【问题标题】:How to set up gerrit on tomcat7 with http auth on apache如何在 apache 上使用 http auth 在 tomcat7 上设置 gerrit
【发布时间】:2016-07-19 17:35:03
【问题描述】:

操作系统 - Ubuntu 14.04.3 LTC

安装了git、Tomcat7、mysql、apache2。

我将 tomcat7 配置为支持 SSL: 服务器.xml

<Connector port="4432" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="some_path"
               keystorePass="some_pass" />

并使用了mysql数据库: 上下文.xml

<Resource name="jdbc/ReviewDb"
          auth="Container"
          type="javax.sql.DataSource"
          driverClassName="com.mysql.jdbc.Driver"
          url="jdbc:mysql://localhost:3306/gerrit_reviewdb"
          username="gerrit"
          password="gerrit"
          maxActive="20"
          maxIdle="10"
          maxWait="-1"/>

我在 tomcat7 上部署了 gerrit,类型为 auth development_become_any_account

接下来我在文件夹 /etc/apache2/sites-available 中创建了文件 gerrit_auth.conf

Listen 82
<VirtualHost *:82>
        ServerName localhost
        ProxyRequests Off
        ProxyVia Off
        ProxyPreserveHost On
        AllowEncodedSlashes On
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        <Location /gerrit/login/>
                AuthType Basic
                AuthName "Gerrit Code Review2"
                AuthBasicProvider file
                AuthUserFile /var/opt/gerrit/users/passwords
                Require valid-user
        </Location>

        ProxyPass /gerrit/ https://localhost:4432/gerrit/ nocanon
        ErrorLog /var/opt/gerrit/apache_errorlog.log
        CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>

并在 gerrit.config 中将身份验证类型更改为 http

[gerrit]
        basePath = /var/opt/gerrit/repositories
        canonicalWebUrl = https://my_gerrit_site:4432/gerrit
[database]
        type = mysql
        database = gerrit_reviewdb
        hostname = localhost
        username = gerrit
[index]
        type = LUCENE
[auth]
        type = http
[receive]
        enableSignedPush = false
[sendemail]
        smtpServer = localhost
[container]
        user = tomcat7
        javaHome = /usr/lib/jvm/jdk1.7.0_79/jre
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = proxy-http://localhost:82/
[cache]
        directory = cache

并重新启动服务 apache2 和 tomcat7。 现在,当我转到 https://my_gerrit_site:4432/ 时,我看到了 tomcat7

有效!

当我去 https://my_gerrit_site:4432/gerrit 我看到了

配置错误

检查 HTTP 服务器的身份验证设置。

HTTP 服务器未在授权中提供用户名 将请求转发给 Gerrit Code Review 时的标头。

如果 HTTP 服务器是 Apache HTTPd,请检查代理配置 包括具有适当位置的授权指令,确保 它以'/'结尾:

服务器名称 my_gerrit_site

ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

<Proxy *>
      Order deny,allow
      Allow from all
</Proxy>

<Location /gerrit/login/>
  AuthType Basic
  AuthName "Gerrit Code Review"
  Require valid-user
  ...
</Location>

AllowEncodedSlashes On
ProxyPass /gerrit/ http://.../gerrit/ nodecode </VirtualHost>

当我访问 http://my_gerrit_site:82/ 时,我看到了

/的索引

Apache/2.4.7 (Ubuntu) 服务器位于 my_gerrit_site 端口 82

当我访问 http://my_gerrit_site:82/gerrit/login/ 时,我看到了 带有身份验证的窗口,当我登录时,我看到了

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82

apache_errorlog.log

[Tue Jul 19 20:18:39.067497 2016] [proxy:warn] [pid 6382:tid 140713740175104] [client x.x.x.x:27949] AH01144: No protocol handler was valid for the URL /gerrit/login/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

catalina.out

[2016-07-19 20:18:18,855] [http-bio-4432-exec-6] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user by Authorization request header.  Check container or server configuration.

我做错了什么?我需要更改哪些设置?

谢谢

【问题讨论】:

  • 你为什么使用Tomcat?是必需的吗?最好让gerrit自己工作。
  • 是的,我使用tomcat是因为它是必需的

标签: apache2 tomcat7 gerrit http-authentication


【解决方案1】:
Problem was with apache2 and virtual host configuration. 

当我尝试启用代理、proxy_http、proxy_ajp、ssl (a2enmod) 时,我遇到了一些与两个虚拟主机之一相关的错误(当我尝试为我的 gerrit 进行 http auth 时,创建并启用了它们的配置文件)。 因此,当我禁用配置错误的 (a2dissite) 虚拟主机时,我没有遇到错误。

为 http auth 工作的 apache2 配置:

LoadModule ssl_module modules/mod_ssl.so
Listen 4433

<VirtualHost *:4433>
        ServerName localhost

        ProxyRequests Off
        ProxyVia Off
        ProxyPreserveHost On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        #AllowEncodedSlashes On

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        <Location /gerrit/login/>
                AuthType Basic
                AuthName "Gerrit Code Review"
                AuthBasicProvider file
                AuthUserFile /var/opt/gerrit/users/passwords
                Require valid-user
        </Location>
         ProxyPass /gerrit/ https://localhost:4432/gerrit/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog /var/opt/gerrit/apache_errorlog.log
        CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>   

【讨论】:

    【解决方案2】:

    需要将canonocalWebUrl改为外部url

    canonicalWebUrl = https://my_gerrit_site:82/gerrit
    

    【讨论】:

    • 不幸的是,它不起作用。都是相同的错误,Internet Explorer 无法显示网页(my_gerrit_site:82 和 /gerrit)。据我了解 apache 使用 http(不是 https)
    【解决方案3】:

    您不需要将 Tomcat 与 Gerrit 一起使用,请在此处查看更多信息:https://gerrit-review.googlesource.com/Documentation/install.html#requirements

    如果您的目标是配置反向代理,请查看此处:https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html

    【讨论】:

      猜你喜欢
      • 2016-04-12
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2013-07-02
      • 1970-01-01
      • 2013-08-13
      相关资源
      最近更新 更多