- Removed "show readme" setting in favor of automatic detection
- Support plain text "readme" files
- Determine best commit id (e.g. "master") for the tree and docs pages and use that in links
+ - By default GO will now bind to all interfaces for both http and https connectors. This simplifies setup for first-time users.
additions:
- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)
- Added option to render Markdown commit messages (issue-203)
- Support intradocument linking in Markdown content using [[WikiLinks]] syntax (issue-324)
- Added setting to globally disable anonymous pushes in the receive pack
- Added a normalized diffstat display to the commit, commitdiff, and compare pages
+ - Added GO setting to automatically redirect all http requests to the secure https connector
dependencyChanges:
- updated to Jetty 7.6.13
- updated to JGit 3.1.0
- { name: 'git.defaultAccessRestriction', defaultValue: 'PUSH' }
- { name: 'web.commitMessageRenderer', defaultValue: 'plain' }
- { name: 'web.showBranchGraph', defaultValue: 'true' }
+ - { name: 'server.redirectToHttpsPort', defaultValue: 'true' }
contributors:
- James Moger
- Robin Rosenberg
# RESTART REQUIRED\r
server.ajpPort = 0\r
\r
+# Automatically redirect http requests to the secure https connector.\r
+#\r
+# This setting requires that you have configured server.httpPort and server.httpsPort.\r
+# Unless you are on a private LAN where you trust all client connections, it is\r
+# recommended to use https for all communications.\r
+#\r
+# SINCE 1.4.0\r
+# RESTART REQUIRED\r
+server.redirectToHttpsPort = true\r
+\r
# Specify the interface for Jetty to bind the standard connector.\r
# You may specify an ip or an empty value to bind to all interfaces.\r
# Specifying localhost will result in Gitblit ONLY listening to requests to\r
#\r
# SINCE 0.5.0\r
# RESTART REQUIRED\r
-server.httpBindInterface = localhost\r
+server.httpBindInterface =\r
\r
# Specify the interface for Jetty to bind the secure connector.\r
# You may specify an ip or an empty value to bind to all interfaces.\r
#\r
# SINCE 0.5.0\r
# RESTART REQUIRED\r
-server.httpsBindInterface = localhost\r
+server.httpsBindInterface =\r
\r
# Specify the interface for Jetty to bind the AJP connector.\r
# You may specify an ip or an empty value to bind to all interfaces.\r
import java.util.Scanner;\r
\r
import org.eclipse.jetty.ajp.Ajp13SocketConnector;\r
+import org.eclipse.jetty.security.ConstraintMapping;\r
+import org.eclipse.jetty.security.ConstraintSecurityHandler;\r
import org.eclipse.jetty.server.Connector;\r
import org.eclipse.jetty.server.Server;\r
import org.eclipse.jetty.server.bio.SocketConnector;\r
import org.eclipse.jetty.server.ssl.SslConnector;\r
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;\r
import org.eclipse.jetty.server.ssl.SslSocketConnector;\r
+import org.eclipse.jetty.util.security.Constraint;\r
import org.eclipse.jetty.util.thread.QueuedThreadPool;\r
import org.eclipse.jetty.webapp.WebAppContext;\r
import org.eclipse.jgit.storage.file.FileBasedConfig;\r
if (params.port < 1024 && !isWindows()) {\r
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");\r
}\r
+ if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {\r
+ // redirect HTTP requests to HTTPS\r
+ if (httpConnector instanceof SelectChannelConnector) {\r
+ ((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort);\r
+ } else {\r
+ ((SocketConnector) httpConnector).setConfidentialPort(params.securePort);\r
+ }\r
+ }\r
connectors.add(httpConnector);\r
}\r
\r
// Set the server's contexts\r
server.setHandler(rootContext);\r
\r
+ // redirect HTTP requests to HTTPS\r
+ if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {\r
+ logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort));\r
+ // Create the internal mechanisms to handle secure connections and redirects\r
+ Constraint constraint = new Constraint();\r
+ constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);\r
+\r
+ ConstraintMapping cm = new ConstraintMapping();\r
+ cm.setConstraint(constraint);\r
+ cm.setPathSpec("/*");\r
+\r
+ ConstraintSecurityHandler sh = new ConstraintSecurityHandler();\r
+ sh.setConstraintMappings(new ConstraintMapping[] { cm });\r
+\r
+ // Configure this context to use the Security Handler defined before\r
+ rootContext.setHandler(sh);\r
+ }\r
+\r
// Setup the GitBlit context\r
GitBlit gitblit = getGitBlitInstance();\r
gitblit.configureContext(settings, baseFolder, true);\r
2. The server itself is configured through a simple text file.\r
Open `data/gitblit.properties` in your favorite text editor and make sure to review and set:\r
- *server.httpPort* and *server.httpsPort*\r
- - *server.httpBindInterface* and *server.httpsBindInterface* \r
- - *server.storePassword*\r
+ - *server.storePassword*\r
**https** is strongly recommended because passwords are insecurely transmitted form your browser/git client using Basic authentication!\r
- *git.packedGitLimit* (set larger than the size of your largest repository)\r
- *git.streamFileThreshold* (set larger than the size of your largest committed file)\r
projects / gitblit.git / commitdiff