How the inner net Gerrit can be visited and cloned by outside net Cust
25 views
Skip to first unread message
shinian...@gmail.com
Jan 13, 2017, 1:45:05 AM1/13/17
to Repo and Gerrit Discussion
Dear all:
I had set up a gerrit with http auth in our company's inner net, and I
had created the accounts and had implemented the basical functions.
But, I want the customers from outside net to visit the gerrit and
clone the codes.
So, How can I do it?
My PC's ip is 172.16.6.49(inner net).
Our IT engineers had mapped the PC ip, and gave me the address(for example) is A.A.A.A (outer net), the port is 8082.
The Gerrit.config is like this:
[gerrit] basePath = /home/git/repositories canonicalWebUrl = http://172.16.6.49:8082 [database] type = mysql hostname = localhost database = reviewdb username = gerrit2 [auth] type = HTTP [sendemail] smtpServer = mail.AAA.com smtpUser = gitserver from = gitserver <gits...@AAA.com> sslverify = false [container] user = gerrit2 javaHome = /opt/jdk6/jdk1.6.0_45/jre [sshd] listenAddress = *:29418 [httpd] listenUrl = proxy-http://172.16.6.49:8082 [cache] directory = cacheThe Apache's httpd.conf is like this:ServerName Test <VirtualHost *:8089> ProxyRequests Off ProxyVia Off ProxyPreserveHost On AllowEncodedSlashes On RewriteEngine On RewriteRule ^/(.*) http://172.16.6.49:8082/$1 [NE,P] <Proxy *> Order deny,allow Allow from all </Proxy> <Location /login/> AuthType Basic AuthName "Gerrit Code Review" Require valid-user AuthBasicProvider file AuthUserFile /home/gerrit2/review_site/etc/passwd </Location> ProxyPass / http://172.16.6.49:8082/ </VirtualHost>The Apache's ports.conf is like this:NameVirtualHost *:80 NameVirtualHost *:8089 Listen 80 Listen 8089 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443
The result is like this:
When I input A.A.A.A:8082
The HTTP server did not provide the username in the Authorization header when it forwarded the request to Gerrit Code Review.
If the HTTP server is Apache HTTPd, check the proxy configuration includes an authorization directive with the proper location, ensuring it ends with '/':
When I input 172.16.6.49:8089, I can visit the gerrit, but is the inner net's gerrit.
How can I solve the problem, can let outside's Cust to clone and push code on this gerrit? Thanks a lot.
shinian...@gmail.com
Jan 13, 2017, 1:45:05 AM1/13/17
to Repo and Gerrit Discussion
Björn Pedersen
Jan 13, 2017, 3:19:10 AM1/13/17
to Repo and Gerrit Discussion
Hi,
If I am not mistaken, then gerrit currently can not handle multiple names (the canonical web url is used for generating lots of the links).
As long as the code should only get delivered as read-only, the best option is to replicate to a publicly visible gerrit or git server and let the customers pull from there.
The authorization problem is proabably because the outer net proxy does try to access gerrit directly. It would need to point to port 8089
of the apache server.
Björn
If I am not mistaken, then gerrit currently can not handle multiple names (the canonical web url is used for generating lots of the links).
As long as the code should only get delivered as read-only, the best option is to replicate to a publicly visible gerrit or git server and let the customers pull from there.
The authorization problem is proabably because the outer net proxy does try to access gerrit directly. It would need to point to port 8089
of the apache server.
Björn
Reply all
Reply to author
Forward
0 new messages