Change-Id: I33966b8292434c10ffd623838d09527aaebaca5ftags/v1.4.0
- Removed "show readme" setting in favor of automatic detection | - Removed "show readme" setting in favor of automatic detection | ||||
- Support plain text "readme" files | - Support plain text "readme" files | ||||
- Determine best commit id (e.g. "master") for the tree and docs pages and use that in links | - Determine best commit id (e.g. "master") for the tree and docs pages and use that in links | ||||
- By default GO will now bind to all interfaces for both http and https connectors. This simplifies setup for first-time users. | |||||
additions: | additions: | ||||
- Added branch graph image servlet based on EGit's branch graph renderer (issue-194) | - Added branch graph image servlet based on EGit's branch graph renderer (issue-194) | ||||
- Added option to render Markdown commit messages (issue-203) | - Added option to render Markdown commit messages (issue-203) | ||||
- Support intradocument linking in Markdown content using [[WikiLinks]] syntax (issue-324) | - Support intradocument linking in Markdown content using [[WikiLinks]] syntax (issue-324) | ||||
- Added setting to globally disable anonymous pushes in the receive pack | - Added setting to globally disable anonymous pushes in the receive pack | ||||
- Added a normalized diffstat display to the commit, commitdiff, and compare pages | - Added a normalized diffstat display to the commit, commitdiff, and compare pages | ||||
- Added GO setting to automatically redirect all http requests to the secure https connector | |||||
dependencyChanges: | dependencyChanges: | ||||
- updated to Jetty 7.6.13 | - updated to Jetty 7.6.13 | ||||
- updated to JGit 3.1.0 | - updated to JGit 3.1.0 | ||||
- { name: 'git.defaultAccessRestriction', defaultValue: 'PUSH' } | - { name: 'git.defaultAccessRestriction', defaultValue: 'PUSH' } | ||||
- { name: 'web.commitMessageRenderer', defaultValue: 'plain' } | - { name: 'web.commitMessageRenderer', defaultValue: 'plain' } | ||||
- { name: 'web.showBranchGraph', defaultValue: 'true' } | - { name: 'web.showBranchGraph', defaultValue: 'true' } | ||||
- { name: 'server.redirectToHttpsPort', defaultValue: 'true' } | |||||
contributors: | contributors: | ||||
- James Moger | - James Moger | ||||
- Robin Rosenberg | - Robin Rosenberg |
# RESTART REQUIRED | # RESTART REQUIRED | ||||
server.ajpPort = 0 | server.ajpPort = 0 | ||||
# Automatically redirect http requests to the secure https connector. | |||||
# | |||||
# This setting requires that you have configured server.httpPort and server.httpsPort. | |||||
# Unless you are on a private LAN where you trust all client connections, it is | |||||
# recommended to use https for all communications. | |||||
# | |||||
# SINCE 1.4.0 | |||||
# RESTART REQUIRED | |||||
server.redirectToHttpsPort = true | |||||
# Specify the interface for Jetty to bind the standard connector. | # Specify the interface for Jetty to bind the standard connector. | ||||
# You may specify an ip or an empty value to bind to all interfaces. | # You may specify an ip or an empty value to bind to all interfaces. | ||||
# Specifying localhost will result in Gitblit ONLY listening to requests to | # Specifying localhost will result in Gitblit ONLY listening to requests to | ||||
# | # | ||||
# SINCE 0.5.0 | # SINCE 0.5.0 | ||||
# RESTART REQUIRED | # RESTART REQUIRED | ||||
server.httpBindInterface = localhost | |||||
server.httpBindInterface = | |||||
# Specify the interface for Jetty to bind the secure connector. | # Specify the interface for Jetty to bind the secure connector. | ||||
# You may specify an ip or an empty value to bind to all interfaces. | # You may specify an ip or an empty value to bind to all interfaces. | ||||
# | # | ||||
# SINCE 0.5.0 | # SINCE 0.5.0 | ||||
# RESTART REQUIRED | # RESTART REQUIRED | ||||
server.httpsBindInterface = localhost | |||||
server.httpsBindInterface = | |||||
# Specify the interface for Jetty to bind the AJP connector. | # Specify the interface for Jetty to bind the AJP connector. | ||||
# You may specify an ip or an empty value to bind to all interfaces. | # You may specify an ip or an empty value to bind to all interfaces. |
import java.util.Scanner; | import java.util.Scanner; | ||||
import org.eclipse.jetty.ajp.Ajp13SocketConnector; | import org.eclipse.jetty.ajp.Ajp13SocketConnector; | ||||
import org.eclipse.jetty.security.ConstraintMapping; | |||||
import org.eclipse.jetty.security.ConstraintSecurityHandler; | |||||
import org.eclipse.jetty.server.Connector; | import org.eclipse.jetty.server.Connector; | ||||
import org.eclipse.jetty.server.Server; | import org.eclipse.jetty.server.Server; | ||||
import org.eclipse.jetty.server.bio.SocketConnector; | import org.eclipse.jetty.server.bio.SocketConnector; | ||||
import org.eclipse.jetty.server.ssl.SslConnector; | import org.eclipse.jetty.server.ssl.SslConnector; | ||||
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector; | import org.eclipse.jetty.server.ssl.SslSelectChannelConnector; | ||||
import org.eclipse.jetty.server.ssl.SslSocketConnector; | import org.eclipse.jetty.server.ssl.SslSocketConnector; | ||||
import org.eclipse.jetty.util.security.Constraint; | |||||
import org.eclipse.jetty.util.thread.QueuedThreadPool; | import org.eclipse.jetty.util.thread.QueuedThreadPool; | ||||
import org.eclipse.jetty.webapp.WebAppContext; | import org.eclipse.jetty.webapp.WebAppContext; | ||||
import org.eclipse.jgit.storage.file.FileBasedConfig; | import org.eclipse.jgit.storage.file.FileBasedConfig; | ||||
if (params.port < 1024 && !isWindows()) { | if (params.port < 1024 && !isWindows()) { | ||||
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!"); | logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!"); | ||||
} | } | ||||
if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) { | |||||
// redirect HTTP requests to HTTPS | |||||
if (httpConnector instanceof SelectChannelConnector) { | |||||
((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort); | |||||
} else { | |||||
((SocketConnector) httpConnector).setConfidentialPort(params.securePort); | |||||
} | |||||
} | |||||
connectors.add(httpConnector); | connectors.add(httpConnector); | ||||
} | } | ||||
// Set the server's contexts | // Set the server's contexts | ||||
server.setHandler(rootContext); | server.setHandler(rootContext); | ||||
// redirect HTTP requests to HTTPS | |||||
if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) { | |||||
logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort)); | |||||
// Create the internal mechanisms to handle secure connections and redirects | |||||
Constraint constraint = new Constraint(); | |||||
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL); | |||||
ConstraintMapping cm = new ConstraintMapping(); | |||||
cm.setConstraint(constraint); | |||||
cm.setPathSpec("/*"); | |||||
ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); | |||||
sh.setConstraintMappings(new ConstraintMapping[] { cm }); | |||||
// Configure this context to use the Security Handler defined before | |||||
rootContext.setHandler(sh); | |||||
} | |||||
// Setup the GitBlit context | // Setup the GitBlit context | ||||
GitBlit gitblit = getGitBlitInstance(); | GitBlit gitblit = getGitBlitInstance(); | ||||
gitblit.configureContext(settings, baseFolder, true); | gitblit.configureContext(settings, baseFolder, true); |
2. The server itself is configured through a simple text file. | 2. The server itself is configured through a simple text file. | ||||
Open `data/gitblit.properties` in your favorite text editor and make sure to review and set: | Open `data/gitblit.properties` in your favorite text editor and make sure to review and set: | ||||
- *server.httpPort* and *server.httpsPort* | - *server.httpPort* and *server.httpsPort* | ||||
- *server.httpBindInterface* and *server.httpsBindInterface* | |||||
- *server.storePassword* | |||||
- *server.storePassword* | |||||
**https** is strongly recommended because passwords are insecurely transmitted form your browser/git client using Basic authentication! | **https** is strongly recommended because passwords are insecurely transmitted form your browser/git client using Basic authentication! | ||||
- *git.packedGitLimit* (set larger than the size of your largest repository) | - *git.packedGitLimit* (set larger than the size of your largest repository) | ||||
- *git.streamFileThreshold* (set larger than the size of your largest committed file) | - *git.streamFileThreshold* (set larger than the size of your largest committed file) |