Gerrit clone using http behind a apache2

问题

we have Gerrit installed to manage our repositories on the server. So far, everything works well, we can clone using ssh.

Gerrit is the version 2.14.2 apache 2.4.18.

That is our configuration files (censored when needed):

/media/data/gerrit/etc/gerrit.config

[gerrit]
    basePath = git
    serverId = ed5a7ef7-289e-4590-9292-cbdede1b0dc9
    canonicalWebUrl = http://repository.something.com/gerrit
[database]
    type = h2
    database = /media/data/gerrit/db/ReviewDB
[index]
    type = LUCENE
[auth]
    type = HTTP
    logoutUrl = http://logout@repository.something.com/gerrit
[receive]
    enableSignedPush = false
[sendemail]
    smtpServer = mail.something.com
    from = Code Review <review@gerrit.com>
[container]
    javaHome = /usr/lib/jvm/java-8-openjdk-amd64/jre
    user = administrator
[sshd]
    listenAddress = *:29418
[httpd]
    listenUrl = proxy-http://127.0.0.1:8081/gerrit
[cache]
    directory = cache
[plugins]
    allowRemoteAdmin = true
[download]
    command = checkout
    command = cherry_pick
    command = pull
    scheme = ssh
    scheme = http
[commitmessage]
    maxSubjectLength = 80
    maxLineLength = 100
    longLinesThreshold = 10
    rejectTooLong = false
[plugin "emoticons"]
    showEmoticons = true
[reviewers]
    enableREST = true
    enableUI = true
    ignoreDrafts = true
    autoAddReviewers = false
    maxReviewers = 1
    enableLoadBalancing = false
    plusTwoRequired = true
    plusTwoAge = 8
    plusTwoLimit = 10
[gitweb]
    type = custom
    linkname = log
    url = http://repository.something.com/cgit
    project = /${project}.git
    branch = /${project}.git/log
    revision = /${project}.git/commit/?id=${commit}
    filehistory = /${project}.git/log
[lfs]
    plugin = lfs

/etc/apache2/mods-enable/gerrit.conf

ProxyPassMatch /([[:alnum:]-]+)\.git(.*) http://localhost:8081/gerrit/a/$1.git$2
ProxyPass           /gerrit  http://localhost:8081/gerrit nocanon
ProxyPassReverse    /gerrit  http://localhost:8081/gerrit nocanon
ProxyRequests       Off

<Proxy http://localhost:8081/gerrit>
  Order deny,allow
  Allow from all
</Proxy>

<Location /gerrit>
  AuthType Digest
  AuthName "gerrit"
  AuthUserFile /etc/apache2/.htdigest
  Require valid-user
</Location>

Clone using ssh, like I said, works well. But when try to clone using http, we get an authentication error. I tried a lot with different settings in a separate config file in the mods-enabled, also in the sites available.

Any idea what could be wrong?

As already seen, we have a landing page on repository.someting.com and access Gerrit using repository.something.com/gerrit.

All these apache configuration stuff is completely new for me -.- So I have no Idea what I do actually ^^

回答1:

I changed the apache loglevel to debug for more information.

These was my tries:

1. Clone using TortoiseGit without any modification in the global .gitconfig

   AH01781: client used wrong authentication scheme `Basic': /gerrit/a/PluginTester/info/refs

2. Clone using GitBash without any modification in the global .gitconfig

   AH01794: user hanswurst: password mismatch: /gerrit/a/PluginTester/info/refs

3. I added http.proxyAuthMethod = digest to the .gitconfig and tried again with TortoiseGit

   AH01781: client used wrong authentication scheme `Basic': /gerrit/a/PluginTester/info/refs

4. And tried also Git Bash

   AH01794: user blubb: password mismatch: /gerrit/a/PluginTester/info/refs

5. I have read in the documentation that this works only when used a proxy with a user name in it; so I added http.proxy = http://blubb@repository.something.com:80 and tried again with Tortoisegit

   AH02422: HTTP Request Line; URI must not contain a username/password

6. and GitBash

   AH02422: HTTP Request Line; URI must not contain a username/password

7. Even that the documentation say the proxy must contain a user name, I also tried with the proxy on http.proxy = http://repository.something.com:80 now with TortoiseGit

   AH01781: client used wrong authentication scheme `Basic': /gerrit/a/PluginTester/info/refs

8. And GitBash

   • AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
   • AH01626: authorization result of : denied (no authenticated user yet)
   • AH01626: authorization result of Require valid-user : granted
   • AH01626: authorization result of : granted
   • AH01143: Running scheme http handler (attempt 0)
   • AH00942: HTTP: has acquired connection for (localhost) connecting http://localhost:8081/gerrit/a/PluginTester/info/refs?service=git-upload-pack to localhost:8081 connected /gerrit/a/PluginTester/info/refs?service=git-upload-pack to localhost:8081
   • AH00943: http: has released connection for (localhost)

point 7 is what I expected, since the digest will not used anymore. But on 8. on the Server it looks good for me, but the client still gets "Authentication Failed"

来源：https://stackoverflow.com/questions/47071484/gerrit-clone-using-http-behind-a-apache2