Gitblit 1.9.3 and Apache Httpd mod_proxy
Scott M. Parrill
After going through the “Running Gitblit behind Apache” at http://gitblit.com/setup_proxy.html, I found that I would end up with a 404 error on https://localhost:8443 when creating a new ticket. The ticket created correctly and could be viewed by going back into the ticket interface from another direction. I’m not sure if I missesed something somewhere else, but I have found that adding
Header edit Ajax-Location "^https://localhost:8443" https://<server>
To the VirtualHost definition eliminates the problem and I am dropped into the page for the new ticket upon completion of ticket creation.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
Florian Zschocke
Scott M. Parrill
Florian,
Knowing nothing about how Wicket works, I don’t know if this is a real bug or just something that needs to be added to the documentation. My gut reaction is to think it is something different in the ticket creation process than in any of the other bits, but I have not done extensive testing of what other functionality may not work without it.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Tuesday, November 22, 2022 12:57 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: Gitblit 1.9.3 and Apache Httpd mod_proxy
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
You think this is an error or rather something to add to the documentation, like in https://github.com/gitblit/gitblit/issues/1024
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/gitblit/ad7f71fd-b250-4db5-9639-404e4924f7cfn%40googlegroups.com.
Florian Zschocke
Florian Zschocke
Scott M. Parrill
When I have seen this with other applications, it has generally been related to a URL that incorrectly included the host name in the request. My experience is that within a web site or application, it is best to let the browser keep track of what the server name is and not hard code server names when you are staying within the same site/application. As such, I would personally call this a bug.
With that said, I’m not sure how easy it is to get Wicket to change its behavior here so the workaround may be the easiest solution for dealing with the issue.
The issue you referenced does sound like it could be similar to what I’m seeing. I will have to do some testing once I get SSL certificates reconfigured on the site I’m setting up.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Tuesday, November 22, 2022 1:37 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: Gitblit 1.9.3 and Apache Httpd mod_proxy
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
I thought maybe you might have similar experience with other applications.
But coming to think of it, there are currently multiple issues on Github ref reverse proxies, mostly problems with HTTPS ending in HTTP redirects. So it might actually be something in Gitblit. This sound like a similar issue: https://github.com/gitblit/gitblit/issues/900
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/8eeb0555-147d-4ab9-97b2-eaaf80c0a0afn%40googlegroups.com.
Scott M. Parrill
I’m using HTTPS between mod_proxy and Gitblit. Here is only a slightly redacted version of my Apache configuration for this site:
LoadModule ssl_module modules/mod_ssl.so
Listen *:80
<VirtualHost *:80>
ServerName <server name>
# Loging information
CustomLog "logs/access_log" combined
ErrorLog "logs/error_log"
Redirect "/" https://<server name>/
</virtualHost>
Listen *:443
<VirtualHost *:443>
# Define virtual host server name
ServerName <server name>
# Loging information
CustomLog "logs/ssl_access_log" combined
ErrorLog "logs/ssl_error_log"
# SSL configuration
SSLEngine on
SSLCertificateKeyFile "/etc/pki/tls/private/<key file>"
SSLCertificateFile "/etc/pki/tls/certs/<certificate file>"
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
# Apache is just a proxy for Gitblit running on localhost
SSLProxyEngine on
SSLProxyCheckPeerName off
# Reverse proxy configuration
ProxyPass "/" https://localhost:8443/
ProxyPassReverse "/" https://localhost:8443/
# Options needed to make Gitblit work behind mod_proxy
# Needed to make the ticket creation bits work
Header edit Ajax-Location "^https://localhost:8443" https://<server name>
# Don't decode encoded slashes
AllowEncodedSlashes NoDecode
# Needed for push/pull/clone operations
ProxyPreserveHost On
</virtualHost>
This configuration is based on information from http://gitblit.com/setup_proxy.html and my testing of my installation.
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Tuesday, November 22, 2022 1:49 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: Gitblit 1.9.3 and Apache Httpd mod_proxy
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
Scott,
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/8310a916-2042-4be0-82ab-45c53b6fe7ean%40googlegroups.com.
Florian Zschocke
Florian Zschocke
Scott M. Parrill
According to the Apache 2.4 documentation at https://httpd.apache.org/docs/2.4/mod/mod_proxy.html, the mod_proxy already sets X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server headers. I have got ahead and added the X-Forwarded-Proto and X-Forwarded-Port headers as recommended. I have also added the “nocanon” to the ProxyPass configuration.
Scott
---------------------------------------
Scott Parrill
Systems Administrator
Enterprise IT, Infrastructure and Security
University of Wyoming
From: git...@googlegroups.com <git...@googlegroups.com>
On Behalf Of Florian Zschocke
Sent: Tuesday, November 22, 2022 2:59 PM
To: gitblit <git...@googlegroups.com>
Subject: Re: Gitblit 1.9.3 and Apache Httpd mod_proxy
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
Thank you. I didn't find a quick fix, as this is actually Ajax.
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
gitblit+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gitblit/4e154bc2-88e2-4007-bc76-c9d740e12ee3n%40googlegroups.com.