如何在 apache 上使用 http auth 在 tomcat7 上设置 gerrit
How to set up gerrit on tomcat7 with http auth on apache
OS - Ubuntu 14.04.3 LTC
git、Tomcat7、mysql、apache2 已安装。
我配置tomcat7支持SSL:
server.xml
<Connector port="4432" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="some_path"
keystorePass="some_pass" />
并使用了mysql数据库:
context.xml
<Resource name="jdbc/ReviewDb"
auth="Container"
type="javax.sql.DataSource"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/gerrit_reviewdb"
username="gerrit"
password="gerrit"
maxActive="20"
maxIdle="10"
maxWait="-1"/>
我在 tomcat7 上部署了 gerrit,类型为 auth development_become_any_account.
接下来我在文件夹 /etc/apache2/sites-available
中创建了文件 gerrit_auth.conf
Listen 82
<VirtualHost *:82>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review2"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/ nocanon
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>
并在 gerrit.config
中将身份验证类型更改为 http
[gerrit]
basePath = /var/opt/gerrit/repositories
canonicalWebUrl = https://my_gerrit_site:4432/gerrit
[database]
type = mysql
database = gerrit_reviewdb
hostname = localhost
username = gerrit
[index]
type = LUCENE
[auth]
type = http
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
[container]
user = tomcat7
javaHome = /usr/lib/jvm/jdk1.7.0_79/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://localhost:82/
[cache]
directory = cache
并重新启动了 apache2 和 tomcat7 服务。
现在,当我访问 https:// my_gerrit_site:4432/ 时,我看到了 tomcat7
It works !
当我访问 https:// my_gerrit_site:4432/gerrit 时,我看到了
Configuration Error
Check the HTTP server's authentication settings.
The HTTP server did not provide the username in the Authorization
header when it forwarded the request to Gerrit Code Review.
If the HTTP server is Apache HTTPd, check the proxy configuration
includes an authorization directive with the proper location, ensuring
it ends with '/':
ServerName my_gerrit_site
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
...
</Location>
AllowEncodedSlashes On
ProxyPass /gerrit/ http://.../gerrit/ nodecode </VirtualHost>
当我访问 http:// my_gerrit_site:82/ 时,我看到了
Index of /
Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82
当我访问 http:// my_gerrit_site:82/gerrit/login/ 时,我看到了
window 使用身份验证,当我登录时我看到
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82
apache_errorlog.log
[Tue Jul 19 20:18:39.067497 2016] [proxy:warn] [pid 6382:tid 140713740175104] [client x.x.x.x:27949] AH01144: No protocol handler was valid for the URL /gerrit/login/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
catalina.out
[2016-07-19 20:18:18,855] [http-bio-4432-exec-6] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user by Authorization request header. Check container or server configuration.
我做错了什么?我需要更改哪些设置?
谢谢
您需要将 canonocalWebUrl 更改为外部 url
canonicalWebUrl = https://my_gerrit_site:82/gerrit
您不需要将 Tomcat 与 Gerrit 一起使用,请在此处查看更多信息:https://gerrit-review.googlesource.com/Documentation/install.html#requirements
如果您的目标是配置反向代理,请查看此处:https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
Problem was with apache2 and virtual host configuration.
当我尝试启用代理时,proxy_http、proxy_ajp、ssl (a2enmod) 我遇到了一些与两个虚拟主机之一相关的错误(它们的配置文件是在我尝试时创建并启用的为我的 gerrit 做 http auth)。
因此,当我禁用配置错误的 (a2dissite) 虚拟主机时,我没有出现错误。
http auth 的工作 apache2 配置:
LoadModule ssl_module modules/mod_ssl.so
Listen 4433
<VirtualHost *:4433>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>
OS - Ubuntu 14.04.3 LTC
git、Tomcat7、mysql、apache2 已安装。
我配置tomcat7支持SSL: server.xml
<Connector port="4432" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="some_path"
keystorePass="some_pass" />
并使用了mysql数据库: context.xml
<Resource name="jdbc/ReviewDb"
auth="Container"
type="javax.sql.DataSource"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/gerrit_reviewdb"
username="gerrit"
password="gerrit"
maxActive="20"
maxIdle="10"
maxWait="-1"/>
我在 tomcat7 上部署了 gerrit,类型为 auth development_become_any_account.
接下来我在文件夹 /etc/apache2/sites-available
中创建了文件 gerrit_auth.confListen 82
<VirtualHost *:82>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review2"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/ nocanon
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>
并在 gerrit.config
中将身份验证类型更改为 http[gerrit]
basePath = /var/opt/gerrit/repositories
canonicalWebUrl = https://my_gerrit_site:4432/gerrit
[database]
type = mysql
database = gerrit_reviewdb
hostname = localhost
username = gerrit
[index]
type = LUCENE
[auth]
type = http
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
[container]
user = tomcat7
javaHome = /usr/lib/jvm/jdk1.7.0_79/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://localhost:82/
[cache]
directory = cache
并重新启动了 apache2 和 tomcat7 服务。 现在,当我访问 https:// my_gerrit_site:4432/ 时,我看到了 tomcat7
It works !
当我访问 https:// my_gerrit_site:4432/gerrit 时,我看到了
Configuration Error
Check the HTTP server's authentication settings.
The HTTP server did not provide the username in the Authorization header when it forwarded the request to Gerrit Code Review.
If the HTTP server is Apache HTTPd, check the proxy configuration includes an authorization directive with the proper location, ensuring it ends with '/':
ServerName my_gerrit_site
ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location /gerrit/login/> AuthType Basic AuthName "Gerrit Code Review" Require valid-user ... </Location> AllowEncodedSlashes On ProxyPass /gerrit/ http://.../gerrit/ nodecode </VirtualHost>
当我访问 http:// my_gerrit_site:82/ 时,我看到了
Index of /
Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82
当我访问 http:// my_gerrit_site:82/gerrit/login/ 时,我看到了 window 使用身份验证,当我登录时我看到
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82
apache_errorlog.log
[Tue Jul 19 20:18:39.067497 2016] [proxy:warn] [pid 6382:tid 140713740175104] [client x.x.x.x:27949] AH01144: No protocol handler was valid for the URL /gerrit/login/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
catalina.out
[2016-07-19 20:18:18,855] [http-bio-4432-exec-6] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user by Authorization request header. Check container or server configuration.
我做错了什么?我需要更改哪些设置?
谢谢
您需要将 canonocalWebUrl 更改为外部 url
canonicalWebUrl = https://my_gerrit_site:82/gerrit
您不需要将 Tomcat 与 Gerrit 一起使用,请在此处查看更多信息:https://gerrit-review.googlesource.com/Documentation/install.html#requirements
如果您的目标是配置反向代理,请查看此处:https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
Problem was with apache2 and virtual host configuration.
当我尝试启用代理时,proxy_http、proxy_ajp、ssl (a2enmod) 我遇到了一些与两个虚拟主机之一相关的错误(它们的配置文件是在我尝试时创建并启用的为我的 gerrit 做 http auth)。 因此,当我禁用配置错误的 (a2dissite) 虚拟主机时,我没有出现错误。
http auth 的工作 apache2 配置:
LoadModule ssl_module modules/mod_ssl.so
Listen 4433
<VirtualHost *:4433>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>