From b79ade104858ce6714a7329b7629b331564a2ea5 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 26 Mar 2013 17:00:50 -0400
Subject: [PATCH] Integrate pull-request #76: enforce HTTP Basic authentication

---
 distrib/gitblit.properties |  124 +++++++++++++++++++++++++++++++++++++----
 1 files changed, 112 insertions(+), 12 deletions(-)

diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties
index f611adf..ba4fa2c 100644
--- a/distrib/gitblit.properties
+++ b/distrib/gitblit.properties
@@ -1,4 +1,19 @@
 #
+# Gitblit Settings
+#
+
+# This settings file supports parameterization from the command-line for the
+# following command-line parameters:
+#
+#   --baseFolder    ${baseFolder}    SINCE 1.2.1
+#
+# Settings that support ${baseFolder} parameter substitution are indicated with the
+# BASEFOLDER attribute.  If the --baseFolder argument is unspecified, ${baseFolder}
+# and it's trailing / will be discarded from the setting value leaving a relative
+# path that is equivalent to pre-1.2.1 releases.
+#
+# e.g. "${baseFolder}/git" becomes "git", if --baseFolder is unspecified 
+#
 # Git Servlet Settings
 #
 
@@ -10,7 +25,8 @@
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-git.repositoriesFolder = git
+# BASEFOLDER
+git.repositoriesFolder = ${baseFolder}/git
 
 # Build the available repository list at startup and cache this list for reuse.
 # This reduces disk io when presenting the repositories page, responding to rpcs,
@@ -299,14 +315,16 @@
 #
 # RESTART REQUIRED
 # SINCE 0.8.0
-groovy.scriptsFolder = groovy
+# BASEFOLDER
+groovy.scriptsFolder = ${baseFolder}/groovy
 
 # Specify the directory Grape uses for downloading libraries.
 # http://groovy.codehaus.org/Grape
 #
 # RESTART REQUIRED
 # SINCE 1.0.0
-groovy.grapeFolder = groovy/grape
+# BASEFOLDER
+groovy.grapeFolder = ${baseFolder}/groovy/grape
 
 # Scripts to execute on Pre-Receive.
 #
@@ -366,6 +384,53 @@
 groovy.customFields = 
 
 #
+# Fanout Settings
+#
+
+# Fanout is a PubSub notification service that can be used by Sparkleshare
+# to eliminate repository change polling.  The fanout service runs in a separate
+# thread on a separate port from the Gitblit http/https application.
+# This service is provided so that Sparkleshare may be used with Gitblit in
+# firewalled environments or where reliance on Sparkleshare's default notifications
+# server (notifications.sparkleshare.org) is unwanted.
+#
+# This service maintains an open socket connection from the client to the
+# Fanout PubSub service. This service may not work properly behind a proxy server.  
+
+# Specify the interface for Fanout to bind it's service.
+# You may specify an ip or an empty value to bind to all interfaces.
+# Specifying localhost will result in Gitblit ONLY listening to requests to
+# localhost.
+#
+# SINCE 1.2.1
+# RESTART REQUIRED
+fanout.bindInterface = localhost
+
+# port for serving the Fanout PubSub service.  <= 0 disables this service.
+# On Unix/Linux systems, ports < 1024 require root permissions.
+# Recommended value: 17000
+#
+# SINCE 1.2.1
+# RESTART REQUIRED
+fanout.port = 0
+
+# Use Fanout NIO service.  If false, a multi-threaded socket service will be used.
+# Be advised, the socket implementation spawns a thread per connection plus the
+# connection acceptor thread.  The NIO implementation is completely single-threaded.
+#
+# SINCE 1.2.1
+# RESTART REQUIRED
+fanout.useNio = true
+
+# Concurrent connection limit.  <= 0 disables concurrent connection throttling.
+# If > 0, only the specified number of concurrent connections will be allowed
+# and all other connections will be rejected.
+#
+# SINCE 1.2.1
+# RESTART REQUIRED
+fanout.connectionLimit = 0
+
+#
 # Authentication Settings
 #
 
@@ -374,6 +439,12 @@
 # SINCE 0.5.0
 # RESTART REQUIRED
 web.authenticateViewPages = false
+
+# if web.authenticateViewPages=true you may optionally require a client-side
+# basic authentication prompt instead of the standard form-based login. 
+#
+# SINCE 1.3.0
+web.enforceHttpBasicAuthentication = false
 
 # Require admin authentication for the admin functions and pages
 #
@@ -390,7 +461,8 @@
 # Config file for storing project metadata
 #
 # SINCE 1.2.0
-web.projectsFile = projects.conf
+# BASEFOLDER
+web.projectsFile = ${baseFolder}/projects.conf
 
 # Either the full path to a user config file (users.conf)
 # OR the full path to a simple user properties file (users.properties)
@@ -404,7 +476,8 @@
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-realm.userService = users.conf
+# BASEFOLDER
+realm.userService = ${baseFolder}/users.conf
 
 # How to store passwords.
 # Valid values are plain, md5, or combined-md5.  md5 is the hash of password.
@@ -463,7 +536,8 @@
 # http://googlewebmastercentral.blogspot.com/2008/06/improving-on-robots-exclusion-protocol.html
 #
 # SINCE 1.0.0
-web.robots.txt = 
+# BASEFOLDER
+web.robots.txt = ${baseFolder}/robots.txt
 
 # If true, the web ui layout will respond and adapt to the browser's dimensions.
 # if false, the web ui will use a 940px fixed-width layout.
@@ -504,6 +578,12 @@
 # SINCE 0.9.0
 web.allowLuceneIndexing = true
 
+# Allows an authenticated user to create forks of a repository
+#
+# set this to false if you want to disable all fork controls on the web site
+#
+web.allowForking = true
+
 # Controls the length of shortened commit hash ids
 #
 # SINCE 1.2.0
@@ -515,6 +595,14 @@
 #
 # SINCE 0.8.0
 web.allowFlashCopyToClipboard = true
+
+# Default maximum number of commits that a repository may contribute to the
+# activity page, regardless of the selected duration.  This setting may be valuable
+# for an extremely busy server.  This value may also be configed per-repository
+# in Edit Repository. 0 disables this throttle.
+#
+# SINCE 1.2.0
+web.maxActivityCommits = 0
 
 # Default number of entries to include in RSS Syndication links
 #
@@ -548,6 +636,7 @@
 # Specifying "gitblit" uses the internal login message.
 #
 # SINCE 0.7.0
+# BASEFOLDER
 web.loginMessage = gitblit
 
 # This is the message displayed above the repositories table.
@@ -555,6 +644,7 @@
 # Specifying "gitblit" uses the internal welcome message.
 #
 # SINCE 0.5.0
+# BASEFOLDER
 web.repositoriesMessage = gitblit
 
 # Ordered list of charsets/encodings to use when trying to display a blob.
@@ -864,7 +954,8 @@
 # Use forward slashes even on Windows!!
 #
 # SINCE 0.6.0
-federation.proposalsFolder = proposals
+# BASEFOLDER
+federation.proposalsFolder = ${baseFolder}/proposals
 
 # The default pull frequency if frequency is unspecified on a registration
 #
@@ -966,7 +1057,8 @@
 #
 # SINCE 1.0.0
 # RESTART REQUIRED
-realm.ldap.backingUserService = users.conf
+# BASEFOLDER
+realm.ldap.backingUserService = ${baseFolder}/users.conf
 
 # Delegate team membership control to LDAP.
 #
@@ -1082,8 +1174,7 @@
 # Attribute on the USER record that indicate their username to be used in gitblit
 # when synchronizing users from LDAP
 # if blank, Gitblit will use uid
-#
-#
+# For MS Active Directory this may be sAMAccountName
 realm.ldap.uid = uid
 
 # The RedmineUserService must be backed by another user service for standard user
@@ -1091,7 +1182,8 @@
 # default: users.conf
 #
 # RESTART REQUIRED
-realm.redmine.backingUserService = users.conf
+# BASEFOLDER
+realm.redmine.backingUserService = ${baseFolder}/users.conf
 
 # URL of the Redmine.
 realm.redmine.url = http://example.com/redmine
@@ -1104,7 +1196,8 @@
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-server.tempFolder = temp
+# BASEFOLDER
+server.tempFolder = ${baseFolder}/temp
 
 # Use Jetty NIO connectors.  If false, Jetty Socket connectors will be used.
 #
@@ -1170,6 +1263,13 @@
 # RESTART REQUIRED
 server.ajpBindInterface = localhost
 
+# Alias of certificate to use for https/SSL serving.  If blank the first
+# certificate found in the keystore will be used. 
+#
+# SINCE 1.2.0
+# RESTART REQUIRED
+server.certificateAlias = localhost
+
 # Password for SSL keystore.
 # Keystore password and certificate password must match.
 # This is provided for convenience, its probably more secure to set this value

--
Gitblit v1.9.1