From acb63a082e9497e3a1e2541f5e44587eada7c60b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 05 Dec 2012 17:29:39 -0500
Subject: [PATCH] Added server setting to specify keystore alias for ssl certificate (issue 98)

---
 distrib/gitblit.properties |  100 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 93 insertions(+), 7 deletions(-)

diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties
index 4343229..ce269d2 100644
--- a/distrib/gitblit.properties
+++ b/distrib/gitblit.properties
@@ -69,6 +69,28 @@
 # SINCE 0.5.0
 git.enableGitServlet = true
 
+# If you want to restrict all git servlet access to those with valid X509 client
+# certificates then set this value to true.
+#
+# SINCE 1.2.0
+git.requiresClientCertificate = false
+
+# Enforce date checks on client certificates to ensure that they are not being
+# used prematurely and that they have not expired.
+#
+# SINCE 1.2.0
+git.enforceCertificateValidity = true
+
+# List of OIDs to extract from a client certificate DN to map a certificate to
+# an account username.
+#
+# e.g. git.certificateUsernameOIDs = CN
+# e.g. git.certificateUsernameOIDs = FirstName LastName
+#
+# SPACE-DELIMITED
+# SINCE 1.2.0
+git.certificateUsernameOIDs = CN
+
 # Only serve/display bare repositories.
 # If there are non-bare repositories in git.repositoriesFolder and this setting
 # is true, they will be excluded from the ui. 
@@ -110,6 +132,8 @@
 
 # Enable JGit-based garbage collection. (!!EXPERIMENTAL!!)
 #
+# USE AT YOUR OWN RISK!
+#
 # If enabled, the garbage collection executor scans all repositories once a day
 # at the hour of your choosing.  The GC executor will take each repository "offline",
 # one-at-a-time, to check if the repository satisfies it's GC trigger requirements.
@@ -120,8 +144,6 @@
 # Gitblit's GC Executor MAY NOT PLAY NICE with the other Git kids on the block,
 # especially on Windows systems, so if you are using other tools please coordinate
 # their usage with your GC Executor schedule or do not use this feature.
-#
-# Use this feature at your own risk!
 #
 # The GC algorithm complex and the JGit team advises caution when using their
 # young implementation of GC.
@@ -148,8 +170,8 @@
 # SINCE 1.2.0
 git.defaultGarbageCollectionThreshold = 500k
 
-# The default period between GCs for a repository.  If the total filesize of the
-# loose object exceeds *git.garbageCollectionThreshold* or the repository's
+# The default period, in days, between GCs for a repository.  If the total filesize
+# of the loose object exceeds *git.garbageCollectionThreshold* or the repository's
 # custom threshold, this period will be short-circuited. 
 #
 # e.g. if a repository collects 100KB of loose objects every day with a 500KB
@@ -167,7 +189,7 @@
 # The minimum value is 1 day since the GC Executor only runs once a day.
 #
 # SINCE 1.2.0
-git.defaultGarbageCollectionPeriod = 7 days
+git.defaultGarbageCollectionPeriod = 7
 
 # Number of bytes of a pack file to load into memory in a single read operation.
 # This is the "page size" of the JGit buffer cache, used for all pack access
@@ -460,6 +482,19 @@
 # SINCE 0.5.0   
 web.allowZipDownloads = true
 
+# If *web.allowZipDownloads=true* the following formats will be displayed for
+# download compressed archive links:
+#
+# zip   = standard .zip
+# tar   = standard tar format (preserves *nix permissions and symlinks)
+# gz    = gz-compressed tar
+# xz    = xz-compressed tar
+# bzip2 = bzip2-compressed tar
+#
+# SPACE-DELIMITED
+# SINCE 1.2.0
+web.compressedDownloads = zip gz
+
 # Allow optional Lucene integration. Lucene indexing is an opt-in feature.
 # A repository may specify branches to index with Lucene instead of using Git
 # commit traversal. There are scenarios where you may want to completely disable
@@ -469,12 +504,31 @@
 # SINCE 0.9.0
 web.allowLuceneIndexing = true
 
+# Allows an authenticated user to create forks of a repository
+#
+# set this to false if you want to disable all fork controls on the web site
+#
+web.allowForking = true
+
+# Controls the length of shortened commit hash ids
+#
+# SINCE 1.2.0
+web.shortCommitIdLength = 6
+
 # Use Clippy (Flash solution) to provide a copy-to-clipboard button.
 # If false, a button with a more primitive JavaScript-based prompt box will
 # offer a 3-step (click, ctrl+c, enter) copy-to-clipboard alternative.
 #
 # SINCE 0.8.0
 web.allowFlashCopyToClipboard = true
+
+# Default maximum number of commits that a repository may contribute to the
+# activity page, regardless of the selected duration.  This setting may be valuable
+# for an extremely busy server.  This value may also be configed per-repository
+# in Edit Repository. 0 disables this throttle.
+#
+# SINCE 1.2.0
+web.maxActivityCommits = 0
 
 # Default number of entries to include in RSS Syndication links
 #
@@ -679,7 +733,7 @@
 #
 # SPACE-DELIMITED
 # SINCE 0.5.0
-web.prettyPrintExtensions = c cpp cs css htm html java js php pl prefs properties py rb sh sql xml vb
+web.prettyPrintExtensions = c cpp cs css frm groovy htm html java js php pl prefs properties py rb scala sh sql xml vb
 
 # Registered extensions for markdown transformation
 #
@@ -1101,17 +1155,49 @@
 # RESTART REQUIRED
 server.ajpBindInterface = localhost
 
+# Alias of certificate to use for https/SSL serving.  If blank the first
+# certificate found in the keystore will be used. 
+#
+# SINCE 1.2.0
+# RESTART REQUIRED
+server.certificateAlias = localhost
+
 # Password for SSL keystore.
 # Keystore password and certificate password must match.
 # This is provided for convenience, its probably more secure to set this value
 # using the --storePassword command line parameter.
 #
+# If you are using the official JRE or JDK from Oracle you may not have the
+# JCE Unlimited Strength Jurisdiction Policy files bundled with your JVM.  Because
+# of this, your store/key password can not exceed 7 characters.  If you require
+# longer passwords you may need to install the JCE Unlimited Strength Jurisdiction
+# Policy files from Oracle.
+#
+# http://www.oracle.com/technetwork/java/javase/downloads/index.html
+#
+# Gitblit and the Gitblit Certificate Authority will both indicate if Unlimited
+# Strength encryption is available.
+#
 # SINCE 0.5.0
 # RESTART REQUIRED
 server.storePassword = gitblit
+
+# If serving over https (recommended) you might consider requiring clients to
+# authenticate with ssl certificates.  If enabled, only https clients with the
+# a valid client certificate will be able to access Gitblit.
+#
+# If disabled, client certificate authentication is optional and will be tried
+# first before falling-back to form authentication or basic authentication.
+#
+# Requiring client certificates to access any of Gitblit may be too extreme,
+# consider this carefully.
+#
+# SINCE 1.2.0
+# RESTART REQUIRED
+server.requireClientCertificates = false
 
 # Port for shutdown monitor to listen on.
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-server.shutdownPort = 8081
\ No newline at end of file
+server.shutdownPort = 8081

--
Gitblit v1.9.1