Gerrit 2.6.1 Incorrect Redirects On Login and Logout behind Apache 2.2

[Dan M]

I've got Gerrit 2.6.1 setup behind Apache 2.2.15, and I've configured the AllowEncodedSlashes and ProxyPass nocanon options  as listed in the reverse proxy documentation.  I'm still running into issues where gerrit seems to be redirecting browsers to the wrong URL, basically appending the port number of the Gerrit daemon to the url when they login and logout. 

Here is what happens

I go to:  https://some.server.com/gerrit and it takes me to the login screen

I login and I'm redirected to https://some.server.com:8081/gerrit  which gives me a 404

From here, I type:  https://some.server.com/gerrit  and everything works just fine, until I sign out, and basically the same thing happens.

Has anybody seen this type of issue and have a workaround in apache or gerrit? I'd hate to have to try to downgrade from 2.6.1 to 2.5.x  at this point.

I've read this post, but they seem to have solved their problem with proxypass.. nocanon.

Here is my gerrit config:

[gerrit]

        basePath = /data/git/repositories/

        canonicalWebUrl = http://my.server.com:8081/

[database]

        type = mysql

        hostname = localhost

        database = reviewdb

        username = gerrit2

[auth]

        type = LDAP

[ldap]

        server = ldap://XXXX

        accountBase = o=XXXXXXX

        groupBase = o=XXXXXX

        accountFullName = XXXXX

        accountEmailAddress = XXXX

[sendemail]

        smtpServer = XXXXX

[container]

        user = gerrit2

        javaHome = /usr/lib/jvm/java-6-openjdk/jre

[sshd]

        listenAddress = *:29418

[httpd]

        listenUrl = proxy-http://localhost:8081/gerrit/

[cache]

        directory = cache

[cache "web_sessions"]

        maxAge = 1 month

And my Apache Config:

<VirtualHost *:80>

  ServerName some.server.com

  RewriteEngine On

  RewriteCond %{HTTPS} !=on

  RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

</VirtualHost>

<VirtualHost *:443>

  ServerName  some.server.com

  SSLEngine on

  SSLCertificateFile /etc/ssl/certs/some.crt

  SSLCertificateKeyFile /etc/ssl/certs/some.key

  SSLOptions StrictRequire

  SSLProtocol all -SSLv2

  RewriteEngine On

  RedirectMatch   ^/$  https://some.server.com/gerrit/

  RedirectMatch   ^/gerrit$  https:// some.server.com/gerrit/

  ProxyRequests Off

  ProxyVia Off

  ProxyPreserveHost On

  <Proxy *>

    Order deny,allow

    Allow from all

  </Proxy>

  AllowEncodedSlashes On

  ProxyPass         /gerrit/  http://localhost:8081/gerrit/ nocanon

  ProxyPass         /source/  http://localhost:8080/source/

</VirtualHost>

[Shawn Pearce]

On Fri, Jul 5, 2013 at 12:31 PM, Dan M <danjm...@gmail.com> wrote:
> I've got Gerrit 2.6.1 setup behind Apache 2.2.15, and I've configured the
> AllowEncodedSlashes and ProxyPass nocanon options as listed in the reverse
> proxy documentation. I'm still running into issues where gerrit seems to be
> redirecting browsers to the wrong URL, basically appending the port number
> of the Gerrit daemon to the url when they login and logout.
>
> Here is what happens
> I go to: https://some.server.com/gerrit and it takes me to the login screen
> I login and I'm redirected to https://some.server.com:8081/gerrit which
> gives me a 404
> From here, I type: https://some.server.com/gerrit and everything works
> just fine, until I sign out, and basically the same thing happens.
>
> Has anybody seen this type of issue and have a workaround in apache or
> gerrit? I'd hate to have to try to downgrade from 2.6.1 to 2.5.x at this
> point.
>
> I've read this post, but they seem to have solved their problem with
> proxypass.. nocanon.
>
> Here is my gerrit config:
>
> [gerrit]
> basePath = /data/git/repositories/
> canonicalWebUrl = http://my.server.com:8081/

This URL is incorrect. canonicalWebUrl should direct to the Apache
server so drop the 8081 part.

[Dan M]

Thanks you saved my bacon!  That fixed the problem, I was fixated on all the Apache stuff and didn't even think about the canonical URL.