首页 > 代码库 > gitblit-1.8.0域认证
gitblit-1.8.0域认证
gitblit-1.8.0\data\defaults.properties
## DEFAULTS.PROPERTIES## The default Gitblit settings.## This settings file supports parameterization from the command-line for the# following command-line parameters:## --baseFolder ${baseFolder} SINCE 1.2.1## Settings that support ${baseFolder} parameter substitution are indicated with the# BASEFOLDER attribute. If the --baseFolder argument is unspecified, ${baseFolder}# and it‘s trailing / will be discarded from the setting value leaving a relative# path that is equivalent to pre-1.2.1 releases.## e.g. "${baseFolder}/git" becomes "git", if --baseFolder is unspecified ## Git Servlet Settings## Base folder for repositories.# This folder may contain bare and non-bare repositories but Gitblit will only# allow you to push to bare repositories.# Use forward slashes even on Windows!!# e.g. c:/gitrepos## SINCE 0.5.0# RESTART REQUIRED# BASEFOLDERgit.repositoriesFolder = ${baseFolder}/git# Build the available repository list at startup and cache this list for reuse.# This reduces disk io when presenting the repositories page, responding to rpcs,# etc, but it means that Gitblit will not automatically identify repositories# added or deleted by external tools.## For this case you can use curl, wget, etc to issue an rpc request to clear the# cache (e.g. https://localhost/rpc?req=CLEAR_REPOSITORY_CACHE)## SINCE 1.1.0git.cacheRepositoryList = true# Search the repositories folder subfolders for other repositories.# Repositories MAY NOT be nested (i.e. one repository within another)# but they may be grouped together in subfolders.# e.g. c:/gitrepos/libraries/mylibrary.git# c:/gitrepos/libraries/myotherlibrary.git## SINCE 0.5.0git.searchRepositoriesSubfolders = true# Maximum number of folders to recurse into when searching for repositories.# The default value, -1, disables depth limits.## SINCE 1.1.0git.searchRecursionDepth = -1# List of regex exclusion patterns to match against folders found in# *git.repositoriesFolder*.# Use forward slashes even on Windows!!# e.g. test/jgit\.git## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 1.1.0git.searchExclusions =# List of regex url patterns for extracting a repository name when locating# submodules.# e.g. git.submoduleUrlPatterns = .*?://github.com/(.*) will extract# *gitblit/gitblit.git* from *git://github.com/gitblit/gitblit.git*# If no matches are found then the submodule repository name is assumed to be# whatever trails the last / character. (e.g. gitblit.git).## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 1.1.0git.submoduleUrlPatterns = .*?://github.com/(.*)# Specify the interface for Git Daemon to bind it‘s service.# You may specify an ip or an empty value to bind to all interfaces.# Specifying localhost will result in Gitblit ONLY listening to requests to# localhost.## SINCE 1.3.0# RESTART REQUIREDgit.daemonBindInterface = # port for serving the Git Daemon service. <= 0 disables this service.# On Unix/Linux systems, ports < 1024 require root permissions.# Recommended value: 9418## SINCE 1.3.0# RESTART REQUIREDgit.daemonPort = 9418# The port for serving the SSH service. <= 0 disables this service.# On Unix/Linux systems, ports < 1024 require root permissions.# Recommended value: 29418## SINCE 1.5.0# RESTART REQUIREDgit.sshPort = 29418# Specify the interface for the SSH daemon to bind its service.# You may specify an ip or an empty value to bind to all interfaces.# Specifying localhost will result in Gitblit ONLY listening to requests to# localhost.## SINCE 1.5.0# RESTART REQUIREDgit.sshBindInterface = # Manually specify the hostname to use in advertised SSH repository urls.# This may be useful in complex forwarding setups.## SINCE 1.7.0git.sshAdvertisedHost = # Manually specify the port to use in advertised SSH repository urls.# This may be useful in complex forwarding setups.## SINCE 1.7.0git.sshAdvertisedPort = # Specify the SSH key manager to use for retrieving, storing, and removing# SSH keys.## Valid key managers are:# com.gitblit.transport.ssh.FileKeyManager## SINCE 1.5.0git.sshKeysManager = com.gitblit.transport.ssh.FileKeyManager# Directory for storing user SSH keys when using the FileKeyManager.## SINCE 1.5.0git.sshKeysFolder= ${baseFolder}/ssh# Use Kerberos5 (GSS) authentication## SINCE 1.7.0git.sshWithKrb5 = false# The path to a Kerberos 5 keytab.## SINCE 1.7.0git.sshKrb5Keytab = # The service principal name to be used for Kerberos5.# The default is host/hostname.## SINCE 1.7.0git.sshKrb5ServicePrincipalName = # Strip the domain suffix from a kerberos username.# e.g. james@bigbox would be "james"## SINCE 1.7.0git.sshKrb5StripDomain = true# SSH backend NIO2|MINA.## The Apache Mina project recommends using the NIO2 backend.## SINCE 1.5.0git.sshBackend = NIO2# Number of threads used to parse a command line submitted by a client over SSH# for execution, create the internal data structures used by that command,# and schedule it for execution on another thread.## SINCE 1.5.0git.sshCommandStartThreads = 2# Allow push/pull over http/https with JGit servlet.# If you do NOT want to allow Git clients to clone/push to Gitblit set this# to false. You might want to do this if you are only using ssh:// or git://.# If you set this false, consider changing the *web.otherUrls* setting to# indicate your clone/push urls.## SINCE 0.5.0git.enableGitServlet = true# If you want to restrict all git servlet access to those with valid X509 client# certificates then set this value to true.## SINCE 1.2.0git.requiresClientCertificate = false# Enforce date checks on client certificates to ensure that they are not being# used prematurely and that they have not expired.## SINCE 1.2.0git.enforceCertificateValidity = true# List of OIDs to extract from a client certificate DN to map a certificate to# an account username.## e.g. git.certificateUsernameOIDs = CN# e.g. git.certificateUsernameOIDs = FirstName LastName## SPACE-DELIMITED# SINCE 1.2.0git.certificateUsernameOIDs = CN# Only serve/display bare repositories.# If there are non-bare repositories in git.repositoriesFolder and this setting# is true, they will be excluded from the ui. ## SINCE 0.9.0git.onlyAccessBareRepositories = false# Specify the list of acceptable transports for pushes.# If this setting is empty, all transports are acceptable.## Valid choices are: GIT HTTP HTTPS SSH## SINCE 1.5.0# SPACE-DELIMITEDgit.acceptedPushTransports = HTTP HTTPS SSH# Allow an authenticated user to create a destination repository on a push if# the repository does not already exist.## Administrator accounts can create a repository in any project.# These repositories are created with the default access restriction and authorization# control values. The pushing account is set as the owner.## Non-administrator accounts with the CREATE role may create personal repositories.# These repositories are created as VIEW restricted for NAMED users.# The pushing account is set as the owner.## SINCE 1.2.0git.allowCreateOnPush = true# Global setting to control anonymous pushes.## This setting allows/rejects anonymous pushes at the level of the receive pack.# This trumps all repository config settings. While anonymous pushes are convenient# on your own box when you are a lone developer, they are not recommended for# any multi-user installation where accountability is required. Since Gitblit# tracks pushes and user accounts, allowing anonymous pushes compromises that# information.## SINCE 1.4.0git.allowAnonymousPushes = false# The default access restriction for new repositories.# Valid values are NONE, PUSH, CLONE, VIEW# NONE = anonymous view, clone, & push# PUSH = anonymous view & clone and authenticated push# CLONE = anonymous view, authenticated clone & push# VIEW = authenticated view, clone, & push## SINCE 1.0.0git.defaultAccessRestriction = PUSH# The default authorization control for new repositories.# Valid values are AUTHENTICATED and NAMED# AUTHENTICATED = any authenticated user is granted restricted access# NAMED = only named users/teams are granted restricted access## SINCE 1.1.0git.defaultAuthorizationControl = NAMED# The prefix for a users personal repository directory.## Personal user repositories are created in this directory, named by the user name# prefixed with the userRepositoryPrefix. For eaxmple, a user ‘john‘ would have his# personal repositories in the directory ‘~john‘.## Cannot be an empty string. Also, absolute paths are changed to relative paths by # removing the first directory separator.## It is not recommended to change this value AFTER your user‘s have created# personal repositories because it will break all permissions, ownership, and# repository push/pull operations. ## RESTART REQUIRED# SINCE 1.4.0git.userRepositoryPrefix = ~# The default incremental push tag prefix. Tag prefix applied to a repository# that has automatic push tags enabled and does not specify a custom tag prefix.## If incremental push tags are enabled, the tips of each branch in the push will# be tagged with an increasing revision integer.## e.g. refs/tags/r2345 or refs/tags/rev_2345 ## SINCE 1.3.0git.defaultIncrementalPushTagPrefix = r# Controls creating a repository as --shared on Unix servers.## In an Unix environment where mixed access methods exist for shared repositories,# the repository should be created with ‘git init --shared‘ to make sure that# it can be accessed e.g. via ssh (user git) and http (user www-data).## Valid values are the values available for the ‘--shared‘ option. The the manual# page for ‘git init‘ for more information on shared repositories.## SINCE 1.4.0git.createRepositoriesShared = false# Directory for gitignore templates used during repository creation.## SINCE 1.6.0git.gitignoreFolder = ${baseFolder}/gitignore# Enable JGit-based garbage collection. (!!EXPERIMENTAL!!)## USE AT YOUR OWN RISK!## If enabled, the garbage collection executor scans all repositories once a day# at the hour of your choosing. The GC executor will take each repository "offline",# one-at-a-time, to check if the repository satisfies it‘s GC trigger requirements.## While the repository is offline it will be inaccessible from the web UI or from# any of the other services (git, rpc, rss, etc).## Gitblit‘s GC Executor MAY NOT PLAY NICE with the other Git kids on the block,# especially on Windows systems, so if you are using other tools please coordinate# their usage with your GC Executor schedule or do not use this feature.## The GC algorithm complex and the JGit team advises caution when using their# young implementation of GC.## http://wiki.eclipse.org/EGit/New_and_Noteworthy/2.1#Garbage_Collector_and_Repository_Storage_Statistics## EXPERIMENTAL# SINCE 1.2.0# RESTART REQUIREDgit.enableGarbageCollection = false# Hour of the day for the GC Executor to scan repositories.# This value is in 24-hour time.## SINCE 1.2.0git.garbageCollectionHour = 0# The default minimum total filesize of loose objects to trigger early garbage# collection.## You may specify a custom threshold for a repository in the repository‘s settings.# Common unit suffixes of k, m, or g are supported.## SINCE 1.2.0git.defaultGarbageCollectionThreshold = 500k# The default period, in days, between GCs for a repository. If the total filesize# of the loose object exceeds *git.garbageCollectionThreshold* or the repository‘s# custom threshold, this period will be short-circuited. ## e.g. if a repository collects 100KB of loose objects every day with a 500KB# threshold and a period of 7 days, it will take 5 days for the loose objects to# be collected, packed, and pruned.## OR## if a repository collects 10KB of loose objects every day with a 500KB threshold# and a period of 7 days, it will take the full 7 days for the loose objects to be# collected, packed, and pruned.## You may specify a custom period for a repository in the repository‘s settings.## The minimum value is 1 day since the GC Executor only runs once a day.## SINCE 1.2.0git.defaultGarbageCollectionPeriod = 7# Gitblit can automatically fetch ref updates for a properly configured mirror# repository.## Requirements:# 1. you must manually clone the repository using native git# git clone --mirror git://somewhere.com/myrepo.git# 2. the "origin" remote must be the mirror source# 3. the "origin" repository must be accessible without authentication OR the# credentials must be embedded in the origin url (not recommended)## Notes:# 1. "origin" SSH urls are untested and not likely to work# 2. mirrors cloned while Gitblit is running are likely to require clearing the# gitblit cache (link on the repositories page of an administrator account)# 3. Gitblit will automatically repair any invalid fetch refspecs with a "//"# sequence.## SINCE 1.4.0# RESTART REQUIREDgit.enableMirroring = false# Specify the period between update checks for mirrored repositories.# The shortest period you may specify between mirror update checks is 5 mins.## SINCE 1.4.0# RESTART REQUIREDgit.mirrorPeriod = 30 mins# Number of bytes of a pack file to load into memory in a single read operation.# This is the "page size" of the JGit buffer cache, used for all pack access# operations. All disk IO occurs as single window reads. Setting this too large# may cause the process to load more data than is required; setting this too small# may increase the frequency of read() system calls.## Default on JGit is 8 KiB on all platforms.## Common unit suffixes of k, m, or g are supported.# Documentation courtesy of the Gerrit project.## SINCE 1.0.0# RESTART REQUIREDgit.packedGitWindowSize = 8k# Maximum number of bytes to load and cache in memory from pack files. If JGit# needs to access more than this many bytes it will unload less frequently used# windows to reclaim memory space within the process. As this buffer must be shared# with the rest of the JVM heap, it should be a fraction of the total memory available.## The JGit team recommends setting this value larger than the size of your biggest# repository. This ensures you can serve most requests from memory.## Default on JGit is 10 MiB on all platforms.## Common unit suffixes of k, m, or g are supported.# Documentation courtesy of the Gerrit project.## SINCE 1.0.0# RESTART REQUIREDgit.packedGitLimit = 10m# Maximum number of bytes to reserve for caching base objects that multiple deltafied# objects reference. By storing the entire decompressed base object in a cache Git# is able to avoid unpacking and decompressing frequently used base objects multiple times.## Default on JGit is 10 MiB on all platforms. You probably do not need to adjust# this value.## Common unit suffixes of k, m, or g are supported.# Documentation courtesy of the Gerrit project.## SINCE 1.0.0# RESTART REQUIREDgit.deltaBaseCacheLimit = 10m# Maximum number of pack files to have open at once. A pack file must be opened# in order for any of its data to be available in a cached window.## If you increase this to a larger setting you may need to also adjust the ulimit# on file descriptors for the host JVM, as Gitblit needs additional file descriptors# available for network sockets and other repository data manipulation.## Default on JGit is 128 file descriptors on all platforms.# Documentation courtesy of the Gerrit project.## SINCE 1.0.0# RESTART REQUIREDgit.packedGitOpenFiles = 128# When true, JGit will use mmap() rather than malloc()+read() to load data from# pack files. The use of mmap can be problematic on some JVMs as the garbage# collector must deduce that a memory mapped segment is no longer in use before# a call to munmap() can be made by the JVM native code.## In server applications (such as Gitblit) that need to access many pack files,# setting this to true risks artificially running out of virtual address space, # as the garbage collector cannot reclaim unused mapped spaces fast enough.## Default on JGit is false. Although potentially slower, it yields much more# predictable behavior.# Documentation courtesy of the Gerrit project.## SINCE 1.0.0# RESTART REQUIREDgit.packedGitMmap = false# Validate all received (pushed) objects are valid.## SINCE 1.5.0git.checkReceivedObjects = true# Validate all referenced but not supplied objects are reachable.## If enabled, Gitblit will verify that references to objects not contained# within the received pack are already reachable through at least one other# reference advertised to clients.## This feature is useful when Gitblit doesn‘t trust the client to not provide a# forged SHA-1 reference to an object, in an attempt to access parts of the DAG# that they aren‘t allowed to see and which have been hidden from them via the# configured AdvertiseRefsHook or RefFilter.## Enabling this feature may imply at least some, if not all, of the same functionality# performed by git.checkReceivedObjects. ## SINCE 1.5.0git.checkReferencedObjectsAreReachable = true# Set the maximum allowed Git object size.## If an object is larger than the given size the pack-parsing will throw an exception# aborting the receive-pack operation. The default value, 0, disables maximum# object size checking.## SINCE 1.5.0git.maxObjectSizeLimit = 0# Set the maximum allowed pack size.## A pack exceeding this size will be rejected. The default value, -1, disables# maximum pack size checking.## SINCE 1.5.0git.maxPackSizeLimit = -1# Use the Gitblit patch receive pack for processing contributions and tickets.# This allows the user to push a patch using the familiar Gerrit syntax:## git push <remote> HEAD:refs/for/<targetBranch>## NOTE:# This requires git.enableGitServlet = true AND it requires an authenticated# git transport connection (http/https) when pushing from a client.## Valid services include:# com.gitblit.tickets.FileTicketService# com.gitblit.tickets.BranchTicketService# com.gitblit.tickets.RedisTicketService## SINCE 1.4.0# RESTART REQUIREDtickets.service = # Globally enable or disable creation of new bug, enhancement, task, etc tickets# for all repositories.## If false, no tickets can be created through the ui for any repositories.# If true, each repository can control if they allow new tickets to be created.## NOTE:# If a repository is accepting patchsets, new proposal tickets can be created# regardless of this setting.## SINCE 1.4.0tickets.acceptNewTickets = true# Globally enable or disable pushing patchsets to all repositories.## If false, no patchsets will be accepted for any repositories.# If true, each repository can control if they accept new patchsets.## NOTE:# If a repository is accepting patchsets, new proposal tickets can be created# regardless of the acceptNewTickets setting.## SINCE 1.4.0tickets.acceptNewPatchsets = true# Default setting to control patchset merge through the web ui. If true, patchsets# must have an approval score to enable the merge button. This setting can be# overriden per-repository.## SINCE 1.4.0tickets.requireApproval = false# The case-insensitive regular expression used to identify and close tickets on# push to the integration branch for commits that are NOT already referenced as# a patchset tip.## SINCE 1.5.0tickets.closeOnPushCommitMessageRegex = (?:fixes|closes)[\\s-]+#?(\\d+)# The case-insensitive regular expression used to identify and link tickets on# push to the commits based on commit message. In the case of a patchset # self references are ignored ## SINCE 1.8.0tickets.linkOnPushCommitMessageRegex = (?:ref|task|issue|bug)?[\\s-]*#(\\d+)# Specify the location of the Lucene Ticket index## SINCE 1.4.0# RESTART REQUIREDtickets.indexFolder = ${baseFolder}/tickets/lucene# Define the url for the Redis server.## e.g. redis://localhost:6379# redis://:foobared@localhost:6379/2## SINCE 1.4.0# RESTART REQUIREDtickets.redis.url =# The number of tickets to display on a page.## SINCE 1.4.0tickets.perPage = 25# The folder where plugins are loaded from.## SINCE 1.5.0# RESTART REQUIRED# BASEFOLDERplugins.folder = ${baseFolder}/plugins# The registry of available plugins.## SINCE 1.5.0plugins.registry = http://plugins.gitblit.com/plugins.json# The HTTP proxy host for plugin manager.## SINCE 1.7.0plugins.httpProxyHost = # The HTTP proxy port for plugin manager.## SINCE 1.7.0plugins.httpProxyPort = # The HTTP proxy authorization header for plugin manager.## SINCE 1.7.0plugins.httpProxyAuthorization = # Number of threads used to handle miscellaneous tasks in the background.## SINCE 1.6.0# RESTART REQUIREDexecution.defaultThreadPoolSize = 1## Groovy Integration## Location of Groovy scripts to use for Pre and Post receive hooks.# Use forward slashes even on Windows!!# e.g. c:/groovy## RESTART REQUIRED# SINCE 0.8.0# BASEFOLDERgroovy.scriptsFolder = ${baseFolder}/groovy# Specify the directory Grape uses for downloading libraries.# http://groovy.codehaus.org/Grape## RESTART REQUIRED# SINCE 1.0.0# BASEFOLDERgroovy.grapeFolder = ${baseFolder}/groovy/grape# Scripts to execute on Pre-Receive.## These scripts execute after an incoming push has been parsed and validated# but BEFORE the changes are applied to the repository. You might reject a# push in this script based on the repository and branch the push is attempting# to change.## Script names are case-sensitive on case-sensitive file systems. You may omit# the traditional ".groovy" from this list if your file extension is ".groovy" ## NOTE:# These scripts are only executed when pushing to *Gitblit*, not to other Git# tooling you may be using. Also note that these scripts are shared between# repositories. These are NOT repository-specific scripts! Within the script# you may customize the control-flow for a specific repository by checking the# *repository* variable.## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 0.8.0groovy.preReceiveScripts =# Scripts to execute on Post-Receive.## These scripts execute AFTER an incoming push has been applied to a repository.# You might trigger a continuous-integration build here or send a notification.## Script names are case-sensitive on case-sensitive file systems. You may omit# the traditional ".groovy" from this list if your file extension is ".groovy" ## NOTE:# These scripts are only executed when pushing to *Gitblit*, not to other Git# tooling you may be using. Also note that these scripts are shared between# repositories. These are NOT repository-specific scripts! Within the script# you may customize the control-flow for a specific repository by checking the# *repository* variable.# # SPACE-DELIMITED# CASE-SENSITIVE# SINCE 0.8.0groovy.postReceiveScripts =# Repository custom fields for Groovy Hook mechanism## List of key=label pairs of custom fields to prompt for in the Edit Repository# page. These keys are stored in the repository‘s git config file in the # section [gitblit "customFields"]. Key names are alphanumeric only. These# fields are intended to be used for the Groovy hook mechanism where a script# can adjust it‘s execution based on the custom fields stored in the repository# config.## e.g. "commitMsgRegex=Commit Message Regular Expression" anotherProperty=Another## SPACE-DELIMITED# SINCE 1.0.0groovy.customFields = ## Fanout Settings## Fanout is a PubSub notification service that can be used by Sparkleshare# to eliminate repository change polling. The fanout service runs in a separate# thread on a separate port from the Gitblit http/https application.# This service is provided so that Sparkleshare may be used with Gitblit in# firewalled environments or where reliance on Sparkleshare‘s default notifications# server (notifications.sparkleshare.org) is unwanted.## This service maintains an open socket connection from the client to the# Fanout PubSub service. This service may not work properly behind a proxy server. # Specify the interface for Fanout to bind it‘s service.# You may specify an ip or an empty value to bind to all interfaces.# Specifying localhost will result in Gitblit ONLY listening to requests to# localhost.## SINCE 1.2.1# RESTART REQUIREDfanout.bindInterface = # port for serving the Fanout PubSub service. <= 0 disables this service.# On Unix/Linux systems, ports < 1024 require root permissions.# Recommended value: 17000## SINCE 1.2.1# RESTART REQUIREDfanout.port = 0# Use Fanout NIO service. If false, a multi-threaded socket service will be used.# Be advised, the socket implementation spawns a thread per connection plus the# connection acceptor thread. The NIO implementation is completely single-threaded.## SINCE 1.2.1# RESTART REQUIREDfanout.useNio = true# Concurrent connection limit. <= 0 disables concurrent connection throttling.# If > 0, only the specified number of concurrent connections will be allowed# and all other connections will be rejected.## SINCE 1.2.1# RESTART REQUIREDfanout.connectionLimit = 0## Authentication Settings## Require authentication to see everything but the admin pages## SINCE 0.5.0# RESTART REQUIREDweb.authenticateViewPages = false# If web.authenticateViewPages=true you may optionally require a client-side# basic authentication prompt instead of the standard form-based login. ## SINCE 1.3.0web.enforceHttpBasicAuthentication = false# Require admin authentication for the admin functions and pages## SINCE 0.5.0# RESTART REQUIREDweb.authenticateAdminPages = true# Allow Gitblit to store a cookie in the user‘s browser for automatic# authentication. The cookie is generated by the user service.## SINCE 0.5.0web.allowCookieAuthentication = true# Allow deletion of non-empty repositories. This is enforced for all delete vectors.## SINCE 1.6.0web.allowDeletingNonEmptyRepositories = true# Setting to include personal repositories in the main repositories list.## SINCE 1.6.0web.includePersonalRepositories = false# Config file for storing project metadata## SINCE 1.2.0# BASEFOLDERweb.projectsFile = ${baseFolder}/projects.conf# Defines the tab length for all blob views## SINCE 1.7.0web.tabLength = 4# Either the full path to a user config file (users.conf)# OR a fully qualified class name that implements the IUserService interface.## Any custom user service implementation must have a public default constructor.## SINCE 0.5.0# RESTART REQUIRED# BASEFOLDERrealm.userService = ${baseFolder}/users.conf# Ordered list of external authentication providers which will be used if# authentication against the local user service fails.## Valid providers are:## htpasswd# httpheader# ldap# pam# redmine# salesforce# windows# e.g. realm.authenticationProviders = htpasswd windows## SINCE 1.4.0# RESTART REQUIRED# SPACE-DELIMITEDrealm.authenticationProviders = ldap# How to store passwords.# Valid values are plain, md5, or combined-md5. md5 is the hash of password.# combined-md5 is the hash of username.toLowerCase()+password.# Default is md5.## SINCE 0.5.0 realm.passwordStorage = md5# Minimum valid length for a plain text password.# Default value is 5. Absolute minimum is 4.## SINCE 0.5.0 realm.minPasswordLength = 5## Gitblit Web Settings## If blank Gitblit is displayed.## SINCE 0.5.0web.siteName =# The canonical url of your Gitblit server to be used in repository url generation,# RSS feeds, and all embedded links in email and plugin-based notifications.## If you are running Gitblit on a non-standard http port (i.e. not 80 and not 443)# then you must specify that port in this url otherwise your generated urls will be# incorrect.## The hostname of this url will be extracted for SSH and GIT protocol repository# url generation.## e.g. web.canonicalUrl = https://dev.gitblit.com# web.canonicalUrl = https://dev.gitblit.com:8443## SINCE 1.4.0web.canonicalUrl = # You may specify a different logo image for the header but it must be 120x45px.# If the specified file does not exist, the default Gitblit logo will be used.## SINCE 1.3.0# BASEFOLDERweb.headerLogo = ${baseFolder}/logo.png# You may specify a different link URL for the logo image anchor.# If blank the Gitblit main page URL is used.## SINCE 1.3.0# BASEFOLDERweb.rootLink =# You may specify a custom header background CSS color. If unspecified, the# default color will be used.## e.g. web.headerBackgroundColor = #002060## SINCE 1.3.0web.headerBackgroundColor =# You may specify a custom header foreground CSS color. If unspecified, the# default color will be used.## e.g. web.headerForegroundColor = white## SINCE 1.3.0web.headerForegroundColor =# You may specify a custom header foreground hover CSS color. If unspecified, the# default color will be used.## e.g. web.headerHoverColor = white## SINCE 1.3.0web.headerHoverColor =# You may specify a custom header border CSS color. If unspecified, the default# color will be used.## e.g. web.headerBorderColor = #002060## SINCE 1.3.0web.headerBorderColor =# You may specify a custom header border CSS color. If unspecified, the default# color will be used.## e.g. web.headerBorderFocusColor = #ff9900## SINCE 1.3.0web.headerBorderFocusColor =# If *web.authenticateAdminPages*=true, users with "admin" role can create# repositories, create users, and edit repository metadata.## If *web.authenticateAdminPages*=false, any user can execute the aforementioned# functions. ## SINCE 0.5.0 web.allowAdministration = true# Setting to disable rendering the top-level navigation header which includes# the login form, top-level links like dashboard, repositories, search, etc.# This setting is only useful if you plan to embed Gitblit within another page# or system.## SINCE 1.4.0web.hideHeader = false# Allows rpc clients to list repositories and possibly manage or administer the # Gitblit server, if the authenticated account has administrator permissions.# See *web.enableRpcManagement* and *web.enableRpcAdministration*.## SINCE 0.7.0 web.enableRpcServlet = true# Allows rpc clients to manage repositories and users of the Gitblit instance,# if the authenticated account has administrator permissions.# Requires *web.enableRpcServlet=true*.## SINCE 0.7.0 web.enableRpcManagement = false# Allows rpc clients to control the server settings and monitor the health of this# this Gitblit instance, if the authenticated account has administrator permissions.# Requires *web.enableRpcServlet=true* and *web.enableRpcManagement*.## SINCE 0.7.0 web.enableRpcAdministration = false# Full path to a configurable robots.txt file. With this file you can control# what parts of your Gitblit server respectable robots are allowed to traverse.# http://googlewebmastercentral.blogspot.com/2008/06/improving-on-robots-exclusion-protocol.html## SINCE 1.0.0# BASEFOLDERweb.robots.txt = ${baseFolder}/robots.txt# The number of minutes to cache a page in the browser since the last request.# The default value is 0 minutes. A value <= 0 disables all page caching which# is the default behavior for Gitblit <= 1.3.0.## SINCE 1.3.1web.pageCacheExpires = 0# If true, the web ui layout will respond and adapt to the browser‘s dimensions.# if false, the web ui will use a 940px fixed-width layout.# http://twitter.github.com/bootstrap/scaffolding.html#responsive## SINCE 1.0.0web.useResponsiveLayout = true# Allow Gravatar images to be displayed in Gitblit pages.## SINCE 0.8.0web.allowGravatar = true# Define which class will generate the avatar URL.## SINCE 1.7.0web.avatarClass = com.gitblit.GravatarGenerator# Allow dynamic zip downloads.## SINCE 0.5.0 web.allowZipDownloads = true# If *web.allowZipDownloads=true* the following formats will be displayed for# download compressed archive links:## zip = standard .zip# tar = standard tar format (preserves *nix permissions and symlinks)# gz = gz-compressed tar# xz = xz-compressed tar# bzip2 = bzip2-compressed tar## SPACE-DELIMITED# SINCE 1.2.0web.compressedDownloads = zip gz# Allow optional Lucene integration. Lucene indexing is an opt-in feature.# A repository may specify branches to index with Lucene instead of using Git# commit traversal. There are scenarios where you may want to completely disable# Lucene indexing despite a repository specifying indexed branches. One such# scenario is on a resource-constrained federated Gitblit mirror.## SINCE 0.9.0web.allowLuceneIndexing = true# Control the frequency of Lucene repository indexing.# The default setting is to check for updated refs every 2 mins.## SINCE 1.6.1web.luceneFrequency = 2 mins# Allows an authenticated user to create forks of a repository## set this to false if you want to disable all fork controls on the web site#web.allowForking = true# Controls the length of shortened commit hash ids## SINCE 1.2.0web.shortCommitIdLength = 6# Use Clippy (Flash solution) to provide a copy-to-clipboard button.# If false, a button with a more primitive JavaScript-based prompt box will# offer a 3-step (click, ctrl+c, enter) copy-to-clipboard alternative.## SINCE 0.8.0web.allowFlashCopyToClipboard = true# Default maximum number of commits that a repository may contribute to the# activity page, regardless of the selected duration. This setting may be valuable# for an extremely busy server. This value may also be configed per-repository# in Edit Repository. 0 disables this throttle.## SINCE 1.2.0web.maxActivityCommits = 0# Default number of entries to include in RSS Syndication links## SINCE 0.5.0web.syndicationEntries = 25# Show the size of each repository on the repositories page.# This requires recursive traversal of each repository folder. This may be# non-performant on some operating systems and/or filesystems. ## SINCE 0.5.2web.showRepositorySizes = true# List of custom regex expressions that can be displayed in the Filters menu# of the Repositories and Activity pages. Keep them very simple because you# are likely to run into encoding issues if they are too complex.## Use !!! to separate the filters ## SINCE 0.8.0web.customFilters =# Show federation registrations (without token) and the current pull status# to non-administrator users. ## SINCE 0.6.0web.showFederationRegistrations = false# This is the message displayed when *web.authenticateViewPages=true*.# This can point to a file with Markdown content.# Specifying "gitblit" uses the internal login message.## SINCE 0.7.0# BASEFOLDERweb.loginMessage = gitblit# This is the message displayed above the repositories table.# This can point to a file with Markdown content.# Specifying "gitblit" uses the internal welcome message.## SINCE 0.5.0# BASEFOLDERweb.repositoriesMessage = gitblit# Ordered list of charsets/encodings to use when trying to display a blob.# If empty, UTF-8 and ISO-8859-1 are used. The server‘s default charset# is always appended to the encoding list. If all encodings fail to cleanly# decode the blob content, UTF-8 will be used with the standard malformed# input/unmappable character replacement strings.# # SPACE-DELIMITED# SINCE 1.0.0web.blobEncodings = UTF-8 ISO-8859-1# Manually set the default timezone to be used by Gitblit for display in the # web ui. This value is independent of the JVM timezone. Specifying a blank# value will default to the JVM timezone.# e.g. America/New_York, US/Pacific, UTC, Europe/Berlin## SINCE 0.9.0# RESTART REQUIREDweb.timezone =# Use the client timezone when formatting dates.# This uses AJAX to determine the browser‘s timezone and may require more# server overhead because a Wicket session is created. All Gitblit pages# attempt to be stateless, if possible.## SINCE 0.5.0# RESTART REQUIREDweb.useClientTimezone = false# Time format# <http://download.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html>## SINCE 0.8.0web.timeFormat = HH:mm# Short date format# <http://download.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html>## SINCE 0.5.0web.datestampShortFormat = yyyy-MM-dd# Long date format## SINCE 0.8.0web.datestampLongFormat = EEEE, MMMM d, yyyy# Long timestamp format# <http://download.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html>## SINCE 0.5.0web.datetimestampLongFormat = EEEE, MMMM d, yyyy HH:mm Z# Mount URL parameters# This setting controls if pretty or parameter URLs are used.# i.e.# if true:# http://localhost/commit/myrepo/abcdef# if false:# http://localhost/commit/?r=myrepo&h=abcdef## SINCE 0.5.0# RESTART REQUIREDweb.mountParameters = true# Some servlet containers (e.g. Tomcat >= 6.0.10) disallow ‘/‘ (%2F) encoding# in URLs as a security precaution for proxies. This setting tells Gitblit# to preemptively replace ‘/‘ with ‘*‘ or ‘!‘ for url string parameters.## <https://issues.apache.org/jira/browse/WICKET-1303># <http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10># Add *-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true* to your# *CATALINA_OPTS* or to your JVM launch parameters## SINCE 0.5.2web.forwardSlashCharacter = /# Show other URLs on the summary page for accessing your git repositories# Use spaces to separate urls.## {0} is the token for the repository name# {1} is the token for the username## The username is only practical if you have setup your other git serving# solutions accounts to have the same username as the Gitblit account.## e.g.# web.otherUrls = ssh://localhost/git/{0} git://localhost/git/{0} https://{1}@localhost/r/{0}## SPACE-DELIMITED# SINCE 0.5.0web.otherUrls = # Should HTTP/HTTPS URLs be displayed if the git servlet is enabled?# default: true## SINCE 1.7.0web.showHttpServletUrls = true# Should git URLs be displayed if the git daemon is enabled?# default: true## SINCE 1.7.0web.showGitDaemonUrls = true# Should SSH URLs be displayed if the SSH daemon is enabled?# default: true## SINCE 1.7.0web.showSshDaemonUrls = true# Should effective permissions be advertised for access paths defined in web.otherUrls?# If false, gitblit will indicate unknown permissions for the external link. If true,# gitblit will indicate permissions as defined within gitblit (including limiting to clone# permission is the transport type is not a valid push mechaism in git.acceptedPushTransports).## Configure with caution: Note that gitblit has no way of knowing if further restrictions# are imposed by an external forwarding agent, so this may cause user confusion due to# more rights being advertised than are available through the URL. It will NOT grant# additional rights, but may incorrectly offer actions that are unavailable externally.# default: false## SINCE 1.7.0web.advertiseAccessPermissionForOtherUrls = false# Should app-specific clone links be displayed for SourceTree, SparkleShare, etc?## SINCE 1.3.0web.allowAppCloneLinks = true# Choose how to present the repositories list.# grouped = group nested/subfolder repositories together (no sorting)# flat = flat list of repositories (sorting allowed)## SINCE 0.5.0web.repositoryListType = grouped# If using a grouped repository list and there are repositories at the# root level of your repositories folder, you may specify the displayed# group name with this setting. This value is only used for web presentation.## SINCE 0.5.0web.repositoryRootGroupName = main# Display the repository swatch color next to the repository name link in the # repositories list. ## SINCE 0.8.0web.repositoryListSwatches = true# Defines the default commit message renderer. This can be configured# per-repository.## Valid values are: plain, markdown## SINCE 1.4.0web.commitMessageRenderer = plain# Control if email addresses are shown in web ui## SINCE 0.5.0web.showEmailAddresses = true# Shows a combobox in the page links header with commit, committer, and author# search selection. Default search is commit.## SINCE 0.5.0web.showSearchTypeSelection = false# Controls display of activity graphs on the dashboard, activity, and summary# pages. Charts are generated using Flotr2; an open source HTML5 library.## SINCE 0.5.0 web.generateActivityGraph = true# Displays the commits branch graph in the summary page and commits/log page.## SINCE 1.4.0web.showBranchGraph = true# The default number of days to show on the activity page.# Value must exceed 0 else default of 7 is used## SINCE 0.8.0web.activityDuration = 7# Choices for days of activity to display.## SPACE-DELIMITED# SINCE 1.3.0web.activityDurationChoices = 1 3 7 14 21 28# Maximum number of days of activity that may be displayed on the activity page.## SINCE 1.3.2web.activityDurationMaximum = 30# The number of days of commits to cache in memory for the dashboard, activity,# and project pages. A value of 0 will disable all caching and will parse commits# in each repository per-request. If the value > 0 these pages will try to fulfill# requests using the commit cache. If the request specifies a period which falls# outside the commit cache window, then the cache will be ignored and the request# will be fulfilled by brute-force parsing all relevant commits per-repository.## Consider the values specified for *web.activityDurationChoices* when setting# the cache size AND consider adjusting the JVM -Xmx heap parameter appropriately.## SINCE 1.3.0# RESTART REQUIREDweb.activityCacheDays = 14# Case-insensitive list of authors to exclude from metrics. Useful for# eliminating bots.## SPACE-DELIMITED# SINCE 1.3.0web.metricAuthorExclusions =# The number of commits to display on the summary page# Value must exceed 0 else default of 20 is used## SINCE 0.5.0web.summaryCommitCount = 16# The number of tags/branches to display on the summary page.# -1 = all tags/branches# 0 = hide tags/branches# N = N tags/branches## SINCE 0.5.0web.summaryRefsCount = 5# Show a README file, if available, on the summary page.## SINCE 1.4.0web.summaryShowReadme = false# The number of items to show on a page before showing the first, prev, next# pagination links. A default of 50 is used for any invalid value.## SINCE 0.5.0web.itemsPerPage = 50# The number of reflog changes to display on the overview page# Value must exceed 0 else default of 5 is used## SINCE 1.3.0web.overviewReflogCount = 5# The number of reflog changes to show on a reflog page before show the first,# prev, next pagination links. A default of 10 is used for any invalid value.## SINCE 1.3.0web.reflogChangesPerPage = 10# Specify the names of documents in the root of your repository to be displayed# in tabs on your repository docs page. If the name is not found in the root# then no tab is added. The order specified is the order displayed. Do not# specify a file extension as the aggregation of markup extensions + txt are used# in the search algorithm.## SPACE-DELIMITED# SINCE 1.4.0web.documents = readme home index changelog contributing submitting_patches copying license notice authors# Registered file extensions to ignore during Lucene indexing## SPACE-DELIMITED# SINCE 0.9.0web.luceneIgnoreExtensions = 7z arc arj bin bmp dll doc docx exe gif gz jar jpg lib lzh odg odf odt pdf ppt pptx png so swf tar xcf xls xlsx zip# Registered extensions for google-code-prettify## SPACE-DELIMITED# SINCE 0.5.0web.prettyPrintExtensions = aea agc basic bat c cbm cl clj cmd cpp cs css dart el erl erlang frm fs go groovy h hpp hs htm html java js latex lisp ll llvm lsp lua ml moxie mumps n nemerle pascal php pl pm prefs properties proto py r R rb rd Rd rkt s S scala scm sh Splus sql ss tcl tex vb vbs vhd vhdl wiki xml xq xquery yaml yml ymlapollo# Registered extensions for markdown transformation## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 0.5.0web.markdownExtensions = md mkd markdown MD MKD# Registered extensions for mediawiki transformation## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 1.4.0web.mediawikiExtensions = mw mediawiki# Registered extensions for twiki transformation## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 1.4.0web.twikiExtensions = twiki# Registered extensions for textile transformation## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 1.4.0web.textileExtensions = textile# Registered extensions for confluence transformation## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 1.4.0web.confluenceExtensions = confluence# Registered extensions for tracwiki transformation## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 1.4.0web.tracwikiExtensions = tracwiki# Image extensions## SPACE-DELIMITED# SINCE 0.5.0web.imageExtensions = bmp ico gif jpg jpeg png svg# Registered extensions for binary blobs## SPACE-DELIMITED# SINCE 0.5.0web.binaryExtensions = 7z arc arj bin dll doc docx exe gz jar lib lzh odg odf odt pdf ppt pptx so tar xls xlsx zip# Aggressive heap management will run the garbage collector on every generated# page. This slows down page generation a little but improves heap consumption. ## SINCE 0.5.0web.aggressiveHeapManagement = false# Run the webapp in debug mode## SINCE 0.5.0# RESTART REQUIREDweb.debugMode = false# Allows to hide the user logon form or dropdown menu from the top pane # if it‘s not needed.## SINCE 1.7.0web.displayUserPanel = true# Force a default locale for all users, ignoring the browser‘s settings.# An empty value allows Gitblit to use the translation preferred by the browser.## Changing this value while the server is running will only affect new sessions.## e.g. web.forceDefaultLocale = en## SINCE 1.3.0web.forceDefaultLocale = # The following two settings serve to avoid browser overload when trying to# render very large diffs. Both limits apply to commitdiffs, not to single-file# diffs.# Maximum number of diff lines to display for a single file diff in a commitdiff.# Defaults to 4000; can be adjusted in the range [500 .. 4000]. Smaller values# set the limit to 500, larger values to 4000. The count includes context lines# in the diff.# # If a file diff in a commitdiff produces more lines, the diff for that file is# not shown in the commitdiff.## SINCE 1.7.0web.maxDiffLinesPerFile = 4000# Total maximum number of diff lines to show in a commitdiff. Defaults to 20000;# can be adjusted in the range [1000 .. 20000]. Smaller values set the limit to# 1000, larger values to 20000. The count includes context lines in diffs.## If a commitdiff produces more lines, it is truncated after the first file# that exceeds the limit. Diffs for subsequent files in the commit are not shown# at all in the commitdiff. Omitted files are listed, though.## SINCE 1.7.0web.maxDiffLines = 20000# Enable/disable global regex substitutions (i.e. shared across repositories)## SINCE 0.5.0# DEPRECATED 1.4.0 (migrate to bugtraq instead)regex.global = true# Example global regex substitutions# Use !!! to separate the search pattern and the replace pattern# searchpattern!!!replacepattern# SINCE 0.5.0# regex.global.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: <a href="http://somehost/bug/$3">$3</a># SINCE 0.5.0# Example Gerrit links# regex.global.changeid = \\b(Change-Id:\\s*)([A-Za-z0-9]*)\\b!!!Change-Id: <a href="http://somehost/r/#q,$2,n,z">$2</a># regex.global.reviewedon = \\b(Reviewed-on:\\s*)([A-Za-z0-9:/\\.]*)\\b!!!Reviewed-on: <a href="http://www.mamicode.com/$2">$2</a># Example per-repository regex substitutions overrides global# SINCE 0.5.0# regex.myrepository.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: <a href="http://elsewhere/bug/$3">$3</a>## Mail Settings# SINCE 0.6.0## Mail settings are used to notify administrators of received federation proposals## ip or hostname of smtp server## SINCE 0.6.0mail.server =# port to use for smtp requests## SINCE 0.6.0mail.port = 25# debug the mail executor## SINCE 0.6.0mail.debug = false# use SMTPs flagmail.smtps = false# use STARTTLS flag## SINCE 1.6.0mail.starttls = false# if your smtp server requires authentication, supply the credentials here## SINCE 0.6.0mail.username =# SINCE 0.6.0mail.password =# from address for generated emails## SINCE 0.6.0mail.fromAddress = # List of email addresses for the Gitblit administrators## SPACE-DELIMITED# SINCE 0.6.0mail.adminAddresses = # List of email addresses for sending push email notifications.## This key currently requires use of the sendemail.groovy hook script.# If you set sendemail.groovy in *groovy.postReceiveScripts* then email# notifications for all repositories (regardless of access restrictions!)# will be sent to these addresses.## SPACE-DELIMITED# SINCE 0.8.0mail.mailingLists =## Federation Settings# SINCE 0.6.0## A Gitblit federation is a way to backup one Gitblit instance to another.## *git.enableGitServlet* must be true to use this feature.# Your federation name is used for federation status acknowledgments. If it is# unset, and you elect to send a status acknowledgment, your Gitblit instance# will be identified by its hostname, if available, else your internal ip address.# The source Gitblit instance will also append your external IP address to your# identification to differentiate multiple pulling systems behind a single proxy.## SINCE 0.6.0federation.name =# Specify the passphrase of this Gitblit instance.## An unspecified (empty) passphrase disables processing federation requests.## This value can be anything you want: an integer, a sentence, an haiku, etc.# Keep the value simple, though, to avoid Java properties file encoding issues.## Changing your passphrase will break any registrations you have established with other# Gitblit instances.## CASE-SENSITIVE# SINCE 0.6.0# RESTART REQUIRED *(only to enable or disable federation)*federation.passphrase =# Control whether or not this Gitblit instance can receive federation proposals# from another Gitblit instance. Registering a federated Gitblit is a manual# process. Proposals help to simplify that process by allowing a remote Gitblit# instance to send your Gitblit instance the federation pull data.## SINCE 0.6.0federation.allowProposals = false# The destination folder for cached federation proposals.# Use forward slashes even on Windows!!## SINCE 0.6.0# BASEFOLDERfederation.proposalsFolder = ${baseFolder}/proposals# The default pull frequency if frequency is unspecified on a registration## SINCE 0.6.0federation.defaultFrequency = 60 mins# Federation Sets are named groups of repositories. The Federation Sets are # available for selection in the repository settings page. You can assign a# repository to one or more sets and then distribute the token for the set.# This allows you to grant federation pull access to a subset of your available# repositories. Tokens for federation sets only grant repository pull access.## SPACE-DELIMITED# CASE-SENSITIVE# SINCE 0.6.0federation.sets = # Federation pull registrations# Registrations are read once, at startup.## RESTART REQUIRED## frequency:# The shortest frequency allowed is every 5 minutes# Decimal frequency values are cast to integers# Frequency values may be specified in mins, hours, or days# Values that can not be parsed or are unspecified default to *federation.defaultFrequency*## folder:# if unspecified, the folder is *git.repositoriesFolder*# if specified, the folder is relative to *git.repositoriesFolder*## bare:# if true, each repository will be created as a *bare* repository and will not# have a working directory.## if false, each repository will be created as a normal repository suitable# for local work.## mirror:# if true, each repository HEAD is reset to *origin/master* after each pull.# The repository will be flagged *isFrozen* after the initial clone.## if false, each repository HEAD will point to the FETCH_HEAD of the initial# clone from the origin until pushed to or otherwise manipulated.## mergeAccounts:# if true, remote accounts and their permissions are merged into your # users.properties file ## notifyOnError:# if true and the mail configuration is properly set, administrators will be# notified by email of pull failures## include and exclude:# Space-delimited list of repositories to include or exclude from pull# may be * wildcard to include or exclude all# may use fuzzy match (e.g. org.eclipse.*)## (Nearly) Perfect Mirror example##federation.example1.url = https://go.gitblit.com#federation.example1.token = 6f3b8a24bf970f17289b234284c94f43eb42f0e4#federation.example1.frequency = 120 mins#federation.example1.folder =#federation.example1.bare = true #federation.example1.mirror = true #federation.example1.mergeAccounts = true## Advanced Realm Settings## Auto-creates user accounts based on the servlet container principal. This# assumes that your Gitblit install is a protected resource and your container‘s# authentication process intercepts all Gitblit requests.## SINCE 1.3.0realm.container.autoCreateAccounts = false# A set of mapping used to map HTTP session attributes to user informations# They are used if realm.container.autoCreateAccounts is set to true and# the webapp container used can fill the session with user informations## SINCE 1.7.0realm.container.autoAccounts.displayName = realm.container.autoAccounts.emailAddress = realm.container.autoAccounts.locale = # If the user‘s created by the webapp container is given this role,# the user created will be a admin user.## SINCE 1.7.0realm.container.autoAccounts.adminRole = # Allow or prohibit Windows guest account logins## SINCE 1.3.0realm.windows.allowGuests = false# Allow user accounts belonging to the BUILTIN\Administrators group to be# Gitblit administrators.## SINCE 1.4.0realm.windows.permitBuiltInAdministrators = true# The default domain for authentication.## If specified, this domain will be used for authentication UNLESS the supplied# login name manually specifies a domain (.e.g. mydomain\james or james@mydomain)## If unspecified, the username must be specified in UPN format (name@domain).## if "." (dot) is specified, ONLY the local account database will be used.## SINCE 1.3.0realm.windows.defaultDomain =# The PAM service name for authentication.# default: system-auth## SINCE 1.3.1realm.pam.serviceName = system-auth# The Apache htpasswd file that contains the users and passwords.# default: ${baseFolder}/htpasswd## RESTART REQUIRED# BASEFOLDER# SINCE 1.3.2realm.htpasswd.userfile = ${baseFolder}/htpasswd# The name of the HTTP header containing the user name to trust as authenticated# default: none## WARNING: only use this mechanism if your requests are coming from a trusted# and secure source such as a self managed reverse proxy!## RESTART REQUIRED# SINCE 1.7.2realm.httpheader.userheader =# The name of the HTTP header containing the team names of which the user is a member.# If this is defined, then only groups from the headers will be available, whereas# if this remains undefined, then local groups will be used.## This setting requires that you have configured realm.httpheader.userheader.## default: none## RESTART REQUIRED# SINCE 1.7.2realm.httpheader.teamheader =# The regular expression pattern used to separate team names in the team header value# default: ,## This setting requires that you have configured realm.httpheader.teamheader## RESTART REQUIRED# SINCE 1.7.2realm.httpheader.teamseparator = ,# Auto-creates user accounts when successfully authenticated based on HTTP headers.## SINCE 1.7.2realm.httpheader.autoCreateAccounts = false# Restrict the Salesforce user to members of this org.# default: 0 (i.e. do not check the Org ID)## SINCE 1.3.0realm.salesforce.orgId = 0# URL of the LDAP server.# To use encrypted transport, use either ldaps:// URL for SSL or ldap+tls:// to# send StartTLS command.## SINCE 1.0.0realm.ldap.server = ldap://172.30.96.32:389# Login username for LDAP searches.# If this value is unspecified, anonymous LDAP login will be used.# # e.g. mydomain\\username## SINCE 1.0.0realm.ldap.username = icccuat\\uatww990393# Login password for LDAP searches.## SINCE 1.0.0realm.ldap.password = PFwwj2017-# Bind pattern for Authentication.# Allow to directly authenticate an user without LDAP Searches.# # e.g. CN=icccuat\\uatww990393,OU=Users,OU=UserControl,OU=MyOrganization,DC=ICCCUAT## SINCE 1.5.0realm.ldap.bindpattern = # Delegate team membership control to LDAP.## If true, team user memberships will be specified by LDAP groups. This will# disable team selection in Edit User and user selection in Edit Team.## If false, LDAP will only be used for authentication and Gitblit will maintain# team memberships with the *realm.ldap.backingUserService*.## SINCE 1.0.0realm.ldap.maintainTeams = false# Root node for all LDAP users## This is the root node from which subtree user searches will begin.# If blank, Gitblit will search ALL nodes.## SINCE 1.0.0realm.ldap.accountBase = DC=icccuat,DC=com# Filter criteria for LDAP users## Query pattern to use when searching for a user account. This may be any valid # LDAP query expression, including the standard (&) and (|) operators.## Variables may be injected via the ${variableName} syntax.# Recognized variables are:# icccuat\\uatww990393 - The text entered as the user name## SINCE 1.0.0realm.ldap.accountPattern = (&(objectClass=person)(sAMAccountName=${username}))#realm.ldap.accountPattern = (&(objectClass=user)(sAMAccountName=${username}))# Root node for all LDAP groups to be used as Gitblit Teams## This is the root node from which subtree team searches will begin.# If blank, Gitblit will search ALL nodes. ## SINCE 1.0.0realm.ldap.groupBase = OU=Groups,OU=UserControl,OU=信用卡中心,DC=ICCCUAT# Filter criteria for LDAP groups## Query pattern to use when searching for a team. This may be any valid # LDAP query expression, including the standard (&) and (|) operators.## Variables may be injected via the ${variableName} syntax.# Recognized variables are:# icccuat\\uatww990393 - The text entered as the user name# ${dn} - The Distinguished Name of the user logged in## All attributes from the LDAP User record are available. For example, if a user# has an attribute "fullName" set to "John", "(fn=${fullName})" will be # translated to "(fn=John)".## SINCE 1.0.0realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))# Filter criteria for empty LDAP groups## Query pattern to use when searching for an empty team. This may be any valid # LDAP query expression, including the standard (&) and (|) operators.## default: (&(objectClass=group)(!(member=*)))# SINCE 1.4.0realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(member=*)))# LDAP users or groups that should be given administrator privileges.## Teams are specified with a leading ‘@‘ character. Groups with spaces in the# name can be entered as "@team name". This setting only applies when using# LDAP to maintain team memberships.## e.g. realm.ldap.admins = john @git_admins "@git admins"## SPACE-DELIMITED# SINCE 1.0.0realm.ldap.admins = @Git_Admins# Attribute(s) on the USER record that indicate their display (or full) name.# Leave blank for no mapping available in LDAP.## This may be a single attribute, or a string of multiple attributes. Examples:# displayName - Uses the attribute ‘displayName‘ on the user record# ${personalTitle}. ${givenName} ${surname} - Will concatenate the 3 # attributes together, with a ‘.‘ after personalTitle## SINCE 1.0.0realm.ldap.displayName = displayName# Attribute(s) on the USER record that indicate their email address.# Leave blank for no mapping available in LDAP.## This may be a single attribute, or a string of multiple attributes. Examples:# email - Uses the attribute ‘email‘ on the user record# ${givenName}.${surname}@gitblit.com -Will concatenate the 2 attributes# together with a ‘.‘ and ‘@‘ creating something like first.last@gitblit.com ## SINCE 1.0.0realm.ldap.email = email# Attribute on the USER record that indicate their username to be used in gitblit# when synchronizing users from LDAP# if blank, Gitblit will use uid# For MS Active Directory this may be sAMAccountName## SINCE 1.0.0realm.ldap.uid = uid# Defines whether to synchronize all LDAP users and teams into the user service## Valid values: true, false# If left blank, false is assumed## SINCE 1.4.0realm.ldap.synchronize = true# Defines the period to be used when synchronizing users and teams from ldap.## Must be of the form ‘<long> <TimeUnit>‘ where <TimeUnit> is one of ‘MILLISECONDS‘, ‘SECONDS‘, ‘MINUTES‘, ‘HOURS‘, ‘DAYS‘ # default: 5 MINUTES## RESTART REQUIRED# SINCE 1.4.0realm.ldap.syncPeriod = 5 MINUTES# Defines whether to delete non-existent LDAP users from the user service# during synchronization. depends on realm.ldap.synchronize = true## Valid values: true, false# If left blank, true is assumed## SINCE 1.4.0realm.ldap.removeDeletedUsers = true# URL of the Redmine.## SINCE 1.2.0realm.redmine.url = http://172.30.71.130:10101/redmine## Gitblit GO Server Settings# The following settings only affect the integrated GO variant.## The temporary folder to decompress the embedded gitblit webapp. ## SINCE 0.5.0# RESTART REQUIRED# BASEFOLDERserver.tempFolder = ${baseFolder}/temp# Specify the maximum number of concurrent http/https Jetty worker# threads to allow. This setting does not affect other threaded# daemons and components of Gitblit.## SINCE 1.3.0# RESTART REQUIREDserver.threadPoolSize = 50# Context path for the GO application. You might want to change the context# path if running Gitblit behind a proxy layer such as mod_proxy.## SINCE 0.7.0# RESTART REQUIREDserver.contextPath = /# Standard http port to serve. <= 0 disables this connector.# On Unix/Linux systems, ports < 1024 require root permissions.# Recommended value: 80 or 8080## SINCE 0.5.0# RESTART REQUIREDserver.httpPort = 10101# Secure/SSL https port to serve. <= 0 disables this connector.# On Unix/Linux systems, ports < 1024 require root permissions.# Recommended value: 443 or 8443## SINCE 0.5.0# RESTART REQUIREDserver.httpsPort = 8443# Automatically redirect http requests to the secure https connector.## This setting requires that you have configured server.httpPort and server.httpsPort.# Unless you are on a private LAN where you trust all client connections, it is# recommended to use https for all communications.## SINCE 1.4.0# RESTART REQUIREDserver.redirectToHttpsPort = false# Specify the interface for Jetty to bind the standard connector.# You may specify an ip or an empty value to bind to all interfaces.# Specifying localhost will result in Gitblit ONLY listening to requests to# localhost.## SINCE 0.5.0# RESTART REQUIREDserver.httpBindInterface = 0.0.0.0# Specify the interface for Jetty to bind the secure connector.# You may specify an ip or an empty value to bind to all interfaces.# Specifying localhost will result in Gitblit ONLY listening to requests to# localhost.## SINCE 0.5.0# RESTART REQUIREDserver.httpsBindInterface =0.0.0.0# Alias of certificate to use for https/SSL serving. If blank the first# certificate found in the keystore will be used. ## SINCE 1.2.0# RESTART REQUIREDserver.certificateAlias = 0.0.0.0# Password for SSL keystore.# Keystore password and certificate password must match.# This is provided for convenience, its probably more secure to set this value# using the --storePassword command line parameter.## If you are using the official JRE or JDK from Oracle you may not have the# JCE Unlimited Strength Jurisdiction Policy files bundled with your JVM. Because# of this, your store/key password can not exceed 7 characters. If you require# longer passwords you may need to install the JCE Unlimited Strength Jurisdiction# Policy files from Oracle.## http://www.oracle.com/technetwork/java/javase/downloads/index.html## Gitblit and the Gitblit Certificate Authority will both indicate if Unlimited# Strength encryption is available.## SINCE 0.5.0# RESTART REQUIREDserver.storePassword = gitblit# If serving over https (recommended) you might consider requiring clients to# authenticate with ssl certificates. If enabled, only https clients with the# a valid client certificate will be able to access Gitblit.## If disabled, client certificate authentication is optional and will be tried# first before falling-back to form authentication or basic authentication.## Requiring client certificates to access any of Gitblit may be too extreme,# consider this carefully.## SINCE 1.2.0# RESTART REQUIREDserver.requireClientCertificates = false# Port for shutdown monitor to listen on.## SINCE 0.5.0# RESTART REQUIREDserver.shutdownPort = 8081## Gitblit Filestore Settings## The location to save the filestore blobs ## SINCE 1.7.0filestore.storageFolder = ${baseFolder}/lfs# Maximum allowable upload size# The default value, -1, disables upload limits.# Common unit suffixes of k, m, or g are supported.# SINCE 1.7.0filestore.maxUploadSize = -1
gitblit-1.8.0域认证
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。