problem enable gerrit for https

737 views
Skip to first unread message

Joy Xiong

unread,
Jul 4, 2016, 2:05:06 AM7/4/16
to Repo and Gerrit Discussion
We currently have gerrit working for http (port 8081), but when we try to enable https for gerrit (port 443), we failed to start gerrit. According to following information, can someone tell us what we did wrong and how to fix the issue? Appreciate your help.

the httpd.conf is updated as below:
<VirtualHost *:443>
  ServerName gerrit-test.mot.com
  SSLEngine on
  SSLCertificateFile    <path_to_cert_file>/SST0000326.crt
  SSLCertificateKeyFile <path_to_cert_file>/privatekey.pem
  SSLCACertificateFile  <path_to_cert_file>/cachain1.crt
  ProxyRequests Off
  ProxyVia Off
  ProxyPreserveHost On
  <Proxy *>
        Order deny,allow
        Allow from all
  </Proxy>
</VirtualHost>

the gerrit.config httpd section is updated as below:
[httpd]
        listenUrl = http://*:8081/
        listenUrl = https://*:443/
        sslKeyStore = <path_to_cert_file>/testcacerts
        sslKeyPassword = password

The error_log shows:
[2016-07-01 14:40:49,795] WARN  org.eclipse.jetty.util.component.AbstractLifeCycle : FAILED ServerConnector@6139ce2f{SSL-http/1.1}{0.0.0.0:443}: java.net.SocketException: Permission denied
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Unknown Source)
at sun.nio.ch.Net.bind(Unknown Source)
at sun.nio.ch.ServerSocketChannelImpl.bind(Unknown Source)
at sun.nio.ch.ServerSocketAdaptor.bind(Unknown Source)
at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:236)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.server.Server.doStart(Server.java:366)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at com.google.gerrit.pgm.http.jetty.JettyServer$Lifecycle.start(JettyServer.java:124)
at com.google.gerrit.lifecycle.LifecycleManager.start(LifecycleManager.java:74)
at com.google.gerrit.pgm.Daemon.start(Daemon.java:293)
at com.google.gerrit.pgm.Daemon.run(Daemon.java:205)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:166)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:93)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:50)
at Main.main(Main.java:25)
[2016-07-01 14:40:49,796] WARN  org.eclipse.jetty.util.component.AbstractLifeCycle : FAILED org.eclipse.jetty.server.Server@7835b36e: java.net.SocketException: Permission denied
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Unknown Source)
at sun.nio.ch.Net.bind(Unknown Source)
at sun.nio.ch.ServerSocketChannelImpl.bind(Unknown Source)
at sun.nio.ch.ServerSocketAdaptor.bind(Unknown Source)
at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:236)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.server.Server.doStart(Server.java:366)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at com.google.gerrit.pgm.http.jetty.JettyServer$Lifecycle.start(JettyServer.java:124)
at com.google.gerrit.lifecycle.LifecycleManager.start(LifecycleManager.java:74)
at com.google.gerrit.pgm.Daemon.start(Daemon.java:293)
at com.google.gerrit.pgm.Daemon.run(Daemon.java:205)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:166)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:93)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:50)
at Main.main(Main.java:25)
[2016-07-01 14:40:49,796] ERROR com.google.gerrit.pgm.Daemon : Unable to start daemon
java.lang.IllegalStateException: Cannot start HTTP daemon
at com.google.gerrit.pgm.http.jetty.JettyServer$Lifecycle.start(JettyServer.java:138)

Sven Selberg

unread,
Jul 4, 2016, 4:19:55 AM7/4/16
to Repo and Gerrit Discussion
If gerrit isn't run by root you can't use ports with nbr < 1024.
443 is also already used by Apache.

You could try:
in gerrit.config
listenUrl = https://*:8443/

and in apache

/Sven

Joy Xiong

unread,
Jul 6, 2016, 6:10:28 PM7/6/16
to Repo and Gerrit Discussion
Hi Sven,
Thanks a lot for the info, the issue is solved now.
Joy
Reply all
Reply to author
Forward
0 new messages