git clone with http failure about "remote: Unauthorized"

[Song Liu]

My gerrit is configured with http authentication behind the apache server, and the http://exmpale.gerrit.com website can be accessed normally by inputting the user name and password.

Since that I want to deploy my gerrit server in the public network, the anonymous user is disallowed to access by remove the anonymous from the "refs/* read" in gerrit.

That results in the failure when do "git clone http://user:pass...@exmpale.gerrit.com/testproject/mobileapp" with correct username and password, the detailed error info is here:

$ git clone http://user:pass...@exmpale.gerrit.com/testproject/mobileapp

Cloning into 'mobileapp'...

remote: Unauthorized

fatal: Authentication failed for 'http://exmpale.gerrit.com/testproject/mobileapp/'

After googling it might be the authentication info doesn't be bypassed to gerrit from apache, I modify the apache configuration as bellow, but it still failed.

Could someone help with it if there is something wrong ? Many thanks in advanced.

<VirtualHost *:80>

    ServerName localhost

    ProxyRequests Off

    ProxyVia Off

    ProxyPreserveHost On

    <Proxy *>

        Order deny,allow

        Allow from all

    </Proxy>

    <Location "/">

        AuthType Basic

        AuthName "Gerrit Code Review"

        AuthBasicProvider file

        Require valid-user

        AuthUserFile /var/gerrit/private/gerrit.passwords

        RewriteEngine on

        RewriteCond %{REMOTE_USER} (.*)

        RewriteRule .* - [E=ENV_REMOTE_USER:%1]

        RequestHeader set X-Proxy\_REMOTE-USER %{ENV_REMOTE_USER}e

    </Location>

    AllowEncodedSlashes on

    ProxyPass / http://localhost:8081/ nocanon

</VirtualHost>

[Andrew Grimberg]

The user credentials that you log into Gerrit with are not the user
credentials that you can access the git repos with.

If using the http(s) access methods with Gerrit then you have to have
Gerrit generate a password token.

When logged in select your user info drop down in the top right and
select Settings

Select HTTP Password from the left navigation

Press the Generate Password button

The generate password token to be used for git transactions will then be
create and visible to the user.

-Andy-

> --
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> You received this message because you are subscribed to the Google
> Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to repo-discuss...@googlegroups.com
> <mailto:repo-discuss...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

[Song Liu]

That is a great help, thanks.

After using the username and http password from gerrit, it is still failed as bellow:

$ git clone http://exmpale.gerrit.com/testproject/mobileapp

Cloning into 'mobileapp'...

Username for 'http://exmpale.gerrit.com/testproject/mobileapp':

Password for 'http://exmpale.gerrit.com/testproject/mobileapp':

fatal: Authentication failed for 'http://exmpale.gerrit.com/testproject/mobileapp/'

Error info becomes two line without the "remote: Unauthorized"...

Any further help ? Many thanks :)

[Song Liu]

Sorry, after change the location in apache config from <Location "/"> to <Location "/login/">, it works.

I guess that location "/" will authenticate the pull/push over http(s) using its own info...

Thanks for help.