# # DEFAULTS.PROPERTIES # # The default Gitblit settings. # # This settings file supports parameterization from the command-line for the # following command-line parameters: # # --baseFolder ${baseFolder} SINCE 1.2.1 # # Settings that support ${baseFolder} parameter substitution are indicated with the # BASEFOLDER attribute. If the --baseFolder argument is unspecified, ${baseFolder} # and it's trailing / will be discarded from the setting value leaving a relative # path that is equivalent to pre-1.2.1 releases. # # e.g. "${baseFolder}/git" becomes "git", if --baseFolder is unspecified # # Git Servlet Settings # # Base folder for repositories. # This folder may contain bare and non-bare repositories but Gitblit will only # allow you to push to bare repositories. # Use forward slashes even on Windows!! # e.g. c:/gitrepos # # SINCE 0.5.0 # RESTART REQUIRED # BASEFOLDER git.repositoriesFolder = ${baseFolder}/git # Build the available repository list at startup and cache this list for reuse. # This reduces disk io when presenting the repositories page, responding to rpcs, # etc, but it means that Gitblit will not automatically identify repositories # added or deleted by external tools. # # For this case you can use curl, wget, etc to issue an rpc request to clear the # cache (e.g. https://localhost/rpc?req=CLEAR_REPOSITORY_CACHE) # # SINCE 1.1.0 git.cacheRepositoryList = true # Search the repositories folder subfolders for other repositories. # Repositories MAY NOT be nested (i.e. one repository within another) # but they may be grouped together in subfolders. # e.g. c:/gitrepos/libraries/mylibrary.git # c:/gitrepos/libraries/myotherlibrary.git # # SINCE 0.5.0 git.searchRepositoriesSubfolders = true # Maximum number of folders to recurse into when searching for repositories. # The default value, -1, disables depth limits. # # SINCE 1.1.0 git.searchRecursionDepth = -1 # List of regex exclusion patterns to match against folders found in # *git.repositoriesFolder*. # Use forward slashes even on Windows!! # e.g. test/jgit\.git # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 1.1.0 git.searchExclusions = # List of regex url patterns for extracting a repository name when locating # submodules. # e.g. git.submoduleUrlPatterns = .*?://github.com/(.*) will extract # *gitblit/gitblit.git* from *git://github.com/gitblit/gitblit.git* # If no matches are found then the submodule repository name is assumed to be # whatever trails the last / character. (e.g. gitblit.git). # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 1.1.0 git.submoduleUrlPatterns = .*?://github.com/(.*) # Specify the interface for Git Daemon to bind it's service. # You may specify an ip or an empty value to bind to all interfaces. # Specifying localhost will result in Gitblit ONLY listening to requests to # localhost. # # SINCE 1.3.0 # RESTART REQUIRED git.daemonBindInterface = # port for serving the Git Daemon service. <= 0 disables this service. # On Unix/Linux systems, ports < 1024 require root permissions. # Recommended value: 9418 # # SINCE 1.3.0 # RESTART REQUIRED git.daemonPort = 9418 # The port for serving the SSH service. <= 0 disables this service. # On Unix/Linux systems, ports < 1024 require root permissions. # Recommended value: 29418 # # SINCE 1.5.0 # RESTART REQUIRED git.sshPort = 29418 # Specify the interface for the SSH daemon to bind its service. # You may specify an ip or an empty value to bind to all interfaces. # Specifying localhost will result in Gitblit ONLY listening to requests to # localhost. # # SINCE 1.5.0 # RESTART REQUIRED git.sshBindInterface = # Manually specify the hostname to use in advertised SSH repository urls. # This may be useful in complex forwarding setups. # # SINCE 1.7.0 git.sshAdvertisedHost = # Manually specify the port to use in advertised SSH repository urls. # This may be useful in complex forwarding setups. # # SINCE 1.7.0 git.sshAdvertisedPort = # Specify the SSH key manager to use for retrieving, storing, and removing # SSH keys. # # Valid key managers are: # com.gitblit.transport.ssh.FileKeyManager # # SINCE 1.5.0 git.sshKeysManager = com.gitblit.transport.ssh.FileKeyManager # Directory for storing user SSH keys when using the FileKeyManager. # # SINCE 1.5.0 git.sshKeysFolder= ${baseFolder}/ssh # Use Kerberos5 (GSS) authentication # # SINCE 1.7.0 git.sshWithKrb5 = false # The path to a Kerberos 5 keytab. # # SINCE 1.7.0 git.sshKrb5Keytab = # The service principal name to be used for Kerberos5. # The default is host/hostname. # # SINCE 1.7.0 git.sshKrb5ServicePrincipalName = # Strip the domain suffix from a kerberos username. # e.g. james@bigbox would be "james" # # SINCE 1.7.0 git.sshKrb5StripDomain = true # SSH backend NIO2|MINA. # # The Apache Mina project recommends using the NIO2 backend. # # SINCE 1.5.0 git.sshBackend = NIO2 # Number of threads used to parse a command line submitted by a client over SSH # for execution, create the internal data structures used by that command, # and schedule it for execution on another thread. # # SINCE 1.5.0 git.sshCommandStartThreads = 2 # Allow push/pull over http/https with JGit servlet. # If you do NOT want to allow Git clients to clone/push to Gitblit set this # to false. You might want to do this if you are only using ssh:// or git://. # If you set this false, consider changing the *web.otherUrls* setting to # indicate your clone/push urls. # # SINCE 0.5.0 git.enableGitServlet = true # If you want to restrict all git servlet access to those with valid X509 client # certificates then set this value to true. # # SINCE 1.2.0 git.requiresClientCertificate = false # Enforce date checks on client certificates to ensure that they are not being # used prematurely and that they have not expired. # # SINCE 1.2.0 git.enforceCertificateValidity = true # List of OIDs to extract from a client certificate DN to map a certificate to # an account username. # # e.g. git.certificateUsernameOIDs = CN # e.g. git.certificateUsernameOIDs = FirstName LastName # # SPACE-DELIMITED # SINCE 1.2.0 git.certificateUsernameOIDs = CN # Only serve/display bare repositories. # If there are non-bare repositories in git.repositoriesFolder and this setting # is true, they will be excluded from the ui. # # SINCE 0.9.0 git.onlyAccessBareRepositories = false # Specify the list of acceptable transports for pushes. # If this setting is empty, all transports are acceptable. # # Valid choices are: GIT HTTP HTTPS SSH # # SINCE 1.5.0 # SPACE-DELIMITED git.acceptedPushTransports = HTTP HTTPS SSH # Allow an authenticated user to create a destination repository on a push if # the repository does not already exist. # # Administrator accounts can create a repository in any project. # These repositories are created with the default access restriction and authorization # control values. The pushing account is set as the owner. # # Non-administrator accounts with the CREATE role may create personal repositories. # These repositories are created as VIEW restricted for NAMED users. # The pushing account is set as the owner. # # SINCE 1.2.0 git.allowCreateOnPush = true # Global setting to control anonymous pushes. # # This setting allows/rejects anonymous pushes at the level of the receive pack. # This trumps all repository config settings. While anonymous pushes are convenient # on your own box when you are a lone developer, they are not recommended for # any multi-user installation where accountability is required. Since Gitblit # tracks pushes and user accounts, allowing anonymous pushes compromises that # information. # # SINCE 1.4.0 git.allowAnonymousPushes = false # The default access restriction for new repositories. # Valid values are NONE, PUSH, CLONE, VIEW # NONE = anonymous view, clone, & push # PUSH = anonymous view & clone and authenticated push # CLONE = anonymous view, authenticated clone & push # VIEW = authenticated view, clone, & push # # SINCE 1.0.0 git.defaultAccessRestriction = PUSH # The default authorization control for new repositories. # Valid values are AUTHENTICATED and NAMED # AUTHENTICATED = any authenticated user is granted restricted access # NAMED = only named users/teams are granted restricted access # # SINCE 1.1.0 git.defaultAuthorizationControl = NAMED # The prefix for a users personal repository directory. # # Personal user repositories are created in this directory, named by the user name # prefixed with the userRepositoryPrefix. For eaxmple, a user 'john' would have his # personal repositories in the directory '~john'. # # Cannot be an empty string. Also, absolute paths are changed to relative paths by # removing the first directory separator. # # It is not recommended to change this value AFTER your user's have created # personal repositories because it will break all permissions, ownership, and # repository push/pull operations. # # RESTART REQUIRED # SINCE 1.4.0 git.userRepositoryPrefix = ~ # The default incremental push tag prefix. Tag prefix applied to a repository # that has automatic push tags enabled and does not specify a custom tag prefix. # # If incremental push tags are enabled, the tips of each branch in the push will # be tagged with an increasing revision integer. # # e.g. refs/tags/r2345 or refs/tags/rev_2345 # # SINCE 1.3.0 git.defaultIncrementalPushTagPrefix = r # Controls creating a repository as --shared on Unix servers. # # In an Unix environment where mixed access methods exist for shared repositories, # the repository should be created with 'git init --shared' to make sure that # it can be accessed e.g. via ssh (user git) and http (user www-data). # # Valid values are the values available for the '--shared' option. The the manual # page for 'git init' for more information on shared repositories. # # SINCE 1.4.0 git.createRepositoriesShared = false # Directory for gitignore templates used during repository creation. # # SINCE 1.6.0 git.gitignoreFolder = ${baseFolder}/gitignore # Enable JGit-based garbage collection. (!!EXPERIMENTAL!!) # # USE AT YOUR OWN RISK! # # If enabled, the garbage collection executor scans all repositories once a day # at the hour of your choosing. The GC executor will take each repository "offline", # one-at-a-time, to check if the repository satisfies it's GC trigger requirements. # # While the repository is offline it will be inaccessible from the web UI or from # any of the other services (git, rpc, rss, etc). # # Gitblit's GC Executor MAY NOT PLAY NICE with the other Git kids on the block, # especially on Windows systems, so if you are using other tools please coordinate # their usage with your GC Executor schedule or do not use this feature. # # The GC algorithm complex and the JGit team advises caution when using their # young implementation of GC. # # http://wiki.eclipse.org/EGit/New_and_Noteworthy/2.1#Garbage_Collector_and_Repository_Storage_Statistics # # EXPERIMENTAL # SINCE 1.2.0 # RESTART REQUIRED git.enableGarbageCollection = false # Hour of the day for the GC Executor to scan repositories. # This value is in 24-hour time. # # SINCE 1.2.0 git.garbageCollectionHour = 0 # The default minimum total filesize of loose objects to trigger early garbage # collection. # # You may specify a custom threshold for a repository in the repository's settings. # Common unit suffixes of k, m, or g are supported. # # SINCE 1.2.0 git.defaultGarbageCollectionThreshold = 500k # The default period, in days, between GCs for a repository. If the total filesize # of the loose object exceeds *git.garbageCollectionThreshold* or the repository's # custom threshold, this period will be short-circuited. # # e.g. if a repository collects 100KB of loose objects every day with a 500KB # threshold and a period of 7 days, it will take 5 days for the loose objects to # be collected, packed, and pruned. # # OR # # if a repository collects 10KB of loose objects every day with a 500KB threshold # and a period of 7 days, it will take the full 7 days for the loose objects to be # collected, packed, and pruned. # # You may specify a custom period for a repository in the repository's settings. # # The minimum value is 1 day since the GC Executor only runs once a day. # # SINCE 1.2.0 git.defaultGarbageCollectionPeriod = 7 # Gitblit can automatically fetch ref updates for a properly configured mirror # repository. # # Requirements: # 1. you must manually clone the repository using native git # git clone --mirror git://somewhere.com/myrepo.git # 2. the "origin" remote must be the mirror source # 3. the "origin" repository must be accessible without authentication OR the # credentials must be embedded in the origin url (not recommended) # # Notes: # 1. "origin" SSH urls are untested and not likely to work # 2. mirrors cloned while Gitblit is running are likely to require clearing the # gitblit cache (link on the repositories page of an administrator account) # 3. Gitblit will automatically repair any invalid fetch refspecs with a "//" # sequence. # # SINCE 1.4.0 # RESTART REQUIRED git.enableMirroring = false # Specify the period between update checks for mirrored repositories. # The shortest period you may specify between mirror update checks is 5 mins. # # SINCE 1.4.0 # RESTART REQUIRED git.mirrorPeriod = 30 mins # Number of bytes of a pack file to load into memory in a single read operation. # This is the "page size" of the JGit buffer cache, used for all pack access # operations. All disk IO occurs as single window reads. Setting this too large # may cause the process to load more data than is required; setting this too small # may increase the frequency of read() system calls. # # Default on JGit is 8 KiB on all platforms. # # Common unit suffixes of k, m, or g are supported. # Documentation courtesy of the Gerrit project. # # SINCE 1.0.0 # RESTART REQUIRED git.packedGitWindowSize = 8k # Maximum number of bytes to load and cache in memory from pack files. If JGit # needs to access more than this many bytes it will unload less frequently used # windows to reclaim memory space within the process. As this buffer must be shared # with the rest of the JVM heap, it should be a fraction of the total memory available. # # The JGit team recommends setting this value larger than the size of your biggest # repository. This ensures you can serve most requests from memory. # # Default on JGit is 10 MiB on all platforms. # # Common unit suffixes of k, m, or g are supported. # Documentation courtesy of the Gerrit project. # # SINCE 1.0.0 # RESTART REQUIRED git.packedGitLimit = 10m # Maximum number of bytes to reserve for caching base objects that multiple deltafied # objects reference. By storing the entire decompressed base object in a cache Git # is able to avoid unpacking and decompressing frequently used base objects multiple times. # # Default on JGit is 10 MiB on all platforms. You probably do not need to adjust # this value. # # Common unit suffixes of k, m, or g are supported. # Documentation courtesy of the Gerrit project. # # SINCE 1.0.0 # RESTART REQUIRED git.deltaBaseCacheLimit = 10m # Maximum number of pack files to have open at once. A pack file must be opened # in order for any of its data to be available in a cached window. # # If you increase this to a larger setting you may need to also adjust the ulimit # on file descriptors for the host JVM, as Gitblit needs additional file descriptors # available for network sockets and other repository data manipulation. # # Default on JGit is 128 file descriptors on all platforms. # Documentation courtesy of the Gerrit project. # # SINCE 1.0.0 # RESTART REQUIRED git.packedGitOpenFiles = 128 # When true, JGit will use mmap() rather than malloc()+read() to load data from # pack files. The use of mmap can be problematic on some JVMs as the garbage # collector must deduce that a memory mapped segment is no longer in use before # a call to munmap() can be made by the JVM native code. # # In server applications (such as Gitblit) that need to access many pack files, # setting this to true risks artificially running out of virtual address space, # as the garbage collector cannot reclaim unused mapped spaces fast enough. # # Default on JGit is false. Although potentially slower, it yields much more # predictable behavior. # Documentation courtesy of the Gerrit project. # # SINCE 1.0.0 # RESTART REQUIRED git.packedGitMmap = false # Validate all received (pushed) objects are valid. # # SINCE 1.5.0 git.checkReceivedObjects = true # Validate all referenced but not supplied objects are reachable. # # If enabled, Gitblit will verify that references to objects not contained # within the received pack are already reachable through at least one other # reference advertised to clients. # # This feature is useful when Gitblit doesn't trust the client to not provide a # forged SHA-1 reference to an object, in an attempt to access parts of the DAG # that they aren't allowed to see and which have been hidden from them via the # configured AdvertiseRefsHook or RefFilter. # # Enabling this feature may imply at least some, if not all, of the same functionality # performed by git.checkReceivedObjects. # # SINCE 1.5.0 git.checkReferencedObjectsAreReachable = true # Set the maximum allowed Git object size. # # If an object is larger than the given size the pack-parsing will throw an exception # aborting the receive-pack operation. The default value, 0, disables maximum # object size checking. # # SINCE 1.5.0 git.maxObjectSizeLimit = 0 # Set the maximum allowed pack size. # # A pack exceeding this size will be rejected. The default value, -1, disables # maximum pack size checking. # # SINCE 1.5.0 git.maxPackSizeLimit = -1 # Use the Gitblit patch receive pack for processing contributions and tickets. # This allows the user to push a patch using the familiar Gerrit syntax: # # git push HEAD:refs/for/ # # NOTE: # This requires git.enableGitServlet = true AND it requires an authenticated # git transport connection (http/https) when pushing from a client. # # Valid services include: # com.gitblit.tickets.FileTicketService # com.gitblit.tickets.BranchTicketService # com.gitblit.tickets.RedisTicketService # # SINCE 1.4.0 # RESTART REQUIRED tickets.service = # Globally enable or disable creation of new bug, enhancement, task, etc tickets # for all repositories. # # If false, no tickets can be created through the ui for any repositories. # If true, each repository can control if they allow new tickets to be created. # # NOTE: # If a repository is accepting patchsets, new proposal tickets can be created # regardless of this setting. # # SINCE 1.4.0 tickets.acceptNewTickets = true # Globally enable or disable pushing patchsets to all repositories. # # If false, no patchsets will be accepted for any repositories. # If true, each repository can control if they accept new patchsets. # # NOTE: # If a repository is accepting patchsets, new proposal tickets can be created # regardless of the acceptNewTickets setting. # # SINCE 1.4.0 tickets.acceptNewPatchsets = true # Default setting to control patchset merge through the web ui. If true, patchsets # must have an approval score to enable the merge button. This setting can be # overriden per-repository. # # SINCE 1.4.0 tickets.requireApproval = false # Default setting to control how patchsets are merged to the integration branch. # Valid values: # MERGE_ALWAYS - Always merge with a merge commit. Every ticket will show up as a branch, # even if it could have been fast-forward merged. This is the default. # MERGE_IF_NECESSARY - If possible, fast-forward the integration branch, # if not, merge with a merge commit. # FAST_FORWARD_ONLY - Only merge when a fast-forward is possible. This produces a strictly # linear history of the integration branch. # # This setting can be overriden per-repository. # # RESTART REQUIRED # SINCE 1.9.0 tickets.mergeType = MERGE_ALWAYS # The case-insensitive regular expression used to identify and close tickets on # push to the integration branch for commits that are NOT already referenced as # a patchset tip. # # SINCE 1.5.0 tickets.closeOnPushCommitMessageRegex = (?:fixes|closes)[\\s-]+#?(\\d+) # The case-insensitive regular expression used to identify and link tickets on # push to the commits based on commit message. In the case of a patchset # self references are ignored # # SINCE 1.8.0 tickets.linkOnPushCommitMessageRegex = (?:ref|task|issue|bug)?[\\s-]*#(\\d+) # Specify the location of the Lucene Ticket index # # SINCE 1.4.0 # RESTART REQUIRED tickets.indexFolder = ${baseFolder}/tickets/lucene # Define the url for the Redis server. # # e.g. redis://localhost:6379 # redis://:foobared@localhost:6379/2 # # SINCE 1.4.0 # RESTART REQUIRED tickets.redis.url = # The number of tickets to display on a page. # # SINCE 1.4.0 tickets.perPage = 25 # The folder where plugins are loaded from. # # SINCE 1.5.0 # RESTART REQUIRED # BASEFOLDER plugins.folder = ${baseFolder}/plugins # The registry of available plugins. # # SINCE 1.5.0 plugins.registry = http://plugins.gitblit.com/plugins.json # The HTTP proxy host for plugin manager. # # SINCE 1.7.0 plugins.httpProxyHost = # The HTTP proxy port for plugin manager. # # SINCE 1.7.0 plugins.httpProxyPort = # The HTTP proxy authorization header for plugin manager. # # SINCE 1.7.0 plugins.httpProxyAuthorization = # Number of threads used to handle miscellaneous tasks in the background. # # SINCE 1.6.0 # RESTART REQUIRED execution.defaultThreadPoolSize = 1 # # Groovy Integration # # Location of Groovy scripts to use for Pre and Post receive hooks. # Use forward slashes even on Windows!! # e.g. c:/groovy # # RESTART REQUIRED # SINCE 0.8.0 # BASEFOLDER groovy.scriptsFolder = ${baseFolder}/groovy # Specify the directory Grape uses for downloading libraries. # http://groovy.codehaus.org/Grape # # RESTART REQUIRED # SINCE 1.0.0 # BASEFOLDER groovy.grapeFolder = ${baseFolder}/groovy/grape # Scripts to execute on Pre-Receive. # # These scripts execute after an incoming push has been parsed and validated # but BEFORE the changes are applied to the repository. You might reject a # push in this script based on the repository and branch the push is attempting # to change. # # Script names are case-sensitive on case-sensitive file systems. You may omit # the traditional ".groovy" from this list if your file extension is ".groovy" # # NOTE: # These scripts are only executed when pushing to *Gitblit*, not to other Git # tooling you may be using. Also note that these scripts are shared between # repositories. These are NOT repository-specific scripts! Within the script # you may customize the control-flow for a specific repository by checking the # *repository* variable. # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 0.8.0 groovy.preReceiveScripts = # Scripts to execute on Post-Receive. # # These scripts execute AFTER an incoming push has been applied to a repository. # You might trigger a continuous-integration build here or send a notification. # # Script names are case-sensitive on case-sensitive file systems. You may omit # the traditional ".groovy" from this list if your file extension is ".groovy" # # NOTE: # These scripts are only executed when pushing to *Gitblit*, not to other Git # tooling you may be using. Also note that these scripts are shared between # repositories. These are NOT repository-specific scripts! Within the script # you may customize the control-flow for a specific repository by checking the # *repository* variable. # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 0.8.0 groovy.postReceiveScripts = # Repository custom fields for Groovy Hook mechanism # # List of key=label pairs of custom fields to prompt for in the Edit Repository # page. These keys are stored in the repository's git config file in the # section [gitblit "customFields"]. Key names are alphanumeric only. These # fields are intended to be used for the Groovy hook mechanism where a script # can adjust it's execution based on the custom fields stored in the repository # config. # # e.g. "commitMsgRegex=Commit Message Regular Expression" anotherProperty=Another # # SPACE-DELIMITED # SINCE 1.0.0 groovy.customFields = # # Fanout Settings # # Fanout is a PubSub notification service that can be used by Sparkleshare # to eliminate repository change polling. The fanout service runs in a separate # thread on a separate port from the Gitblit http/https application. # This service is provided so that Sparkleshare may be used with Gitblit in # firewalled environments or where reliance on Sparkleshare's default notifications # server (notifications.sparkleshare.org) is unwanted. # # This service maintains an open socket connection from the client to the # Fanout PubSub service. This service may not work properly behind a proxy server. # Specify the interface for Fanout to bind it's service. # You may specify an ip or an empty value to bind to all interfaces. # Specifying localhost will result in Gitblit ONLY listening to requests to # localhost. # # SINCE 1.2.1 # RESTART REQUIRED fanout.bindInterface = # port for serving the Fanout PubSub service. <= 0 disables this service. # On Unix/Linux systems, ports < 1024 require root permissions. # Recommended value: 17000 # # SINCE 1.2.1 # RESTART REQUIRED fanout.port = 0 # Use Fanout NIO service. If false, a multi-threaded socket service will be used. # Be advised, the socket implementation spawns a thread per connection plus the # connection acceptor thread. The NIO implementation is completely single-threaded. # # SINCE 1.2.1 # RESTART REQUIRED fanout.useNio = true # Concurrent connection limit. <= 0 disables concurrent connection throttling. # If > 0, only the specified number of concurrent connections will be allowed # and all other connections will be rejected. # # SINCE 1.2.1 # RESTART REQUIRED fanout.connectionLimit = 0 # # Authentication Settings # # Require authentication to see everything but the admin pages # # SINCE 0.5.0 # RESTART REQUIRED web.authenticateViewPages = false # If web.authenticateViewPages=true you may optionally require a client-side # basic authentication prompt instead of the standard form-based login. # # SINCE 1.3.0 web.enforceHttpBasicAuthentication = false # Require admin authentication for the admin functions and pages # # SINCE 0.5.0 # RESTART REQUIRED web.authenticateAdminPages = true # Allow Gitblit to store a cookie in the user's browser for automatic # authentication. The cookie is generated by the user service. # # SINCE 0.5.0 web.allowCookieAuthentication = true # Allow deletion of non-empty repositories. This is enforced for all delete vectors. # # SINCE 1.6.0 web.allowDeletingNonEmptyRepositories = true # Setting to include personal repositories in the main repositories list. # # SINCE 1.6.0 web.includePersonalRepositories = false # Config file for storing project metadata # # SINCE 1.2.0 # BASEFOLDER web.projectsFile = ${baseFolder}/projects.conf # Defines the tab length for all blob views # # SINCE 1.7.0 web.tabLength = 4 # Either the full path to a user config file (users.conf) # OR a fully qualified class name that implements the IUserService interface. # # Any custom user service implementation must have a public default constructor. # # SINCE 0.5.0 # RESTART REQUIRED # BASEFOLDER realm.userService = ${baseFolder}/users.conf # Ordered list of external authentication providers which will be used if # authentication against the local user service fails. # # Valid providers are: # # htpasswd # httpheader # ldap # pam # redmine # salesforce # windows # e.g. realm.authenticationProviders = htpasswd windows # # SINCE 1.4.0 # RESTART REQUIRED # SPACE-DELIMITED realm.authenticationProviders = # How to store passwords. # Valid values are plain, md5, or combined-md5. md5 is the hash of password. # combined-md5 is the hash of username.toLowerCase()+password. # Default is md5. # # SINCE 0.5.0 realm.passwordStorage = md5 # Minimum valid length for a plain text password. # Default value is 5. Absolute minimum is 4. # # SINCE 0.5.0 realm.minPasswordLength = 5 # # Gitblit Web Settings # # If blank Gitblit is displayed. # # SINCE 0.5.0 web.siteName = # The canonical url of your Gitblit server to be used in repository url generation, # RSS feeds, and all embedded links in email and plugin-based notifications. # # If you are running Gitblit on a non-standard http port (i.e. not 80 and not 443) # then you must specify that port in this url otherwise your generated urls will be # incorrect. # # The hostname of this url will be extracted for SSH and GIT protocol repository # url generation. # # e.g. web.canonicalUrl = https://dev.gitblit.com # web.canonicalUrl = https://dev.gitblit.com:8443 # # SINCE 1.4.0 web.canonicalUrl = # You may specify a different logo image for the header but it must be 120x45px. # If the specified file does not exist, the default Gitblit logo will be used. # # SINCE 1.3.0 # BASEFOLDER web.headerLogo = ${baseFolder}/logo.png # You may specify a different link URL for the logo image anchor. # If blank the Gitblit main page URL is used. # # SINCE 1.3.0 # BASEFOLDER web.rootLink = # You may specify a custom header background CSS color. If unspecified, the # default color will be used. # # e.g. web.headerBackgroundColor = #002060 # # SINCE 1.3.0 web.headerBackgroundColor = # You may specify a custom header foreground CSS color. If unspecified, the # default color will be used. # # e.g. web.headerForegroundColor = white # # SINCE 1.3.0 web.headerForegroundColor = # You may specify a custom header foreground hover CSS color. If unspecified, the # default color will be used. # # e.g. web.headerHoverColor = white # # SINCE 1.3.0 web.headerHoverColor = # You may specify a custom header border CSS color. If unspecified, the default # color will be used. # # e.g. web.headerBorderColor = #002060 # # SINCE 1.3.0 web.headerBorderColor = # You may specify a custom header border CSS color. If unspecified, the default # color will be used. # # e.g. web.headerBorderFocusColor = #ff9900 # # SINCE 1.3.0 web.headerBorderFocusColor = # If *web.authenticateAdminPages*=true, users with "admin" role can create # repositories, create users, and edit repository metadata. # # If *web.authenticateAdminPages*=false, any user can execute the aforementioned # functions. # # SINCE 0.5.0 web.allowAdministration = true # Setting to disable rendering the top-level navigation header which includes # the login form, top-level links like dashboard, repositories, search, etc. # This setting is only useful if you plan to embed Gitblit within another page # or system. # # SINCE 1.4.0 web.hideHeader = false # Allows rpc clients to list repositories and possibly manage or administer the # Gitblit server, if the authenticated account has administrator permissions. # See *web.enableRpcManagement* and *web.enableRpcAdministration*. # # SINCE 0.7.0 web.enableRpcServlet = true # Allows rpc clients to manage repositories and users of the Gitblit instance, # if the authenticated account has administrator permissions. # Requires *web.enableRpcServlet=true*. # # SINCE 0.7.0 web.enableRpcManagement = false # Allows rpc clients to control the server settings and monitor the health of this # this Gitblit instance, if the authenticated account has administrator permissions. # Requires *web.enableRpcServlet=true* and *web.enableRpcManagement*. # # SINCE 0.7.0 web.enableRpcAdministration = false # Full path to a configurable robots.txt file. With this file you can control # what parts of your Gitblit server respectable robots are allowed to traverse. # http://googlewebmastercentral.blogspot.com/2008/06/improving-on-robots-exclusion-protocol.html # # SINCE 1.0.0 # BASEFOLDER web.robots.txt = ${baseFolder}/robots.txt # The number of minutes to cache a page in the browser since the last request. # The default value is 0 minutes. A value <= 0 disables all page caching which # is the default behavior for Gitblit <= 1.3.0. # # SINCE 1.3.1 web.pageCacheExpires = 0 # If true, the web ui layout will respond and adapt to the browser's dimensions. # if false, the web ui will use a 940px fixed-width layout. # http://twitter.github.com/bootstrap/scaffolding.html#responsive # # SINCE 1.0.0 web.useResponsiveLayout = true # Allow Gravatar images to be displayed in Gitblit pages. # # SINCE 0.8.0 web.allowGravatar = true # Define which class will generate the avatar URL. # # SINCE 1.7.0 web.avatarClass = com.gitblit.GravatarGenerator # Allow dynamic zip downloads. # # SINCE 0.5.0 web.allowZipDownloads = true # If *web.allowZipDownloads=true* the following formats will be displayed for # download compressed archive links: # # zip = standard .zip # tar = standard tar format (preserves *nix permissions and symlinks) # gz = gz-compressed tar # xz = xz-compressed tar # bzip2 = bzip2-compressed tar # # SPACE-DELIMITED # SINCE 1.2.0 web.compressedDownloads = zip gz # Allow optional Lucene integration. Lucene indexing is an opt-in feature. # A repository may specify branches to index with Lucene instead of using Git # commit traversal. There are scenarios where you may want to completely disable # Lucene indexing despite a repository specifying indexed branches. One such # scenario is on a resource-constrained federated Gitblit mirror. # # SINCE 0.9.0 web.allowLuceneIndexing = true # Control the frequency of Lucene repository indexing. # The default setting is to check for updated refs every 2 mins. # # SINCE 1.6.1 web.luceneFrequency = 2 mins # Allows an authenticated user to create forks of a repository # # set this to false if you want to disable all fork controls on the web site # web.allowForking = true # Controls the length of shortened commit hash ids # # SINCE 1.2.0 web.shortCommitIdLength = 6 # Use Clippy (Flash solution) to provide a copy-to-clipboard button. # If false, a button with a more primitive JavaScript-based prompt box will # offer a 3-step (click, ctrl+c, enter) copy-to-clipboard alternative. # # SINCE 0.8.0 web.allowFlashCopyToClipboard = true # Default maximum number of commits that a repository may contribute to the # activity page, regardless of the selected duration. This setting may be valuable # for an extremely busy server. This value may also be configed per-repository # in Edit Repository. 0 disables this throttle. # # SINCE 1.2.0 web.maxActivityCommits = 0 # Default number of entries to include in RSS Syndication links # # SINCE 0.5.0 web.syndicationEntries = 25 # Show the size of each repository on the repositories page. # This requires recursive traversal of each repository folder. This may be # non-performant on some operating systems and/or filesystems. # # SINCE 0.5.2 web.showRepositorySizes = true # List of custom regex expressions that can be displayed in the Filters menu # of the Repositories and Activity pages. Keep them very simple because you # are likely to run into encoding issues if they are too complex. # # Use !!! to separate the filters # # SINCE 0.8.0 web.customFilters = # Show federation registrations (without token) and the current pull status # to non-administrator users. # # SINCE 0.6.0 web.showFederationRegistrations = false # This is the message displayed when *web.authenticateViewPages=true*. # This can point to a file with Markdown content. # Specifying "gitblit" uses the internal login message. # # SINCE 0.7.0 # BASEFOLDER web.loginMessage = gitblit # This is the message displayed above the repositories table. # This can point to a file with Markdown content. # Specifying "gitblit" uses the internal welcome message. # # SINCE 0.5.0 # BASEFOLDER web.repositoriesMessage = gitblit # Ordered list of charsets/encodings to use when trying to display a blob. # If empty, UTF-8 and ISO-8859-1 are used. The server's default charset # is always appended to the encoding list. If all encodings fail to cleanly # decode the blob content, UTF-8 will be used with the standard malformed # input/unmappable character replacement strings. # # SPACE-DELIMITED # SINCE 1.0.0 web.blobEncodings = UTF-8 ISO-8859-1 # Manually set the default timezone to be used by Gitblit for display in the # web ui. This value is independent of the JVM timezone. Specifying a blank # value will default to the JVM timezone. # e.g. America/New_York, US/Pacific, UTC, Europe/Berlin # # SINCE 0.9.0 # RESTART REQUIRED web.timezone = # Use the client timezone when formatting dates. # This uses AJAX to determine the browser's timezone and may require more # server overhead because a Wicket session is created. All Gitblit pages # attempt to be stateless, if possible. # # SINCE 0.5.0 # RESTART REQUIRED web.useClientTimezone = false # Time format # # # SINCE 0.8.0 web.timeFormat = HH:mm # Short date format # # # SINCE 0.5.0 web.datestampShortFormat = yyyy-MM-dd # Long date format # # SINCE 0.8.0 web.datestampLongFormat = EEEE, MMMM d, yyyy # Long timestamp format # # # SINCE 0.5.0 web.datetimestampLongFormat = EEEE, MMMM d, yyyy HH:mm Z # Mount URL parameters # This setting controls if pretty or parameter URLs are used. # i.e. # if true: # http://localhost/commit/myrepo/abcdef # if false: # http://localhost/commit/?r=myrepo&h=abcdef # # SINCE 0.5.0 # RESTART REQUIRED web.mountParameters = true # Some servlet containers (e.g. Tomcat >= 6.0.10) disallow '/' (%2F) encoding # in URLs as a security precaution for proxies. This setting tells Gitblit # to preemptively replace '/' with '*' or '!' for url string parameters. # # # # Add *-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true* to your # *CATALINA_OPTS* or to your JVM launch parameters # # SINCE 0.5.2 web.forwardSlashCharacter = / # Show other URLs on the summary page for accessing your git repositories # Use spaces to separate urls. # # {0} is the token for the repository name # {1} is the token for the username # # The username is only practical if you have setup your other git serving # solutions accounts to have the same username as the Gitblit account. # # e.g. # web.otherUrls = ssh://localhost/git/{0} git://localhost/git/{0} https://{1}@localhost/r/{0} # # SPACE-DELIMITED # SINCE 0.5.0 web.otherUrls = # Should HTTP/HTTPS URLs be displayed if the git servlet is enabled? # default: true # # SINCE 1.7.0 web.showHttpServletUrls = true # Should git URLs be displayed if the git daemon is enabled? # default: true # # SINCE 1.7.0 web.showGitDaemonUrls = true # Should SSH URLs be displayed if the SSH daemon is enabled? # default: true # # SINCE 1.7.0 web.showSshDaemonUrls = true # Should effective permissions be advertised for access paths defined in web.otherUrls? # If false, gitblit will indicate unknown permissions for the external link. If true, # gitblit will indicate permissions as defined within gitblit (including limiting to clone # permission is the transport type is not a valid push mechaism in git.acceptedPushTransports). # # Configure with caution: Note that gitblit has no way of knowing if further restrictions # are imposed by an external forwarding agent, so this may cause user confusion due to # more rights being advertised than are available through the URL. It will NOT grant # additional rights, but may incorrectly offer actions that are unavailable externally. # default: false # # SINCE 1.7.0 web.advertiseAccessPermissionForOtherUrls = false # Should app-specific clone links be displayed for SourceTree, SparkleShare, etc? # # SINCE 1.3.0 web.allowAppCloneLinks = true # Choose how to present the repositories list. # grouped = group nested/subfolder repositories together (no sorting) # flat = flat list of repositories (sorting allowed) # # SINCE 0.5.0 web.repositoryListType = grouped # If using a grouped repository list and there are repositories at the # root level of your repositories folder, you may specify the displayed # group name with this setting. This value is only used for web presentation. # # SINCE 0.5.0 web.repositoryRootGroupName = main # Display the repository swatch color next to the repository name link in the # repositories list. # # SINCE 0.8.0 web.repositoryListSwatches = true # Defines the default commit message renderer. This can be configured # per-repository. # # Valid values are: plain, markdown # # SINCE 1.4.0 web.commitMessageRenderer = plain # Control if email addresses are shown in web ui # # SINCE 0.5.0 web.showEmailAddresses = true # Shows a combobox in the page links header with commit, committer, and author # search selection. Default search is commit. # # SINCE 0.5.0 web.showSearchTypeSelection = false # Controls display of activity graphs on the dashboard, activity, and summary # pages. Charts are generated using Flotr2; an open source HTML5 library. # # SINCE 0.5.0 web.generateActivityGraph = true # Displays the commits branch graph in the summary page and commits/log page. # # SINCE 1.4.0 web.showBranchGraph = true # The default number of days to show on the activity page. # Value must exceed 0 else default of 7 is used # # SINCE 0.8.0 web.activityDuration = 7 # Choices for days of activity to display. # # SPACE-DELIMITED # SINCE 1.3.0 web.activityDurationChoices = 1 3 7 14 21 28 # Maximum number of days of activity that may be displayed on the activity page. # # SINCE 1.3.2 web.activityDurationMaximum = 30 # The number of days of commits to cache in memory for the dashboard, activity, # and project pages. A value of 0 will disable all caching and will parse commits # in each repository per-request. If the value > 0 these pages will try to fulfill # requests using the commit cache. If the request specifies a period which falls # outside the commit cache window, then the cache will be ignored and the request # will be fulfilled by brute-force parsing all relevant commits per-repository. # # Consider the values specified for *web.activityDurationChoices* when setting # the cache size AND consider adjusting the JVM -Xmx heap parameter appropriately. # # SINCE 1.3.0 # RESTART REQUIRED web.activityCacheDays = 14 # Case-insensitive list of authors to exclude from metrics. Useful for # eliminating bots. # # SPACE-DELIMITED # SINCE 1.3.0 web.metricAuthorExclusions = # The number of commits to display on the summary page # Value must exceed 0 else default of 20 is used # # SINCE 0.5.0 web.summaryCommitCount = 16 # The number of tags/branches to display on the summary page. # -1 = all tags/branches # 0 = hide tags/branches # N = N tags/branches # # SINCE 0.5.0 web.summaryRefsCount = 5 # Show a README file, if available, on the summary page. # # SINCE 1.4.0 web.summaryShowReadme = false # The number of items to show on a page before showing the first, prev, next # pagination links. A default of 50 is used for any invalid value. # # SINCE 0.5.0 web.itemsPerPage = 50 # The number of reflog changes to display on the overview page # Value must exceed 0 else default of 5 is used # # SINCE 1.3.0 web.overviewReflogCount = 5 # The number of reflog changes to show on a reflog page before show the first, # prev, next pagination links. A default of 10 is used for any invalid value. # # SINCE 1.3.0 web.reflogChangesPerPage = 10 # Specify the names of documents in the root of your repository to be displayed # in tabs on your repository docs page. If the name is not found in the root # then no tab is added. The order specified is the order displayed. Do not # specify a file extension as the aggregation of markup extensions + txt are used # in the search algorithm. # # SPACE-DELIMITED # SINCE 1.4.0 web.documents = readme home index changelog contributing submitting_patches copying license notice authors # Registered file extensions to ignore during Lucene indexing # # SPACE-DELIMITED # SINCE 0.9.0 web.luceneIgnoreExtensions = 7z arc arj bin bmp dll doc docx exe gif gz jar jpg lib lzh odg odf odt pdf ppt pptx png so swf tar xcf xls xlsx zip # Registered extensions for google-code-prettify # # SPACE-DELIMITED # SINCE 0.5.0 web.prettyPrintExtensions = aea agc basic bat c cbm cl clj cmd cpp cs css dart el erl erlang frm fs go groovy h hpp hs htm html java js latex lisp ll llvm lsp lua ml moxie mumps n nemerle pascal php pl pm prefs properties proto py r R rb rd Rd rkt s S scala scm sh Splus sql ss tcl tex vb vbs vhd vhdl wiki xml xq xquery yaml yml ymlapollo # Registered extensions for markdown transformation # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 0.5.0 web.markdownExtensions = md mkd markdown MD MKD # Registered extensions for mediawiki transformation # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 1.4.0 web.mediawikiExtensions = mw mediawiki # Registered extensions for twiki transformation # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 1.4.0 web.twikiExtensions = twiki # Registered extensions for textile transformation # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 1.4.0 web.textileExtensions = textile # Registered extensions for confluence transformation # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 1.4.0 web.confluenceExtensions = confluence # Registered extensions for tracwiki transformation # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 1.4.0 web.tracwikiExtensions = tracwiki # Image extensions # # SPACE-DELIMITED # SINCE 0.5.0 web.imageExtensions = bmp ico gif jpg jpeg png svg # Registered extensions for binary blobs # # SPACE-DELIMITED # SINCE 0.5.0 web.binaryExtensions = 7z arc arj bin dll doc docx exe gz jar lib lzh odg odf odt pdf ppt pptx so tar xls xlsx zip # Aggressive heap management will run the garbage collector on every generated # page. This slows down page generation a little but improves heap consumption. # # SINCE 0.5.0 web.aggressiveHeapManagement = false # Run the webapp in debug mode # # SINCE 0.5.0 # RESTART REQUIRED web.debugMode = false # Allows to hide the user logon form or dropdown menu from the top pane # if it's not needed. # # SINCE 1.7.0 web.displayUserPanel = true # Force a default locale for all users, ignoring the browser's settings. # An empty value allows Gitblit to use the translation preferred by the browser. # # Changing this value while the server is running will only affect new sessions. # # e.g. web.forceDefaultLocale = en # # SINCE 1.3.0 web.forceDefaultLocale = # The following two settings serve to avoid browser overload when trying to # render very large diffs. Both limits apply to commitdiffs, not to single-file # diffs. # Maximum number of diff lines to display for a single file diff in a commitdiff. # Defaults to 4000; can be adjusted in the range [500 .. 4000]. Smaller values # set the limit to 500, larger values to 4000. The count includes context lines # in the diff. # # If a file diff in a commitdiff produces more lines, the diff for that file is # not shown in the commitdiff. # # SINCE 1.7.0 web.maxDiffLinesPerFile = 4000 # Total maximum number of diff lines to show in a commitdiff. Defaults to 20000; # can be adjusted in the range [1000 .. 20000]. Smaller values set the limit to # 1000, larger values to 20000. The count includes context lines in diffs. # # If a commitdiff produces more lines, it is truncated after the first file # that exceeds the limit. Diffs for subsequent files in the commit are not shown # at all in the commitdiff. Omitted files are listed, though. # # SINCE 1.7.0 web.maxDiffLines = 20000 # Enable/disable global regex substitutions (i.e. shared across repositories) # # SINCE 0.5.0 # DEPRECATED 1.4.0 (migrate to bugtraq instead) regex.global = true # Example global regex substitutions # Use !!! to separate the search pattern and the replace pattern # searchpattern!!!replacepattern # SINCE 0.5.0 # regex.global.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: $3 # SINCE 0.5.0 # Example Gerrit links # regex.global.changeid = \\b(Change-Id:\\s*)([A-Za-z0-9]*)\\b!!!Change-Id: $2 # regex.global.reviewedon = \\b(Reviewed-on:\\s*)([A-Za-z0-9:/\\.]*)\\b!!!Reviewed-on: $2 # Example per-repository regex substitutions overrides global # SINCE 0.5.0 # regex.myrepository.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: $3 # # Mail Settings # SINCE 0.6.0 # # Mail settings are used to notify administrators of received federation proposals # # ip or hostname of smtp server # # SINCE 0.6.0 mail.server = # port to use for smtp requests # # SINCE 0.6.0 mail.port = 25 # debug the mail executor # # SINCE 0.6.0 mail.debug = false # use SMTPs flag mail.smtps = false # use STARTTLS flag # # SINCE 1.6.0 mail.starttls = false # if your smtp server requires authentication, supply the credentials here # # SINCE 0.6.0 mail.username = # SINCE 0.6.0 mail.password = # from address for generated emails # # SINCE 0.6.0 mail.fromAddress = # List of email addresses for the Gitblit administrators # # SPACE-DELIMITED # SINCE 0.6.0 mail.adminAddresses = # List of email addresses for sending push email notifications. # # This key currently requires use of the sendemail.groovy hook script. # If you set sendemail.groovy in *groovy.postReceiveScripts* then email # notifications for all repositories (regardless of access restrictions!) # will be sent to these addresses. # # SPACE-DELIMITED # SINCE 0.8.0 mail.mailingLists = # # Federation Settings # SINCE 0.6.0 # # A Gitblit federation is a way to backup one Gitblit instance to another. # # *git.enableGitServlet* must be true to use this feature. # Your federation name is used for federation status acknowledgments. If it is # unset, and you elect to send a status acknowledgment, your Gitblit instance # will be identified by its hostname, if available, else your internal ip address. # The source Gitblit instance will also append your external IP address to your # identification to differentiate multiple pulling systems behind a single proxy. # # SINCE 0.6.0 federation.name = # Specify the passphrase of this Gitblit instance. # # An unspecified (empty) passphrase disables processing federation requests. # # This value can be anything you want: an integer, a sentence, an haiku, etc. # Keep the value simple, though, to avoid Java properties file encoding issues. # # Changing your passphrase will break any registrations you have established with other # Gitblit instances. # # CASE-SENSITIVE # SINCE 0.6.0 # RESTART REQUIRED *(only to enable or disable federation)* federation.passphrase = # Control whether or not this Gitblit instance can receive federation proposals # from another Gitblit instance. Registering a federated Gitblit is a manual # process. Proposals help to simplify that process by allowing a remote Gitblit # instance to send your Gitblit instance the federation pull data. # # SINCE 0.6.0 federation.allowProposals = false # The destination folder for cached federation proposals. # Use forward slashes even on Windows!! # # SINCE 0.6.0 # BASEFOLDER federation.proposalsFolder = ${baseFolder}/proposals # The default pull frequency if frequency is unspecified on a registration # # SINCE 0.6.0 federation.defaultFrequency = 60 mins # Federation Sets are named groups of repositories. The Federation Sets are # available for selection in the repository settings page. You can assign a # repository to one or more sets and then distribute the token for the set. # This allows you to grant federation pull access to a subset of your available # repositories. Tokens for federation sets only grant repository pull access. # # SPACE-DELIMITED # CASE-SENSITIVE # SINCE 0.6.0 federation.sets = # Federation pull registrations # Registrations are read once, at startup. # # RESTART REQUIRED # # frequency: # The shortest frequency allowed is every 5 minutes # Decimal frequency values are cast to integers # Frequency values may be specified in mins, hours, or days # Values that can not be parsed or are unspecified default to *federation.defaultFrequency* # # folder: # if unspecified, the folder is *git.repositoriesFolder* # if specified, the folder is relative to *git.repositoriesFolder* # # bare: # if true, each repository will be created as a *bare* repository and will not # have a working directory. # # if false, each repository will be created as a normal repository suitable # for local work. # # mirror: # if true, each repository HEAD is reset to *origin/master* after each pull. # The repository will be flagged *isFrozen* after the initial clone. # # if false, each repository HEAD will point to the FETCH_HEAD of the initial # clone from the origin until pushed to or otherwise manipulated. # # mergeAccounts: # if true, remote accounts and their permissions are merged into your # users.properties file # # notifyOnError: # if true and the mail configuration is properly set, administrators will be # notified by email of pull failures # # include and exclude: # Space-delimited list of repositories to include or exclude from pull # may be * wildcard to include or exclude all # may use fuzzy match (e.g. org.eclipse.*) # # (Nearly) Perfect Mirror example # #federation.example1.url = https://go.gitblit.com #federation.example1.token = 6f3b8a24bf970f17289b234284c94f43eb42f0e4 #federation.example1.frequency = 120 mins #federation.example1.folder = #federation.example1.bare = true #federation.example1.mirror = true #federation.example1.mergeAccounts = true # # Advanced Realm Settings # # Auto-creates user accounts based on the servlet container principal. This # assumes that your Gitblit install is a protected resource and your container's # authentication process intercepts all Gitblit requests. # # SINCE 1.3.0 realm.container.autoCreateAccounts = false # A set of mapping used to map HTTP session attributes to user informations # They are used if realm.container.autoCreateAccounts is set to true and # the webapp container used can fill the session with user informations # # SINCE 1.7.0 realm.container.autoAccounts.displayName = realm.container.autoAccounts.emailAddress = realm.container.autoAccounts.locale = # If the user's created by the webapp container is given this role, # the user created will be a admin user. # # SINCE 1.7.0 realm.container.autoAccounts.adminRole = # Allow or prohibit Windows guest account logins # # SINCE 1.3.0 realm.windows.allowGuests = false # Allow user accounts belonging to the BUILTIN\Administrators group to be # Gitblit administrators. # # SINCE 1.4.0 realm.windows.permitBuiltInAdministrators = true # The default domain for authentication. # # If specified, this domain will be used for authentication UNLESS the supplied # login name manually specifies a domain (.e.g. mydomain\james or james@mydomain) # # If unspecified, the username must be specified in UPN format (name@domain). # # if "." (dot) is specified, ONLY the local account database will be used. # # SINCE 1.3.0 realm.windows.defaultDomain = # The PAM service name for authentication. # default: system-auth # # SINCE 1.3.1 realm.pam.serviceName = system-auth # The Apache htpasswd file that contains the users and passwords. # default: ${baseFolder}/htpasswd # # RESTART REQUIRED # BASEFOLDER # SINCE 1.3.2 realm.htpasswd.userfile = ${baseFolder}/htpasswd # The name of the HTTP header containing the user name to trust as authenticated # default: none # # WARNING: only use this mechanism if your requests are coming from a trusted # and secure source such as a self managed reverse proxy! # # RESTART REQUIRED # SINCE 1.7.2 realm.httpheader.userheader = # The name of the HTTP header containing the team names of which the user is a member. # If this is defined, then only groups from the headers will be available, whereas # if this remains undefined, then local groups will be used. # # This setting requires that you have configured realm.httpheader.userheader. # # default: none # # RESTART REQUIRED # SINCE 1.7.2 realm.httpheader.teamheader = # The regular expression pattern used to separate team names in the team header value # default: , # # This setting requires that you have configured realm.httpheader.teamheader # # RESTART REQUIRED # SINCE 1.7.2 realm.httpheader.teamseparator = , # Auto-creates user accounts when successfully authenticated based on HTTP headers. # # SINCE 1.7.2 realm.httpheader.autoCreateAccounts = false # Restrict the Salesforce user to members of this org. # default: 0 (i.e. do not check the Org ID) # # SINCE 1.3.0 realm.salesforce.orgId = 0 # URL of the LDAP server. # To use encrypted transport, use either ldaps:// URL for SSL or ldap+tls:// to # send StartTLS command. # # SINCE 1.0.0 realm.ldap.server = ldap://localhost # Login username for LDAP searches. # This is usually a user with permissions to search LDAP users and groups. # It must have at least have the permission to search users. If it does not # have permission to search groups, the normal user logging in must have # the permission in LDAP to search groups. # If this value is unspecified, anonymous LDAP login will be used. # # e.g. mydomain\\username # # SINCE 1.0.0 realm.ldap.username = cn=Directory Manager # Login password for LDAP searches. # # SINCE 1.0.0 realm.ldap.password = password # Bind pattern for user authentication. # Allow to directly authenticate an user without searching for it in LDAP. # Use this if the LDAP server does not allow anonymous access and you don't # want to use a specific account to run searches. When set, it will override # the settings realm.ldap.username and realm.ldap.password. # This requires that all relevant user entries are children to the same DN, # and that logging users have permission to search for their groups in LDAP. # This will disable synchronization as a specific LDAP account is needed for that. # # e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain # # SINCE 1.5.0 realm.ldap.bindpattern = # Delegate team membership control to LDAP. # # If true, team user memberships will be specified by LDAP groups. This will # disable team selection in Edit User and user selection in Edit Team. # # If false, LDAP will only be used for authentication and Gitblit will maintain # team memberships with the *realm.ldap.backingUserService*. # # SINCE 1.0.0 realm.ldap.maintainTeams = false # Root node for all LDAP users # # This is the root node from which subtree user searches will begin. # If blank, Gitblit will search ALL nodes. # # SINCE 1.0.0 realm.ldap.accountBase = OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain # Filter criteria for LDAP users # # Query pattern to use when searching for a user account. This may be any valid # LDAP query expression, including the standard (&) and (|) operators. # # Variables may be injected via the ${variableName} syntax. # Recognized variables are: # ${username} - The text entered as the user name # # SINCE 1.0.0 realm.ldap.accountPattern = (&(objectClass=person)(sAMAccountName=${username})) # Root node for all LDAP groups to be used as Gitblit Teams # # This is the root node from which subtree team searches will begin. # If blank, Gitblit will search ALL nodes. # # SINCE 1.0.0 realm.ldap.groupBase = OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain # Filter criteria for LDAP groups # # Query pattern to use when searching for a team. This may be any valid # LDAP query expression, including the standard (&) and (|) operators. # # Variables may be injected via the ${variableName} syntax. # Recognized variables are: # ${username} - The text entered as the user name # ${dn} - The Distinguished Name of the user logged in # # All attributes from the LDAP User record are available. For example, if a user # has an attribute "fullName" set to "John", "(fn=${fullName})" will be # translated to "(fn=John)". # # SINCE 1.0.0 realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn})) # Filter criteria for empty LDAP groups # # Query pattern to use when searching for an empty team. This may be any valid # LDAP query expression, including the standard (&) and (|) operators. # # default: (&(objectClass=group)(!(member=*))) # SINCE 1.4.0 realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(member=*))) # LDAP users or groups that should be given administrator privileges. # # Teams are specified with a leading '@' character. Groups with spaces in the # name can be entered as "@team name". This setting only applies when using # LDAP to maintain team memberships. # # e.g. realm.ldap.admins = john @git_admins "@git admins" # # SPACE-DELIMITED # SINCE 1.0.0 realm.ldap.admins = @Git_Admins # Attribute(s) on the USER record that indicate their display (or full) name. # Leave blank for no mapping available in LDAP. # # This may be a single attribute, or a string of multiple attributes. Examples: # displayName - Uses the attribute 'displayName' on the user record # ${personalTitle}. ${givenName} ${surname} - Will concatenate the 3 # attributes together, with a '.' after personalTitle # # SINCE 1.0.0 realm.ldap.displayName = displayName # Attribute(s) on the USER record that indicate their email address. # Leave blank for no mapping available in LDAP. # # This may be a single attribute, or a string of multiple attributes. Examples: # email - Uses the attribute 'email' on the user record # ${givenName}.${surname}@gitblit.com -Will concatenate the 2 attributes # together with a '.' and '@' creating something like first.last@gitblit.com # # SINCE 1.0.0 realm.ldap.email = email # Attribute on the USER record that indicate their username to be used in gitblit # when synchronizing users from LDAP # if blank, Gitblit will use uid # For MS Active Directory this may be sAMAccountName # # SINCE 1.0.0 realm.ldap.uid = uid # Defines whether to synchronize all LDAP users and teams into the user service # This requires either anonymous LDAP access or that a specific account is set # in realm.ldap.username and realm.ldap.password, that has permission to read # users and groups in LDAP. # # Valid values: true, false # If left blank, false is assumed # # SINCE 1.4.0 realm.ldap.synchronize = false # Defines the period to be used when synchronizing users and teams from ldap. # # Must be of the form ' ' where is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS' # default: 5 MINUTES # # RESTART REQUIRED # SINCE 1.4.0 realm.ldap.syncPeriod = 5 MINUTES # Defines whether to delete non-existent LDAP users from the user service # during synchronization. depends on realm.ldap.synchronize = true # # Valid values: true, false # If left blank, true is assumed # # SINCE 1.4.0 realm.ldap.removeDeletedUsers = true # URL of the Redmine. # # SINCE 1.2.0 realm.redmine.url = http://example.com/redmine # # Gitblit GO Server Settings # The following settings only affect the integrated GO variant. # # The temporary folder to decompress the embedded gitblit webapp. # # SINCE 0.5.0 # RESTART REQUIRED # BASEFOLDER server.tempFolder = ${baseFolder}/temp # Specify the maximum number of concurrent http/https Jetty worker # threads to allow. This setting does not affect other threaded # daemons and components of Gitblit. # # SINCE 1.3.0 # RESTART REQUIRED server.threadPoolSize = 50 # Context path for the GO application. You might want to change the context # path if running Gitblit behind a proxy layer such as mod_proxy. # # SINCE 0.7.0 # RESTART REQUIRED server.contextPath = / # Standard http port to serve. <= 0 disables this connector. # On Unix/Linux systems, ports < 1024 require root permissions. # Recommended value: 80 or 8080 # # SINCE 0.5.0 # RESTART REQUIRED server.httpPort = 0 # Secure/SSL https port to serve. <= 0 disables this connector. # On Unix/Linux systems, ports < 1024 require root permissions. # Recommended value: 443 or 8443 # # SINCE 0.5.0 # RESTART REQUIRED server.httpsPort = 8443 # Automatically redirect http requests to the secure https connector. # # This setting requires that you have configured server.httpPort and server.httpsPort. # Unless you are on a private LAN where you trust all client connections, it is # recommended to use https for all communications. # # SINCE 1.4.0 # RESTART REQUIRED server.redirectToHttpsPort = false # Specify the interface for Jetty to bind the standard connector. # You may specify an ip or an empty value to bind to all interfaces. # Specifying localhost will result in Gitblit ONLY listening to requests to # localhost. # # SINCE 0.5.0 # RESTART REQUIRED server.httpBindInterface = # Specify the interface for Jetty to bind the secure connector. # You may specify an ip or an empty value to bind to all interfaces. # Specifying localhost will result in Gitblit ONLY listening to requests to # localhost. # # SINCE 0.5.0 # RESTART REQUIRED server.httpsBindInterface = # Alias of certificate to use for https/SSL serving. If blank the first # certificate found in the keystore will be used. # # SINCE 1.2.0 # RESTART REQUIRED server.certificateAlias = localhost # Password for SSL keystore. # Keystore password and certificate password must match. # This is provided for convenience, its probably more secure to set this value # using the --storePassword command line parameter. # # If you are using the official JRE or JDK from Oracle you may not have the # JCE Unlimited Strength Jurisdiction Policy files bundled with your JVM. Because # of this, your store/key password can not exceed 7 characters. If you require # longer passwords you may need to install the JCE Unlimited Strength Jurisdiction # Policy files from Oracle. # # http://www.oracle.com/technetwork/java/javase/downloads/index.html # # Gitblit and the Gitblit Certificate Authority will both indicate if Unlimited # Strength encryption is available. # # SINCE 0.5.0 # RESTART REQUIRED server.storePassword = gitblit # If serving over https (recommended) you might consider requiring clients to # authenticate with ssl certificates. If enabled, only https clients with the # a valid client certificate will be able to access Gitblit. # # If disabled, client certificate authentication is optional and will be tried # first before falling-back to form authentication or basic authentication. # # Requiring client certificates to access any of Gitblit may be too extreme, # consider this carefully. # # SINCE 1.2.0 # RESTART REQUIRED server.requireClientCertificates = false # Port for shutdown monitor to listen on. # # SINCE 0.5.0 # RESTART REQUIRED server.shutdownPort = 8081 # # Gitblit Filestore Settings # # The location to save the filestore blobs # # SINCE 1.7.0 filestore.storageFolder = ${baseFolder}/lfs # Maximum allowable upload size # The default value, -1, disables upload limits. # Common unit suffixes of k, m, or g are supported. # SINCE 1.7.0 filestore.maxUploadSize = -1