Choose account with DEVELOPMENT_BECOME_ANY_ACCOUNT not using cannonicalWebUrl to redirect
237 views
Skip to first unread message
Darragh Bailey
Dec 8, 2016, 7:37:00 AM12/8/16
to Repo and Gerrit Discussion
Hit a rather odd issue, unsure if I'm missing a config option or if it's a bug.
Making use of the Openfrontier Gerrit docker image https://github.com/openfrontier/docker-gerrit/ as part of a collection of containers including Jenkins, Zuul and nginx.
I've configured multiple services to talk to one another in separate containers, using nginx as a reverse proxy in front of them to provide a single web front end for all of them, instead of requiring different ports:
gerrit => http://localhost:8080/gerrit
jenkins => http://localhost:8080/jenkins
zuul => http://localhost:8080/zuul
I've configured gerrit to use DEVELOPMENT_BECOME_ANY_ACCOUNT for this test env, and when I go to use 'Become' (http://localhost:8080/gerrit/login/%23%2F) and click on the 'Administrator' user it always redirects me back to 'http://localhost:8080/#' instead of 'http://localhost:8080/gerrit/#'.
The url given for the link to become the Administrator user is: http://localhost:8080/gerrit/login/%23%2F?account_id=1
The authentication works, so if I go back to 'http://localhost:8080/gerrit/' after being redirected to 'http://localhost:8080/#', everything works as expected.
So it just appears as though the redirect that occurs after the switch account, fails to use the canonicalWebUrl.
As I'm planning to give a demo with this set up, it would be nice if it's just a simple config option I'm missing to ensure the correct behaviour?
gerrit config
----------
[gerrit]
basePath = git
serverId = ....
canonicalWebUrl = http://localhost:8080/gerrit/
[database]
type = mysql
database = reviewdb
hostname = percona
port = 3306
username = gerrit2@gerrit
[auth]
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
switchAccountUrl = $canonicalWebUrl/login
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
enable = false
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-1.8-openjdk/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8080/
[cache]
directory = cache
[plugins]
allowRemoteAdmin = true
[gitweb]
cgi = /usr/share/gitweb/gitweb.cgi
------------
--
Darragh
Darragh Bailey
Dec 8, 2016, 9:56:43 AM12/8/16
to Repo and Gerrit Discussion
I've also discovered that plugins-manager has some problems because it uses the REST API via client side JS but doesn't ensure that it prefixes any requests with the canonicalWebUrl in case the site is not under '/'
Some nginx sub_filter rules have fixed that for me:
sub_filter_last_modified on;
sub_filter_types text/javascript;
sub_filter '/a/plugins/' '/gerrit/a/plugins/';
sub_filter '/plugins/' '/gerrit/plugins/';
sub_filter_once off;
I've checked the code of plugin-manager and the endpoint addresses are hard coded, so no config option would affect behaviour there.
Possibly the same is required for the redirection url, but it's unclear what option I might need to enable in nginx to set that correctly.
Björn Pedersen
Dec 9, 2016, 3:11:55 AM12/9/16
to Repo and Gerrit Discussion
Hi,
> [httpd]
listenUrl = http://*:8080/
As you proxy through nginx, you need to use proxy-http:// with the mount point:
listenUrl = porxy-http://localhost:8080/gerrit
Björn
Darragh Bailey
Dec 9, 2016, 9:35:55 AM12/9/16
to Björn Pedersen, Repo and Gerrit Discussion
--
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Darragh Bailey
"Nothing is foolproof to a sufficiently talented fool"
"Nothing is foolproof to a sufficiently talented fool"
Reply all
Reply to author
Forward
0 new messages