Having solved my earlier problem, I now face a somewhat more intractable one.
Configuration:
Gerrit 2.7 in standalone daemon, installed according to the instructions. Behind an Apache HTTPD proxy server.
OS: Ubuntu oneiric 11.10 (running in AWS EC2)
Authentication: LDAP (working :-) )
gerrit.config (obfuscated, but nothing important changed):
[gerrit]
basePath = /myco/source/git-repo
canonicalWebUrl =
http://source.b.myco.com[database]
type = mysql
hostname =
db.myco.com database = reviewdb2
username = gerrit2
[core]
packedGitOpenFiles = 4096
packedGitLimit = 1g
packedGitWindowSize = 16k
[receive]
maxObjectSizeLimit = 25m
[auth]
type = LDAP
trustContainerAuth = true
[ldap]
server = ldap://
auth.int.myco.com referral = follow
accountBase = ou=people,dc=myco,dc=com
accountFullName = ${cn}
accountEmailAddress = ${email}
accountSshUserName = ${uid}
groupBase = ou=groups,dc=myco,dc=com
groupPattern = (cn=${groupname})
groupMemberPattern = (uniqueMember=${dn})
[sendemail]
enable = true
from = Code Review ($user) <
bu...@myco.com>
smtpServer = localhost
smtpServerPort = 25
smtpEncryption = none
[container]
user = gerrit2
javaHome = /myco/build-tools/jdk1.6.0_30-x64/jre
[sshd]
listenAddress = *:29418
threads = 24
batchThreads = 2
# Maximum number of concurrent SSH sessions that a user account may have open. 0 -> no limit
maxConnectionsPerUser = 0
[httpd]
listenUrl = proxy-http://*:8080/
requestLog = true
[cache]
directory = cache
[cache "web_sessions"]
maxAge = 30 days
[gitweb]
url =
https://source.myco.com/view/[user]
name = Gerrit Code Review
email =
bu...@myco.comApache proxy info (again obfuscated, but only where necessary):
<VirtualHost *:443>
ServerName
source.b.myco.com SSLEngine on
SSLCertificateFile STAR_myco_com.crt
SSLCertificateKeyFile STAR_myco_com.key
SSLCertificateChainFile STAR_myco_com.ca-bundle
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine On
# Snipped out some gitweb and other stuff — we don't run gitweb out of gerrit but separately.
# Gerrit itself
# <project>.git -> /p/<project>.git (and extra stuff like /p/<project>.git/info/refs)
AllowEncodedSlashes On
#ProxyPassMatch /([[:alnum:]-]+)\.git(.*)
http://source.b.int.myco.com:8080/r/$1.git$2 ProxyPass /
http://source.b.int.myco.com:8080/ nocanon
ProxyPassReverse /
http://source.b.int.myco.com:8080/ #ProxyPass /r/ http://source.b.int.myco.com:/8080/r/ nocanon
</VirtualHost>
I should note that some of this has been copied from our original gerrit server (which is 2.4.x) and I've tried various options to get to this point; using the options with the /r/s in them (as in the installation documents) results in not being able to bring up the web page. :-|
What works:
I can log in to the UI at
https://source.b.myco.com and do various gerrit-like things there.
I can clone using git clone ssh://
source.b.myco.com/my-repo.git.
What doesn't work:
git clone https://source.b.myco.com/my-repo # This is the URL suggested by the web page
git clone https://source.b.myco.com/my-repo.git
Response is:
$ git clone
https://source.b.
myco.com/my-repo
Cloning into 'my-repo'...
error: The requested URL returned error: 403 while accessing
https://source.b.
myco.com/my-repo/info/refs
fatal: HTTP request failed
It doesn't seem to matter if I use proxy-http:// or proxy-https:// in the httpd.listenUrl setting./httpd.
I know that others have encountered this before and there is an issue filed requesting better documentation of how to get this to work. Has anyone gotten this to work?
Many thanks,
Kate Ebneter, one very frustrated SCM engineer