February 2013 - daangemist Blog

Month: February 2013

Apache .htaccess authorization with both IP check and password authentication

Feb 28, 2013 daan

Have you ever been struggling to secure a website domain by both IP address whitelist and a password file? This means the user has to have a specific IP address to even be allowed, and after allowance the user must enter his/her password for access.

The solution to do this in a Apache .htaccess file is listed below.

Important things to notice are:

A password file is created using htpasswd in /home/domains/www.example.com/secure.passwd. This file can be located anywhere you like, as long as the user Apache runs as can read it
The line with Satisfy All is the key to the solution. If you want the user to only have to fulfill one of the two requirements (has whitelisted IP or enters password) set this to Satisfy Any.

AuthType Basic
AuthName "Secure site"
AuthUserFile /home/domains/www.example.com/secure.passwd
Require valid-user
Order deny,allow
Deny from all
#Repeat the line below for all allowed IP addresses.
Allow from 127.0.0.1
Satisfy All

Leave a Comment

Set Git user information

Feb 14, 2013 daan

Tags: git, manual

When starting to use git, you should set your username and emailaddress, which is stored for every commit. The git website contains a great guide on getting started. Execute the following two commands to set your commit information globally for every project.

$ git config --global user.name "John Doe"
$ git config --global user.email johndoe@example.com

If you want to set the information for a specific project, execute this command without the –global flag in the repositories folder. This will only locally change the information.

On another note, GitHub also has a great guide on getting started with the git basics.

Leave a Comment

Installing Android SDK on Centos 6

Feb 8, 2013 daan

Tags: centos, howto, linux

Attempting to installing the Android SDK on a Linux server, for example your buildserver? This is an excellent guide on how to accomplish that. Following all the steps in this guides results in the SDK installing each and every SDK version available.

This webpage explains how to install only specific parts of the SDK. In short:

cd <your sdk folder>/tools
./android list sdk
./android update sdk -u -n -t 5,21

Where the numbers at the end of the last command are the numbers of the list in the output of the second command. The -n argument simulates the install, so you don’t actually download a few gigabytes of data accidentally. Run the command without -n to do the actual install.

Leave a Comment

Browse your personal Git repository online

Feb 2, 2013 daan

Tags: git, howto, ubuntu

After installing a Git repository on a webserver I’d also like to browse it using my webbrowser. We can do this via the gitweb package and some additional configuration in Apache. The assumption is that this is done on a Ubuntu system.

The result will be that repositories can be cloned via /git/repos/[name].git and browsed via /git/, within the same VirtualHost. It is assumed that your VirtualHost is set up similar to the previous blog post on git on this blog.

First install gitweb via the apt-get package manager:

apt-get install gitweb

The configuration for gitweb is located at _/etc/gitweb.conf. _Only one line needs to be changed, at the beginning of the file; change the $projectroot value to the root of your git repository.:

# path to git projects (<project>.git)
$projectroot = "/var/git/repository";

The installation of the gitweb packace has placed a configuration file in /etc/apache2/conf.d/gitweb:

Alias /gitweb /usr/share/gitweb
<Directory /usr/share/gitweb>
	Options FollowSymLinks +ExecCGI
	AddHandler cgi-script .cgi
</Directory>

This causes the URL /gitweb/ to be mapped to the gitweb script, causing it to show up on every VirtualHost. We want it to show up only on the git.example.com VirtualHost. In order to do so, remove this configuration file. Modify the git.example.com (or any VirtualHost you have configured for git access) and add the following lines:

Alias /git /usr/share/gitweb
<Directory /usr/share/gitweb>
	Options FollowSymLinks +ExecCGI
	AddHandler cgi-script .cgi
</Directory>

Also remove the line

#ScriptAlias /git/ /usr/lib/git-core/git-http-backend/

and replace it with:

ScriptAliasMatch \
	"(?x)^/git/(.\*/(HEAD | \
	info/refs | \
	objects/(info/\[^/\]+ | \
	\[0-9a-f\]{2}/\[0-9a-f\]{38} | \
	pack/pack-\[0-9a-f\]{40}\\.(pack|idx)) | \
	git-(upload|receive)-pack))$" \
	/usr/lib/git-core/git-http-backend/$1

This causes all requests from the git commandline (push, pull, clone, etc) to be forwarded to the git-http-backend script, while all other requests are handled by gitweb.

Leave a Comment

Install private Git server under Apache and Debian

Feb 1, 2013 daan

Tags: debian, git, howto

This guide lists all the step you need to take to install a git server which is accessible via http. If you have no need for https you can skip this part in the tutorial. After following all the steps it did not work immediately, I did have to tweak the apache configuration a little and install additional packages, the end result can be found below.

The git-core package was also installed using apt-get install git-core.

This VirtualHost configuration also limits access to only IP addresses in the subnet 192.168.*.* and requires a password, stored in the htpasswd file located at /var/www/git.example.com/git.passwd

Pay special attention to this line: ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ and verify that the location of the git-core directory is correct. On some installations the path might be /usr/libexec/git-core/git-http-backend or something similar.

<VirtualHost>
    ServerAdmin webmaster@localhost
    ServerName git.example.com
    DocumentRoot /var/www/git.example.com/htdocs
<Directory>
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    SetEnv GIT\_PROJECT\_ROOT /var/git/repository
    SetEnv GIT\_HTTP\_EXPORT\_ALL
    SetEnv REMOTE\_USER=$REDIRECT\_REMOTE\_USER
    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    <Location>
        Deny from all
        Allow from 127.0.0.1
        Allow from 192.168
    </Location>
    <Location /git>
        AuthType Basic
        AuthName "Git Repository"
        AuthUserFile /var/www/git.example.com/git.passwd
        Require valid-user
    </Location>

    ErrorLog ${APACHE\_LOG\_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    CustomLog ${APACHE\_LOG\_DIR}/access.log combined
</VirtualHost>

Read the next git blog post to learn how to also browse the git repositories using your webbrowser.

Create new git repository

To create a new git repository execute:

git init <span class="hljs-comment">--bare name_of_project.git</span>

On a remote machine you can checkout this project by executing:

git <span class="hljs-keyword">clone</span> <span class="hljs-title">http</span>://git.example.com/git/name_of_project.git

On the first push command to send the changes to the server, you need to specify that you were working on the master. The original repository was bare, so git does not know that yet. The command below takes care of that:

git <span class="hljs-built_in">push</span> <span class="hljs-built_in">origin</span> master

Leave a Comment