"Page Expired" error when logging into new installtion of Gitblit

30 views
Skip to first unread message

Scott Parrill

unread,
Nov 16, 2022, 7:23:50 PM11/16/22
to gitblit
When trying to log into a new Gitblit installation (1.9.3) using the WAR file with Tomcat 9.0.65, I get "Page Expired" from both Google Chrome and Firefox. 

I have not been able to find any information on getting logging out of Gitblit when installed from the WAR file.  The console output I get when I run Gitblit from the Gitblit Go distribution does not seem to appear in the catalina log or anywhere else I can find.

Installed from the Gitblit Go installer, I can get Gitblit to run under the root account but it fails to launch when run as any other user.

I'm at a loss as to how to get diagnostic information out of Gitblit under the circumstances and unwilling to run Gitblit as the root user.

Suggestions on how to move forward with this problem?

Thanks,
Scott

Florian Zschocke

unread,
Nov 17, 2022, 1:38:05 PM11/17/22
to gitblit
I would have to try it myself to see. I just recently tried it with Tomcat 7 and Gitblit 1.8.0 because someone mentioned problems, and I saw the Gitblit logs in logs/catalina.out.

I also do run Gitblit constantly  from the GO tgz as normal user under macOS. What OS are you using? Is there more to "fails to launch" that you could provide? Like, nothing happens at all?

The first thing that comes to mind when root works and normal user doesn't is access permissions to the file system being a problem.

Scott M. Parrill

unread,
Nov 17, 2022, 2:27:00 PM11/17/22
to git...@googlegroups.com

When running Gitblit from the Go tarball as a normal user on RHEL 8.x, I get the following output to the console and then Gitblit exits:

 

$ ./gitblit.sh

2022-11-17 12:05:48 [INFO ]

  _____  _  _    _      _  _  _

|  __ \(_)| |  | |    | |(_)| |

| |  \/ _ | |_ | |__  | | _ | |_

| | __ | || __|| '_ \ | || || __|  http://gitblit.com

| |_\ \| || |_ | |_) || || || |_   @gitblit

  \____/|_| \__||_.__/ |_||_| \__|  1.9.3

 

2022-11-17 12:05:48 [INFO ] Running on Linux (4.18.0-372.26.1.el8_6.x86_64)

2022-11-17 12:05:48 [INFO ] JVM version 1.8.0_345 (Red Hat, Inc.)

2022-11-17 12:05:48 [INFO ] Logging initialized @263ms

Exception in thread "main" java.lang.RuntimeException: Password required!

        at com.gitblit.utils.X509Utils$X509Metadata.<init>(X509Utils.java:208)

        at com.gitblit.GitBlitServer.start(GitBlitServer.java:249)

        at com.gitblit.GitBlitServer.main(GitBlitServer.java:124)

 

I also assumed that this is a file permission error.  This happens when I have moved the --baseFolder to something outside of the Gitblit install directory even when the user is the owner of the directory and everything in it.  If I use the data folder provided by the default data folder under the Gitblit install directory, then it will launch.  I have verified the user has read and execute on the parent folders of the alternate data folder.

 

As for running Gitblit under Tomcat (Tomcat 9.x on RHEL 8), this is what shows up in my Catalina log file when I start Tomcat:

 

17-Nov-2022 12:24:06.103 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.65

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Jul 14 2022 12:28:53 UTC

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.65.0

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.18.0-372.26.1.el8_6.x86_64

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.345.b01-1.el8_6.x86_64/jre

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_345-b01

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Red Hat, Inc.

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/share/tomcat

17-Nov-2022 12:24:06.104 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/share/tomcat

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/share/tomcat

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/share/tomcat

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.endorsed.dirs=

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/var/cache/tomcat/temp

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties

17-Nov-2022 12:24:06.106 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager

17-Nov-2022 12:24:06.108 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.6.3].

17-Nov-2022 12:24:06.108 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].

17-Nov-2022 12:24:06.108 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]

17-Nov-2022 12:24:06.110 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1k  FIPS 25 Mar 2021]

17-Nov-2022 12:24:06.313 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-127.0.0.1-8080"]

17-Nov-2022 12:24:06.333 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-apr-127.0.0.1-8443"]

17-Nov-2022 12:24:06.368 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [451] milliseconds

17-Nov-2022 12:24:06.388 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]

17-Nov-2022 12:24:06.388 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.65]

17-Nov-2022 12:24:06.402 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/var/lib/tomcat/webapps/gitblit-1.9.3.war]

17-Nov-2022 12:24:08.988 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.

17-Nov-2022 12:24:09.732 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/var/lib/tomcat/webapps/gitblit-1.9.3.war] has finished in [3,330] ms

17-Nov-2022 12:24:09.734 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-127.0.0.1-8080"]

17-Nov-2022 12:24:09.745 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-apr-127.0.0.1-8443"]

17-Nov-2022 12:24:09.747 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [3378] milliseconds

 

I expected to see more entries similar to what the Go tarball version output to the console.

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 11:38 AM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/cdb6e161-2d72-467a-8a2b-bd088e4559b5n%40googlegroups.com.

Florian Zschocke

unread,
Nov 17, 2022, 2:40:06 PM11/17/22
to git...@googlegroups.com
Okay, the first is not a file system permission issue but has to do with Gitblit trying to open the Java keystore and it doesn't have the password for it. Uhm, I would also have to try that out to see what exactly is amiss, but did you copy everything over from the standard base folder to the other one?

The second I will try out in a Tomcat here somehow. Give me a minute.

Scott M. Parrill

unread,
Nov 17, 2022, 2:51:36 PM11/17/22
to git...@googlegroups.com

I just tried copying the data directory back over and still get the same error.  I used

 

(cd /opt/gitblit-1.9.3; tar cf - data ) | (cd <dest>; tar xf -)

cd <dest>

chown <user>:<user group> data

 

Gitblit Go tarball was extracted to /opt/gitblit-1.9.3.

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 12:40 PM
To: git...@googlegroups.com
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

Okay, the first is not a file system permission issue but has to do with Gitblit trying to open the Java keystore and it doesn't have the password for it. Uhm, I would also have to try that out to see what exactly is amiss, but did you copy everything over from the standard base folder to the other one?

--
You received this message because you are subscribed to a topic in the Google Groups "gitblit" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gitblit/pt363j4MhNU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/CANNZ3e-%2B1-_5kx7Diu%2BfgZCTC%2BjAdEyM6%3D_MMXRPGmVOCy61zw%40mail.gmail.com.

Florian Zschocke

unread,
Nov 17, 2022, 2:56:43 PM11/17/22
to gitblit
Yes, so, make sure that you copy over the files from the default base folder. When I leave out the `default.properties` file I get the error you pasted. This is because the following key is then missing from the configuration and Gibtlit cannot access the keystone for TLS keys:

# Password for SSL keystore.
# Keystore password and certificate password must match.
# This is provided for convenience, its probably more secure to set this value
# using the --storePassword command line parameter.
#
# If you are using the official JRE or JDK from Oracle you may not have the
# JCE Unlimited Strength Jurisdiction Policy files bundled with your JVM.  Because
# of this, your store/key password can not exceed 7 characters.  If you require
# longer passwords you may need to install the JCE Unlimited Strength Jurisdiction
# Policy files from Oracle.
#
# http://www.oracle.com/technetwork/java/javase/downloads/index.html
#
# Gitblit and the Gitblit Certificate Authority will both indicate if Unlimited
# Strength encryption is available.
#
# SINCE 0.5.0
# RESTART REQUIRED
server.storePassword = gitblit


Here is how I reproduced:

$ tar -xzf ../gitblit/build/target/gitblit-1.10.0-SNAPSHOT.tar.gz
$ mv gitblit-1.10.0-SNAPSHOT/data baseFolder-10
$ cd gitblit-1.10.0-SNAPSHOT/
$ java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder ../baseFolder-10
2022-11-17 20:48:22 [INFO ]

  _____  _  _    _      _  _  _
 |  __ \(_)| |  | |    | |(_)| |
 | |  \/ _ | |_ | |__  | | _ | |_
 | | __ | || __|| '_ \ | || || __|  http://gitblit.com
 | |_\ \| || |_ | |_) || || || |_   @gitblit
  \____/|_| \__||_.__/ |_||_| \__|  1.10.0-SNAPSHOT

2022-11-17 20:48:22 [INFO ] Running on Mac OS X (10.15.7)
2022-11-17 20:48:22 [INFO ] JVM version 17.0.1 (Eclipse Adoptium)
2022-11-17 20:48:22 [INFO ] Logging initialized @304ms to org.eclipse.jetty.util.log.Slf4jLog
2022-11-17 20:48:23 [INFO ] Using JCE Unlimited Strength Jurisdiction Policy files

$ rm ../baseFolder-10/defaults.properties
$ java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder ../baseFolder-10
2022-11-17 20:48:51 [WARN ] failed to locate defaults.properties
2022-11-17 20:48:51 [INFO ]

  _____  _  _    _      _  _  _
 |  __ \(_)| |  | |    | |(_)| |
 | |  \/ _ | |_ | |__  | | _ | |_
 | | __ | || __|| '_ \ | || || __|  http://gitblit.com
 | |_\ \| || |_ | |_) || || || |_   @gitblit
  \____/|_| \__||_.__/ |_||_| \__|  1.10.0-SNAPSHOT

2022-11-17 20:48:51 [INFO ] Running on Mac OS X (10.15.7)
2022-11-17 20:48:51 [INFO ] JVM version 17.0.1 (Eclipse Adoptium)
2022-11-17 20:48:51 [INFO ] Logging initialized @257ms to org.eclipse.jetty.util.log.Slf4jLog

Exception in thread "main" java.lang.RuntimeException: Password required!
    at com.gitblit.utils.X509Utils$X509Metadata.<init>(X509Utils.java:207)
    at com.gitblit.GitBlitServer.start(GitBlitServer.java:251)
    at com.gitblit.GitBlitServer.main(GitBlitServer.java:126)


Scott M. Parrill

unread,
Nov 17, 2022, 3:13:38 PM11/17/22
to git...@googlegroups.com

Interesting.  I verified that the defaults.properties was in the new data directory (<dest>/data).  However, when I move the /opt/gitblit-1.9.3/data directory to /opt/gitblit-1.9.3/data.orig and then soft link <dest>/data to /opt/gitblit-1.9.3/data and use the default

 

java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder data

 

instead of

 

java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder <dest>/data

 

Gitblit launches.  I’m not entirely sure I understand what Gitblit sees differently.

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 12:57 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

Yes, so, make sure that you copy over the files from the default base folder. When I leave out the `default.properties` file I get the error you pasted. This is because the following key is then missing from the configuration and Gibtlit cannot access the keystone for TLS keys:

--

You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.

Florian Zschocke

unread,
Nov 17, 2022, 3:22:08 PM11/17/22
to gitblit

I would guess some folder on the way, maybe? Did you check if the gitblit user can access the files? 
$ sudo -u <gbuser> cat <dest>/data

Now that you moved the base folder, do you have to symlink it or would the second of your command lines also work?

As for Tomcat, I have a machine with Tomcat 8, not 9. It has Gitblit deployed and running, but you are right, I do not see the logs in catalina.out. Something seems to have changed between Tomcat 7 and 8.
Or, the difference I see is because the Tomcat 8 is installed from the distribution while the Tomcat 7 was manually downloaded and extracted. So, maybe difference in logging configuration between default tarball and distribution configuration. I'm not quite sure what to make of this.


Scott M. Parrill

unread,
Nov 17, 2022, 3:24:59 PM11/17/22
to git...@googlegroups.com

Yeah, I su’d to the <user> account as was able to view the files in <dest>/data.

 

Without changing anything else, the second command still fails.

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 1:22 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

 

I would guess some folder on the way, maybe? Did you check if the gitblit user can access the files? 

--

You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.

Florian Zschocke

unread,
Nov 17, 2022, 3:42:35 PM11/17/22
to gitblit

I think I must retract my former statement account the Tomcat log. I think I just didn't the logs because Tomcat logging was on level FINE and buried everything.
So what I did now is delete the gitblit folder and WAR from Tomcat's web apps, downloaded the 1.9.3 WAR and redeployed it, i.e. copied it into the web apps folder.
Then I edited the /etc/tomcat8/logging.properties file and set all FINE levels to INFO to make it be more quiet. After a restart with
$ sudo systemctl restart tomcat8
I can see that the Titbit logging is in catalina.out. Which is what I would expect because Console.
I grepped the log file for 'gitblit.manager' and it turns out that there were also log lines earlier, hidden in all the FINE lines. 

Florian Zschocke

unread,
Nov 17, 2022, 4:06:10 PM11/17/22
to gitblit

I cannot corroborate this. I tried from scratch:

$ cd /opt
$ sudo tar -xf ~/Downloads/gitblit-1.9.3.tar.gz
$ sudo mkdir /var/lib/gitblit
$ sudo cp -a gitblit-1.9.3/data/* /var/lib/gitblit/
$ sudo chown -R geoclue:geoclue /var/lib/gitblit/
$ ll
total 12
drwxr-xr-x  3 root root 4096 Nov 17 21:44 ./
drwxr-xr-x 23 root root 4096 Nov 11 21:06 ../
drwxr-xr-x  5 root root 4096 Apr  9  2022 gitblit-1.9.3/
$ cd gitblit-1.9.3/
$ cat gitblit.sh
#!/bin/bash

java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder data
$ sudo -u geoclue java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder /var/lib/gitblit
2022-11-17 21:48:11 [INFO ]
  _____  _  _    _      _  _  _
 |  __ \(_)| |  | |    | |(_)| |
 | |  \/ _ | |_ | |__  | | _ | |_
 | | __ | || __|| '_ \ | || || __|  http://gitblit.com
 | |_\ \| || |_ | |_) || || || |_   @gitblit
  \____/|_| \__||_.__/ |_||_| \__|  1.9.3

2022-11-17 21:48:11 [INFO ] Running on Linux (4.15.0-196-generic)
2022-11-17 21:48:11 [INFO ] JVM version 1.8.0_352 (Private Build)
2022-11-17 21:48:11 [INFO ] Logging initialized @219ms
2022-11-17 21:48:11 [INFO ] Using JCE Unlimited Strength Jurisdiction Policy files
2022-11-17 21:48:11 [INFO ] Generating Gitblit Certificate Authority (/var/lib/gitblit/certs/caKeyStore.p12)
....

$ sudo -u geoclue GITBLIT_HOME=/var/lib/gitblit ./gitblit.sh
2022-11-17 22:00:32 [INFO ]
  _____  _  _    _      _  _  _
 |  __ \(_)| |  | |    | |(_)| |
 | |  \/ _ | |_ | |__  | | _ | |_
 | | __ | || __|| '_ \ | || || __|  http://gitblit.com
 | |_\ \| || |_ | |_) || || || |_   @gitblit
  \____/|_| \__||_.__/ |_||_| \__|  1.9.3

2022-11-17 22:00:32 [INFO ] Running on Linux (4.15.0-196-generic)
2022-11-17 22:00:32 [INFO ] JVM version 1.8.0_352 (Private Build)
2022-11-17 22:00:32 [INFO ] Logging initialized @214ms
2022-11-17 22:00:32 [INFO ] Using JCE Unlimited Strength Jurisdiction Policy files
2022-11-17 22:00:32 [INFO ] Setting up HTTPS transport on port 8443
....


I could create a new folder, copy over the contents from the base folder, assign it to some non-root user. And it runs fine without a symlink. With --baseFolder parameter as well as with GITBLIT_HOME environment variable.

So I can say that it works in general. I am also pretty sure it does, because when building a Docker container the base folder is also moved.
So the question remains what could be different in your case.

$ sudo -u geoclue touch /var/lib/gitblit/testme
$ ll /var/lib/gitblit/testme
-rw-r--r-- 1 geoclue geoclue 0 Nov 17 22:02 /var/lib/gitblit/testme

Scott M. Parrill

unread,
Nov 17, 2022, 4:15:57 PM11/17/22
to git...@googlegroups.com

Somehow, that doesn’t surprise me.  I think for the Gitblit Go option, if I can make that work in my environment, I’ll go with the symlink workaround for now and assume still have a permissions issue somewhere I just haven’t found.

 

If we can figure out the logging under Tomcat, I’d like to know what is going on there as well.  I did look at my logging.properties file for Tomcat and did notice that three items were set to INFO

 

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO

 

I did change these to FINE and still only get results similar to what I previously posed.

 

In my case I’m trying to replicate something that was done in a different environment without having to have everyone change URLs for their repos they have cloned from the old system so I’m not sure whether I’m going to want to use the Go tarball or the Tomcat WAR file.  😊

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 2:06 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

--
You received this message because you are subscribed to a topic in the Google Groups "gitblit" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gitblit/pt363j4MhNU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/3a82350f-9e44-4626-bd5c-9371b8a48c3cn%40googlegroups.com.

Florian Zschocke

unread,
Nov 17, 2022, 4:25:34 PM11/17/22
to gitblit
Well, I am not quite certain how to best help. 
I do not have a RedHat system. I have a Fedora Linux 36 VM here, which I just started, but I am getting nowhere with this. The shitty thing doesn't let me run any program whatsoever, GNOME crashes all the time. Am ready to get the shotgun.
I do have a working terminal on this. Any commands I could use to see if I can install a Tomcat 9 from the distribution? I am used to Debian systems, I have no idea how to administer a RH system.
I could try Tomcat 9 on a Debian (Mint) system, or download and unpack a Tomcat 9 manually on Fedora. Just no GUI process can run.
 

Scott M. Parrill

unread,
Nov 17, 2022, 5:12:21 PM11/17/22
to git...@googlegroups.com

On a Fedora system you can use dnf (a replacement for yum).  (Dnf is also used on the stuff I mention below as well as RHEL 8.)  If you want something that is binary compatible with RHEL, you can look at Alma Linux (https://almalinux.org/) or Rocky Linux (https://rockylinux.org/).  CentOS became a test bed for RHEL so contains some newer packages they are evaluating for RHEL.

 

Tomcat can be installed on Alma Linux, Rocky Linux, or RHEL from EPEL repos using the instructions at https://docs.fedoraproject.org/en-US/epel/.  This package creates the tomcat user with the /home/tomcat home directory and the CATALINA_HOME to /usr/share/tomcat.  There are symlinks under these directories to the conf, webapps, etc. directories where they live under various locations.

 

If it is too much trouble to test out, don’t worry about it for now.  I understand the switch from a Debian style Linux to a Red Hat style Linux is a bit of a perspective change.  😊

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 2:26 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

Well, I am not quite certain how to best help. 

--

You received this message because you are subscribed to a topic in the Google Groups "gitblit" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gitblit/pt363j4MhNU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gitblit+u...@googlegroups.com.

Florian Zschocke

unread,
Nov 17, 2022, 5:31:49 PM11/17/22
to gitblit
Well, I got somewhere with this Fedora system, even though it is a bit of a shit show. Even `wget` crashes.
Anyhow, I got Tomcat 9 installed with 'sudo yum install tomcat'. I downloaded the Gitblit 1.9.3 WAR and dropped it into '/var/lib/tomcat/webapps' . This works.

This works, as in, Gitblit is running and I can login as 'admin' with Firefox and can create a repository and browse it. To my surprise, because the Tomcat is running with Java 17.
What does not work, is seeing any logs from Gitblit. Now I don't have anything from Gitblit in /var/log/tomcat/catalina..... anymore. :(

Soo, I am happy that it runs, but unhappy that it doesn't run for you. Since you are trying to recreate something, I am guessing that there are some changes from the straight-forward installation just as in the GO case. 

You run a RHEL? And how did you install Tomcat there? From the distri or the way you mentioned above? I will try to recreate something closer to your system, if possible. As long as it can run in a Parallels VM. But please forgive me if I don't do that today anymore. I'll give it another shot tomorrow.

I'm sorry you are having so much trouble.

Scott M. Parrill

unread,
Nov 17, 2022, 5:47:16 PM11/17/22
to git...@googlegroups.com

I did install tomcat from the EPEL repo as I described above.

 

Like you, I put the Gitblit WAR file in /var/lib/tomcat/webapps.

 

Gitblit did launch, I just kept getting the “Page Expired” error.  I don’t know why.

 

However, I will say that I just got Gitblit from the GO tarball working and was able to log into it.  I am only starting Gitblit manually at the moment, but I believe I understand what the install-service-fedora.sh script is well enough that I can use it to create the systemd file for my system.  (RHEL 7 transitioned to Systemd but still supports the init.d scripts.  I’m not sure if/when Red Hat is going to discontinue it.  I have not looked for this in the release notes for RHEL 8 or 9 yet.)

 

On a side note, I notice that when running Gitblit behind Apache Httpd mod_proxy (to make HTTP/HTTPS port in Urls match the old system), failed login attempts are logged as coming from 127.0.0.1, which I understand.  I’m curious to know if there is a way to have Gitblit log the value for the x-forwarded-for header if it is set.  This would be the IP address of the machine that git the Apache Httpd reverse proxy.  This really isn’t critical; it would just be a nice-to-have.

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Thursday, November 17, 2022 3:32 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

Well, I got somewhere with this Fedora system, even though it is a bit of a shit show. Even `wget` crashes.

--

You received this message because you are subscribed to the Google Groups "gitblit" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/ebb97ae7-b75e-4e72-9f23-a109b20c08e8n%40googlegroups.com.

Florian Zschocke

unread,
Nov 18, 2022, 7:16:14 PM11/18/22
to gitblit
Hi Scott!

I have now installed Alma Linux 8.7. After two installations of CentOS failed and had to be dumped again.
From what I understand, Tomcat is not included by default. So the EPEL repositories need to be enabled, to get to Tomcat. But then it is again a 'def install tomcat' to get it installed. At least that is what I did now.

But unlike you, I do not get Gitblit to run in the Tomcat. It does load, but it fails at two points. Both have to do with SELinux  preventing access. One is to bind the Git port 9118, which I guess doesn't matter because no-one is using that transport anyhow. The second is when accessing JNA. Which is more of a problem because it makes the startup fail.

Had you encountered similar problems in your RHEL 8? Did you get past them?
Oh, right, I did found the Gitblit logs in the system log, i.e. 'journalctl --unit=tomcat' does not only show Tomcat logging, but also Gitblit logging. Don't ask me why. Well, I guess it is in there because Gitblit logs to console, but I don't know why it is not in the catalina log, then. The SELinux errors are also in the system log.

So please check your system log if you see logs from Gitblit there. And let me know of you had to solve SELinux problems, too.

Florian Zschocke

unread,
Nov 18, 2022, 8:03:02 PM11/18/22
to gitblit

Yes, so, when I add some SELinux policies to allow for opening ports and accessing the JNA file, I have Gitblit running in the Tomcat. No timeout problems, I can login, create a repo etc.
The main info is probably, that for me I can see the Gitblit logs with 'journalctl -f'.

Maybe try this and see if it works for you, too.

Scott M. Parrill

unread,
Nov 21, 2022, 11:53:51 AM11/21/22
to git...@googlegroups.com

My system has SELinux set to permissive mode so I didn’t have the problems with the ports and such.

 

If you install the rsyslogd package, then you will also see the system logs in /var/log/messages as well as being able to see then via journalctl.

 

And yes, I’m getting quite a bit of information from Tomcat in the system logs.  Now I feel stupid that I didn’t think to look there previously.  Sorry for taking up your time with something I should have thought of earlier.

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Friday, November 18, 2022 6:03 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

 

Yes, so, when I add some SELinux policies to allow for opening ports and accessing the JNA file, I have Gitblit running in the Tomcat. No timeout problems, I can login, create a repo etc.

The main info is probably, that for me I can see the Gitblit logs with 'journalctl -f'.

 

Maybe try this and see if it works for you, too.

--

You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.

Florian Zschocke

unread,
Nov 21, 2022, 2:34:54 PM11/21/22
to gitblit

Not at all, I learnt something new, as I also didn't know the logs would go to system log.
Let me know should you need more help.

Florian Zschocke

unread,
Nov 22, 2022, 3:14:38 PM11/22/22
to gitblit
On Thursday, 17 November 2022 at 23:47:16 UTC+1 spar...@uwyo.edu wrote:

On a side note, I notice that when running Gitblit behind Apache Httpd mod_proxy (to make HTTP/HTTPS port in Urls match the old system), failed login attempts are logged as coming from 127.0.0.1, which I understand.  I’m curious to know if there is a way to have Gitblit log the value for the x-forwarded-for header if it is set.  This would be the IP address of the machine that git the Apache Httpd reverse proxy.  This really isn’t critical; it would just be a nice-to-have.

Is this the same as and thus a vote for https://github.com/gitblit/gitblit/issues/1222

Scott M. Parrill

unread,
Nov 22, 2022, 3:20:46 PM11/22/22
to git...@googlegroups.com

Yes.  That looks like the same issue to me.

 

Scott

 

---------------------------------------

Scott Parrill

Systems Administrator

Enterprise IT, Infrastructure and Security

University of Wyoming

spar...@uwyo.edu

307-766-4829

 

From: git...@googlegroups.com <git...@googlegroups.com> On Behalf Of Florian Zschocke
Sent: Tuesday, November 22, 2022 1:15 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: "Page Expired" error when logging into new installtion of Gitblit

 

This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

 

 

On Thursday, 17 November 2022 at 23:47:16 UTC+1 spar...@uwyo.edu wrote:

On a side note, I notice that when running Gitblit behind Apache Httpd mod_proxy (to make HTTP/HTTPS port in Urls match the old system), failed login attempts are logged as coming from 127.0.0.1, which I understand.  I’m curious to know if there is a way to have Gitblit log the value for the x-forwarded-for header if it is set.  This would be the IP address of the machine that git the Apache Httpd reverse proxy.  This really isn’t critical; it would just be a nice-to-have.

Is this the same as and thus a vote for https://github.com/gitblit/gitblit/issues/1222

--

You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.

Reply all
Reply to author
Forward
0 new messages