20110701-sources.jar"/>
+ <classpathentry kind="output" path="bin"/>
+</classpath>
# RESTART REQUIRED\r
server.httpsPort = 8443\r
\r
+# Port for serving an Apache JServ Protocol (AJP) 1.3 connector for integrating\r
+# Gitblit GO into an Apache HTTP server setup. <= 0 disables this connector.\r
+# Recommended value: 8009\r
+#\r
+# SINCE 0.9.0\r
+# RESTART REQUIRED\r
+server.ajpPort = 0\r
+\r
# Specify the interface for Jetty to bind the standard connector.\r
# You may specify an ip or an empty value to bind to all interfaces.\r
# Specifying localhost will result in Gitblit ONLY listening to requests to\r
# RESTART REQUIRED\r
server.httpsBindInterface = localhost\r
\r
+# Specify the interface for Jetty to bind the AJP connector.\r
+# You may specify an ip or an empty value to bind to all interfaces.\r
+# Specifying localhost will result in Gitblit ONLY listening to requests to\r
+# localhost.\r
+#\r
+# SINCE 0.9.0\r
+# RESTART REQUIRED\r
+server.ajpBindInterface = localhost\r
+\r
# Password for SSL keystore.\r
# Keystore password and certificate password must match.\r
# This is provided for convenience, its probably more secure to set this value\r
**Example**\r
\r
java -jar gitblit.jar --userService c:\myrealm.config --storePassword something\r
+ \r
+## Running Gitblit behind Apache\r
+\r
+Gitblit runs fine behind Apache. You may use either *mod_proxy* (GO or WAR) or *mod_proxy_ajp* (GO).\r
+\r
+Each Linux distribution may vary on the exact configuration of Apache 2.2. \r
+Here is a sample configuration that works on Debian 7.0 (Wheezy), your distribution may be different.\r
+\r
+1. First we need to make sure we have Apache's proxy modules available. \r
+<pre>\r
+sudo su\r
+cd /etc/apache2/mods-enabled\r
+ln -s ../mods-available/proxy.load proxy.load\r
+ln -s ../mods-available/proxy_balancer.load proxy_balancer.load\r
+ln -s ../mods-available/proxy_http.load proxy_http.load\r
+ln -s ../mods-available/proxy_ajp.load proxy_ajp.load\r
+</pre>\r
+2. Then we need to make sure we are configuring Apache to use the proxy modules and to setup the proxied connection from Apache to Gitblit GO or from Apache to your chosen servlet container. The following snippet is stored as `/etc/apache2/conf.d/gitblit`. \r
+%BEGINCODE%\r
+# Turn off support for true Proxy behaviour as we are acting as \r
+# a transparent proxy\r
+ProxyRequests Off\r
+\r
+# Turn off VIA header as we know where the requests are proxied\r
+ProxyVia Off\r
+ \r
+# Turn on Host header preservation so that the servlet container\r
+# can write links with the correct host and rewriting can be avoided.\r
+#\r
+# This is important for all git push/pull/clone operations.\r
+ProxyPreserveHost On\r
+ \r
+# Set the permissions for the proxy\r
+<Proxy *>\r
+ AddDefaultCharset off\r
+ Order deny,allow\r
+ Allow from all\r
+</Proxy>\r
+ \r
+# Turn on Proxy status reporting at /status\r
+# This should be better protected than: Allow from all\r
+ProxyStatus On\r
+<Location /status>\r
+ SetHandler server-status\r
+ Order Deny,Allow\r
+ Allow from all\r
+</Location>\r
+\r
+# The proxy context path must match the Gitblit context path.\r
+# For Gitblit GO, see server.contextPath in gitblit.properties.\r
+\r
+#ProxyPass /gitblit http://localhost:8080/gitblit\r
+#ProxyPass /gitblit ajp://localhost:8009/gitblit\r
+%ENDCODE% \r
+**Please** make sure to: \r
+ 1. Review the security of these settings as appropriate for your deployment\r
+ 2. Uncomment the *ProxyPass* setting for whichever connection you prefer (http/ajp)\r
+ 3. Correctly set the ports and context paths both in the *ProxyPass* definition and your Gitblit installation \r
+ If you are using Gitblit GO you can easily configure the AJP connector by specifying a non-zero AJP port. \r
+ Please remember that on Linux/UNIX, ports < 1024 require root permissions to open.\r
+ 4. Set *web.mountParameters=false* in `gitblit.properties` or `web.xml` this will use parameterized URLs. \r
+ Alternatively, you can respecify *web.forwardSlashCharacter*.\r
\r
## Upgrading Gitblit\r
Generally, upgrading is easy.\r
\r
#### additions\r
\r
+- Added a built-in AJP connector for integrating Gitblit GO into an Apache mod_proxy setup (issue 59) \r
+ **New:** *server.ajpPort = 0*\r
+ **New:** *server.ajpBindInterface = localhost*\r
- On the Repositories page show a bang *!* character in the color swatch of a repository with a working copy (issue 49) \r
Push requests to these repositories will be rejected.\r
- On all non-bare Repository pages show *WORKING COPY* in the upper right corner (issue 49)\r
import java.util.ArrayList;\r
import java.util.List;\r
\r
+import org.eclipse.jetty.ajp.Ajp13SocketConnector;\r
import org.eclipse.jetty.server.Connector;\r
import org.eclipse.jetty.server.Server;\r
import org.eclipse.jetty.server.bio.SocketConnector;\r
}\r
}\r
\r
+ // conditionally configure the ajp connector\r
+ if (params.ajpPort > 0) {\r
+ Connector ajpConnector = createAJPConnector(params.ajpPort);\r
+ String bindInterface = settings.getString(Keys.server.ajpBindInterface, null);\r
+ if (!StringUtils.isEmpty(bindInterface)) {\r
+ logger.warn(MessageFormat.format("Binding connector on port {0,number,0} to {1}",\r
+ params.ajpPort, bindInterface));\r
+ ajpConnector.setHost(bindInterface);\r
+ }\r
+ if (params.ajpPort < 1024 && !isWindows()) {\r
+ logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");\r
+ }\r
+ connectors.add(ajpConnector);\r
+ }\r
+\r
// tempDir is where the embedded Gitblit web application is expanded and\r
// where Jetty creates any necessary temporary files\r
File tempDir = new File(params.temp);\r
\r
connector.setPort(port);\r
connector.setMaxIdleTime(30000);\r
- if (port < 1024 && !isWindows()) {\r
- logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");\r
- }\r
return connector;\r
}\r
\r
connector.setMaxIdleTime(30000);\r
return connector;\r
}\r
+ \r
+ /**\r
+ * Creates an ajp connector.\r
+ * \r
+ * @param port\r
+ * @return an ajp connector\r
+ */\r
+ private static Connector createAJPConnector(int port) {\r
+ logger.info("Setting up AJP Connector on port " + port);\r
+ Ajp13SocketConnector ajp = new Ajp13SocketConnector();\r
+ ajp.setPort(port);\r
+ if (port < 1024 && !isWindows()) {\r
+ logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");\r
+ }\r
+ return ajp;\r
+ }\r
\r
/**\r
* Tests to see if the operating system is Windows.\r
@Parameter(names = "--httpsPort", description = "HTTPS port to serve. (port <= 0 will disable this connector)")\r
public Integer securePort = FILESETTINGS.getInteger(Keys.server.httpsPort, 443);\r
\r
+ @Parameter(names = "--ajpPort", description = "AJP port to serve. (port <= 0 will disable this connector)")\r
+ public Integer ajpPort = FILESETTINGS.getInteger(Keys.server.ajpPort, 0);\r
+\r
@Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")\r
public String storePassword = FILESETTINGS.getString(Keys.server.storePassword, "");\r
\r
public static void runtime() {\r
downloadFromApache(MavenObject.JCOMMANDER, BuildType.RUNTIME);\r
downloadFromApache(MavenObject.JETTY, BuildType.RUNTIME);\r
+ downloadFromApache(MavenObject.JETTY_AJP, BuildType.RUNTIME);\r
downloadFromApache(MavenObject.SERVLET, BuildType.RUNTIME);\r
downloadFromApache(MavenObject.SLF4JAPI, BuildType.RUNTIME);\r
downloadFromApache(MavenObject.SLF4LOG4J, BuildType.RUNTIME);\r
downloadFromApache(MavenObject.JUNIT, BuildType.RUNTIME);\r
downloadFromApache(MavenObject.JCOMMANDER, BuildType.COMPILETIME);\r
downloadFromApache(MavenObject.JETTY, BuildType.COMPILETIME);\r
+ downloadFromApache(MavenObject.JETTY_AJP, BuildType.COMPILETIME);\r
downloadFromApache(MavenObject.SERVLET, BuildType.COMPILETIME);\r
downloadFromApache(MavenObject.SLF4JAPI, BuildType.COMPILETIME);\r
downloadFromApache(MavenObject.SLF4LOG4J, BuildType.COMPILETIME);\r
"bc75f05dd4f7fa848720ac669b8b438ee4a6b146",\r
"dcd42f672e734521d1a6ccc0c2f9ecded1a1a281");\r
\r
+ public static final MavenObject JETTY_AJP = new MavenObject("Jetty-AJP",\r
+ "org/eclipse/jetty", "jetty-ajp", "7.4.3.v20110701", 32000, 22000,\r
+ 97000, "ddeb533bcf29e9b95555a9c0f34c1de3ab14c430", "bc4798286d705ea972643b3a0b31f46a0c53f605", "");\r
+\r
public static final MavenObject SERVLET = new MavenObject("Servlet 3.0", "org/glassfish",\r
"javax.servlet", "3.0.1", 84000, 211000, 0,\r
"58f17c941cd0607bb5edcbcafc491d02265ac9a1",\r