| releases.moxie | ●●●●● patch | view | raw | blame | history | |
| src/main/distrib/data/gitblit.properties | ●●●●● patch | view | raw | blame | history | |
| src/main/java/com/gitblit/GitBlitServer.java | ●●●●● patch | view | raw | blame | history | |
| src/site/setup_go.mkd | ●●●●● patch | view | raw | blame | history |
releases.moxie
@@ -26,6 +26,7 @@ - Removed "show readme" setting in favor of automatic detection - Support plain text "readme" files - Determine best commit id (e.g. "master") for the tree and docs pages and use that in links - By default GO will now bind to all interfaces for both http and https connectors. This simplifies setup for first-time users. additions: - Added branch graph image servlet based on EGit's branch graph renderer (issue-194) - Added option to render Markdown commit messages (issue-203) @@ -35,6 +36,7 @@ - Support intradocument linking in Markdown content using [[WikiLinks]] syntax (issue-324) - Added setting to globally disable anonymous pushes in the receive pack - Added a normalized diffstat display to the commit, commitdiff, and compare pages - Added GO setting to automatically redirect all http requests to the secure https connector dependencyChanges: - updated to Jetty 7.6.13 - updated to JGit 3.1.0 @@ -45,6 +47,7 @@ - { name: 'git.defaultAccessRestriction', defaultValue: 'PUSH' } - { name: 'web.commitMessageRenderer', defaultValue: 'plain' } - { name: 'web.showBranchGraph', defaultValue: 'true' } - { name: 'server.redirectToHttpsPort', defaultValue: 'true' } contributors: - James Moger - Robin Rosenberg src/main/distrib/data/gitblit.properties
@@ -1545,6 +1545,16 @@ # RESTART REQUIRED server.ajpPort = 0 # Automatically redirect http requests to the secure https connector. # # This setting requires that you have configured server.httpPort and server.httpsPort. # Unless you are on a private LAN where you trust all client connections, it is # recommended to use https for all communications. # # SINCE 1.4.0 # RESTART REQUIRED server.redirectToHttpsPort = true # Specify the interface for Jetty to bind the standard connector. # You may specify an ip or an empty value to bind to all interfaces. # Specifying localhost will result in Gitblit ONLY listening to requests to @@ -1552,7 +1562,7 @@ # # SINCE 0.5.0 # RESTART REQUIRED server.httpBindInterface = localhost server.httpBindInterface = # Specify the interface for Jetty to bind the secure connector. # You may specify an ip or an empty value to bind to all interfaces. @@ -1561,7 +1571,7 @@ # # SINCE 0.5.0 # RESTART REQUIRED server.httpsBindInterface = localhost server.httpsBindInterface = # Specify the interface for Jetty to bind the AJP connector. # You may specify an ip or an empty value to bind to all interfaces. src/main/java/com/gitblit/GitBlitServer.java
@@ -36,6 +36,8 @@ import java.util.Scanner; import org.eclipse.jetty.ajp.Ajp13SocketConnector; import org.eclipse.jetty.security.ConstraintMapping; import org.eclipse.jetty.security.ConstraintSecurityHandler; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.bio.SocketConnector; @@ -44,6 +46,7 @@ import org.eclipse.jetty.server.ssl.SslConnector; import org.eclipse.jetty.server.ssl.SslSelectChannelConnector; import org.eclipse.jetty.server.ssl.SslSocketConnector; import org.eclipse.jetty.util.security.Constraint; import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.eclipse.jetty.webapp.WebAppContext; import org.eclipse.jgit.storage.file.FileBasedConfig; @@ -213,6 +216,14 @@ if (params.port < 1024 && !isWindows()) { logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!"); } if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) { // redirect HTTP requests to HTTPS if (httpConnector instanceof SelectChannelConnector) { ((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort); } else { ((SocketConnector) httpConnector).setConfidentialPort(params.securePort); } } connectors.add(httpConnector); } @@ -380,6 +391,24 @@ // Set the server's contexts server.setHandler(rootContext); // redirect HTTP requests to HTTPS if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) { logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort)); // Create the internal mechanisms to handle secure connections and redirects Constraint constraint = new Constraint(); constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL); ConstraintMapping cm = new ConstraintMapping(); cm.setConstraint(constraint); cm.setPathSpec("/*"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setConstraintMappings(new ConstraintMapping[] { cm }); // Configure this context to use the Security Handler defined before rootContext.setHandler(sh); } // Setup the GitBlit context GitBlit gitblit = getGitBlitInstance(); gitblit.configureContext(settings, baseFolder, true); src/site/setup_go.mkd
@@ -5,8 +5,7 @@ 2. The server itself is configured through a simple text file. Open `data/gitblit.properties` in your favorite text editor and make sure to review and set: - *server.httpPort* and *server.httpsPort* - *server.httpBindInterface* and *server.httpsBindInterface* - *server.storePassword* - *server.storePassword* **https** is strongly recommended because passwords are insecurely transmitted form your browser/git client using Basic authentication! - *git.packedGitLimit* (set larger than the size of your largest repository) - *git.streamFileThreshold* (set larger than the size of your largest committed file)
