When running Gitblit from the Go tarball as a normal user on RHEL 8.x, I get the following output to the console and then Gitblit exits:
$ ./gitblit.sh
2022-11-17 12:05:48 [INFO ]
_____ _ _ _ _ _ _
| __ \(_)| | | | | |(_)| |
| | \/ _ | |_ | |__ | | _ | |_
| | __ | || __|| '_ \ | || || __| http://gitblit.com
| |_\ \| || |_ | |_) || || || |_ @gitblit
\____/|_| \__||_.__/ |_||_| \__| 1.9.3
2022-11-17 12:05:48 [INFO ] Running on Linux (4.18.0-372.26.1.el8_6.x86_64)
2022-11-17 12:05:48 [INFO ] JVM version 1.8.0_345 (Red Hat, Inc.)
2022-11-17 12:05:48 [INFO ] Logging initialized @263ms
Exception in thread "main" java.lang.RuntimeException: Password required!
at com.gitblit.utils.X509Utils$X509Metadata.<init>(X509Utils.java:208)
at com.gitblit.GitBlitServer.start(GitBlitServer.java:249)
at com.gitblit.GitBlitServer.main(GitBlitServer.java:124)
I also assumed that this is a file permission error. This happens when I have moved the --baseFolder to something outside of the Gitblit install directory even when the user is the owner of the directory and everything in it. If I use the data folder provided by the default data folder under the Gitblit install directory, then it will launch. I have verified the user has read and execute on the parent folders of the alternate data folder.
As for running Gitblit under Tomcat (Tomcat 9.x on RHEL 8), this is what shows up in my Catalina log file when I start Tomcat:
17-Nov-2022 12:24:06.103 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/9.0.65
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Jul 14 2022 12:28:53 UTC
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.65.0
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.18.0-372.26.1.el8_6.x86_64
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.345.b01-1.el8_6.x86_64/jre
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_345-b01
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Red Hat, Inc.
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /usr/share/tomcat
17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/share/tomcat
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/share/tomcat
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/share/tomcat
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.endorsed.dirs=
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/var/cache/tomcat/temp
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties
17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
17-Nov-2022 12:24:06.108 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.6.3].
17-Nov-2022 12:24:06.108 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
17-Nov-2022 12:24:06.108 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
17-Nov-2022 12:24:06.110 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1k FIPS 25 Mar 2021]
17-Nov-2022 12:24:06.313 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-127.0.0.1-8080"]
17-Nov-2022 12:24:06.333 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-apr-127.0.0.1-8443"]
17-Nov-2022 12:24:06.368 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [451] milliseconds
17-Nov-2022 12:24:06.388 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
17-Nov-2022 12:24:06.388 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.65]
17-Nov-2022 12:24:06.402 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/var/lib/tomcat/webapps/gitblit-1.9.3.war]
17-Nov-2022 12:24:08.988 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
17-Nov-2022 12:24:09.732 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/var/lib/tomcat/webapps/gitblit-1.9.3.war] has finished in [3,330] ms
17-Nov-2022 12:24:09.734 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-127.0.0.1-8080"]
17-Nov-2022 12:24:09.745 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-apr-127.0.0.1-8443"]
17-Nov-2022 12:24:09.747 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [3378] milliseconds
I expected to see more entries similar to what the Go tarball version output to the console.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 11:38 AM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/gitblit/cdb6e161-2d72-467a-8a2b-bd088e4559b5n%40googlegroups.com.
I just tried copying the data directory back over and still get the same error. I used
(cd /opt/gitblit-1.9.3; tar cf - data ) | (cd <dest>; tar xf -)
cd <dest>
chown <user>:<user group> data
Gitblit Go tarball was extracted to /opt/gitblit-1.9.3.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 12:40 PM
To: git...@googlegroups.com
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
Okay, the first is not a file system permission issue but has to do with Gitblit trying to open the Java keystore and it doesn't have the password for it. Uhm, I would also have to try that out to see what exactly is amiss, but did you copy everything over from the standard base folder to the other one?
--
You received this message because you are subscribed to a topic in the Google Groups "gitblit" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/gitblit/pt363j4MhNU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/gitblit/CANNZ3e-%2B1-_5kx7Diu%2BfgZCTC%2BjAdEyM6%3D_MMXRPGmVOCy61zw%40mail.gmail.com.
Interesting. I verified that the defaults.properties was in the new data directory (<dest>/data). However, when I move the /opt/gitblit-1.9.3/data directory to /opt/gitblit-1.9.3/data.orig and then soft link <dest>/data to /opt/gitblit-1.9.3/data and use the default
java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder data
instead of
java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder <dest>/data
Gitblit launches. I’m not entirely sure I understand what Gitblit sees differently.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 12:57 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
Yes, so, make sure that you copy over the files from the default base folder. When I leave out the `default.properties` file I get the error you pasted. This is because the following key is then missing from the configuration and Gibtlit cannot access the keystone for TLS keys:
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/92d1f667-f552-4fde-bb57-6622c522bf99n%40googlegroups.com.
Yeah, I su’d to the <user> account as was able to view the files in <dest>/data.
Without changing anything else, the second command still fails.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 1:22 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
I would guess some folder on the way, maybe? Did you check if the gitblit user can access the files?
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/56669055-0f04-4003-aa37-5b6bbb2fb64cn%40googlegroups.com.
Somehow, that doesn’t surprise me. I think for the Gitblit Go option, if I can make that work in my environment, I’ll go with the symlink workaround for now and assume still have a permissions issue somewhere I just haven’t found.
If we can figure out the logging under Tomcat, I’d like to know what is going on there as well. I did look at my logging.properties file for Tomcat and did notice that three items were set to INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
I did change these to FINE and still only get results similar to what I previously posed.
In my case I’m trying to replicate something that was done in a different environment without having to have everyone change URLs for their repos they have cloned from the old system so I’m not sure whether I’m going to want to use the Go tarball or the Tomcat WAR file. 😊
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 2:06 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
--
You received this message because you are subscribed to a topic in the Google Groups "gitblit" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/gitblit/pt363j4MhNU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/gitblit/3a82350f-9e44-4626-bd5c-9371b8a48c3cn%40googlegroups.com.
On a Fedora system you can use dnf (a replacement for yum). (Dnf is also used on the stuff I mention below as well as RHEL 8.) If you want something that is binary compatible with RHEL, you can look at Alma Linux (https://almalinux.org/) or Rocky Linux (https://rockylinux.org/). CentOS became a test bed for RHEL so contains some newer packages they are evaluating for RHEL.
Tomcat can be installed on Alma Linux, Rocky Linux, or RHEL from EPEL repos using the instructions at https://docs.fedoraproject.org/en-US/epel/. This package creates the tomcat user with the /home/tomcat home directory and the CATALINA_HOME to /usr/share/tomcat. There are symlinks under these directories to the conf, webapps, etc. directories where they live under various locations.
If it is too much trouble to test out, don’t worry about it for now. I understand the switch from a Debian style Linux to a Red Hat style Linux is a bit of a perspective change. 😊
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 2:26 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
Well, I am not quite certain how to best help.
--
You received this message because you are subscribed to a topic in the Google Groups "gitblit" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/gitblit/pt363j4MhNU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/82908b9d-eff0-4e0d-b1bb-bd128b7eec15n%40googlegroups.com.
I did install tomcat from the EPEL repo as I described above.
Like you, I put the Gitblit WAR file in /var/lib/tomcat/webapps.
Gitblit did launch, I just kept getting the “Page Expired” error. I don’t know why.
However, I will say that I just got Gitblit from the GO tarball working and was able to log into it. I am only starting Gitblit manually at the moment, but I believe I understand what the install-service-fedora.sh script is well enough that I can use it to create the systemd file for my system. (RHEL 7 transitioned to Systemd but still supports the init.d scripts. I’m not sure if/when Red Hat is going to discontinue it. I have not looked for this in the release notes for RHEL 8 or 9 yet.)
On a side note, I notice that when running Gitblit behind Apache Httpd mod_proxy (to make HTTP/HTTPS port in Urls match the old system), failed login attempts are logged as coming from 127.0.0.1, which I understand. I’m curious to know if there is a way to have Gitblit log the value for the x-forwarded-for header if it is set. This would be the IP address of the machine that git the Apache Httpd reverse proxy. This really isn’t critical; it would just be a nice-to-have.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 3:32 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
Well, I got somewhere with this Fedora system, even though it is a bit of a shit show. Even `wget` crashes.
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/gitblit/ebb97ae7-b75e-4e72-9f23-a109b20c08e8n%40googlegroups.com.
My system has SELinux set to permissive mode so I didn’t have the problems with the ports and such.
If you install the rsyslogd package, then you will also see the system logs in /var/log/messages as well as being able to see then via journalctl.
And yes, I’m getting quite a bit of information from Tomcat in the system logs. Now I feel stupid that I didn’t think to look there previously. Sorry for taking up your time with something I should have thought of earlier.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Friday, November 18, 2022 6:03 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
Yes, so, when I add some SELinux policies to allow for opening ports and accessing the JNA file, I have Gitblit running in the Tomcat. No timeout problems, I can login, create a repo etc.
The main info is probably, that for me I can see the Gitblit logs with 'journalctl -f'.
Maybe try this and see if it works for you, too.
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/0685137e-2d09-4984-8870-de84c9928310n%40googlegroups.com.
On a side note, I notice that when running Gitblit behind Apache Httpd mod_proxy (to make HTTP/HTTPS port in Urls match the old system), failed login attempts are logged as coming from 127.0.0.1, which I understand. I’m curious to know if there is a way to have Gitblit log the value for the x-forwarded-for header if it is set. This would be the IP address of the machine that git the Apache Httpd reverse proxy. This really isn’t critical; it would just be a nice-to-have.
Yes. That looks like the same issue to me.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Tuesday, November 22, 2022 1:15 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
On Thursday, 17 November 2022 at 23:47:16 UTC+1 spar...@uwyo.edu wrote:
On a side note, I notice that when running Gitblit behind Apache Httpd mod_proxy (to make HTTP/HTTPS port in Urls match the old system), failed login attempts are logged as coming from 127.0.0.1, which I understand. I’m curious to know if there is a way to have Gitblit log the value for the x-forwarded-for header if it is set. This would be the IP address of the machine that git the Apache Httpd reverse proxy. This really isn’t critical; it would just be a nice-to-have.
Is this the same as and thus a vote for https://github.com/gitblit/gitblit/issues/1222?
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/ea66cc82-e567-4d0e-bd29-88ed04c08397n%40googlegroups.com.