All geek questions in one place

Configure gerrit with http authentication

I am trying to configure gerrit with http baisc authentication, my httpd configuration

<VirtualHost *:8081> ServerName localhost ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location "/login/"> AuthType Basic AuthName "Gerrit Code Review" AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords Require valid-user </Location> ProxyPass / http://localhost:8081/ </VirtualHost>

and my gerrit.config

 [gerrit] basePath = git canonicalWebUrl = http://localhost:8081/ [database] type = mysql hostname = localhost database = reviewdb username = gerrit [auth] type = HTTP [sendemail] smtpServer = localhost smtpUser = gerrit [container] user = gerrit javaHome = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre [sshd] listenAddress = *:29418 [httpd] listenUrl = proxy-http://*:8081/ [cache] directory = cache

I'm not sure where I am wrong, but access to http: // xxxx: 8081 says

 The HTTP server did not provide the username in the Authorization header when it forwarded the request to Gerrit Code Review. If the HTTP server is Apache HTTPd, check the proxy configuration includes an authorization directive with the proper location, ensuring it ends with '/':

my gerrit runs on a built-in berth counter, and my OS is centos 6.4

where am i wrong?

+6
source share
3 answers

ok, In fact, I created a virtual host on port 8081, and my pier (which comes with gerrit) also listened to the same port, my configuration remained almost the same, but these are additional steps: -

  • Add a new port to selinux (which has some basic ports defined initially), or you can disable it if security is not a problem.
  • tell httpd to listen on this port (in my case, I added 8082), so add the line listen <port-no> to your http conf file

  • Change the virtual host to your port number now your virtual host is installed on port 8082

     <VirtualHost *:8082> ServerName localhost ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location "/login/"> AuthType Basic AuthName "Gerrit Code Review" AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords Require valid-user </Location> ProxyPass / http://localhost:8081/

  • change the canonical url to port 8082 (so that it redirects it to the same port)

  • finally restart apache and gerrit (get access to your host: 8082).

enjoy.!!

+5
source

Gerrit expects authentication to be provided. It does not allow anonymous access when using HTTP authentication.

To do this, you need to authenticate at the root, and your location block should look like this:

 <Location "/"> AuthType Basic AuthName "Gerrit Code Review" AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords Require valid-user </Location>
+3
source

There are several problems in your configuration:

  • Apache and try to listen on the same port 8081, this is not possible
  • You ProxyPass are not the best, this will create some minor problems. These problems are:
    • Unable to create project names with a slash in it: main / sub
    • When viewing files, a checkmark will not be displayed next to the file to display it as considered, again this is due to incorrect processing of the slash
  • The most commonly used subfolder, not the root, I think it works better with reverse proxies.

This is my recommended configuration for you:

  <VirtualHost *:80> ServerName localhost ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location "/"> AuthType Basic AuthName "Gerrit Code Review" AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords Require valid-user </Location> AllowEncodedSlashes On ProxyPass /r http://localhost:8081/r nocanon </VirtualHost>

Of course, don't forget to change gerrit.config, canonicalWebUrl is what you enter in the address bar, and not what apache uses to search for gerrit.

 [gerrit] basePath = git canonicalWebUrl = http://localhost:8082/r

To prevent the default apache page from showing, add index.php to the root folder, which will redirect your browser to an additional path:

 <?php header('Location: http://localhost:8082/r/'); ?>
+1
source

Source: https://habr.com/ru/post/951531/

More articles:


All Articles