git clone use http protocal fails, but ssh is ok

Yingchun Li

unread,

Dec 10, 2020, 8:21:23 AM12/10/20

to Repo and Gerrit Discussion

Hi, Experts

I setup a gerrit server, and the Authentication use http, the server is Apache2 httpd.

Now I can clone a project use ssh protocol, but when use http protocol, it always says

" Authentication failed",

git clone http://mi...@gerrit.test.com/a/sandbox

Cloning into 'sandbox'...

Password for 'http://mi...@gerrit.test.com':

remote: Unauthorized

fatal: Authentication failed for 'http://gerrit.test.com/a/sandbox/'

I have try the password I used for login to gerrit, and the password generated from

settings "http Credentials"， nether works.

I check the $gerrit_site/etc/error_log, it says:

"[2020-12-10T20:20:02.429+08:00] [HTTP-177] WARN com.google.gerrit.httpd.ProjectBasicAuthFilter : Authentication from 192.168.10.128 failed for mike: password does not match the one stored in Gerrit"

and the /var/logs/apache2/gerrit_error, it says:

"[Thu Dec 10 20:19:58.616377 2020] [auth_basic:error] [pid 14439:tid 140400685717248] [client 192.168.10.128:58344] AH01617: user mike: authentication failure for "/a/sandbox/info/refs": Password Mismatch"

and the gerrit.config like:

"

[gerrit]

basePath = /home/gerrit/work-repos

canonicalWebUrl = http://gerrit.test.com

serverId = 52c517be-2319-47c6-b08b-e6dc8094dfda

[container]

javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"

javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"

user = gerrit

javaHome = /usr/lib/jvm/java-11-openjdk-amd64

[database]

type = h2

database = db/ReviewDB

[index]

type = lucene

[auth]

type = HTTP

emailFormat = {0}@test.com

[receive]

enableSignedPush = false

[sendemail]

smtpServer = smtphm.qiye.163.com

smtpServerPort = 994

smtpEncryption = SSL

smtpUser = ger...@test.com

from = Code Reviewer<ger...@test.com>

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = proxy-http://127.0.0.1:8081/

[cache]

directory = cache

[lfs]

plugin = lfs

"

and the apache2 gerrit.conf is :

"

ServerName gerrit.test.com

ServerAdmin ger...@test.com

ProxyRequests Off

ProxyVia Off

ProxyPreserveHost On

AuthType Basic

AuthName "Gerrit Code Review"

Require valid-user

AuthUserFile /home/gerrit/gerrit-home/etc/gerrit.passwd

Order deny,allow

Allow from all

</Proxy>

AllowEncodedSlashes On

ProxyPass / http://127.0.0.1:8081/ nocanon

ErrorLog ${APACHE_LOG_DIR}/gerrit_error.log

CustomLog ${APACHE_LOG_DIR}/gerrit_access.log combined

</VirtualHost>

"

so, please help me, if need more information, please tell me.

Br,

Yingchun

Yingchun Li

unread,

Dec 11, 2020, 3:03:35 AM12/11/20

to Repo and Gerrit Discussion

more information,

gerrit version: 3.3.0

machine: Ubuntu 1804

apache:Apache/2.4.29 (Ubuntu)

Yingchun Li

unread,

Dec 17, 2020, 10:30:22 PM12/17/20

to Repo and Gerrit Discussion

There are some similar issues on the stackoverflow:

https://stackoverflow.com/questions/47071484/gerrit-clone-using-http-behind-a-apache2

https://stackoverflow.com/questions/48121982/apache2-basic-digest-authentication-gives-password-mismatch

https://stackoverflow.com/questions/44133678/git-over-http-generates-authentication-failure-in-apache-error-log

but neither has an answer, it seems this issue is a common issue

when clone over http.

So does anyone have an advice?

Br,

Yingchun

Karl

unread,

Dec 17, 2020, 11:37:37 PM12/17/20

to Repo and Gerrit Discussion

I would recommend to set up step-by-step with reading the official documentations well and confirming each step works.

Have you confirmed Apache HTTP authentication works as intended solely (without Gerrit)?

https://httpd.apache.org/docs/2.4/en/mod/directive-dict.html#Context

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#proxy

https://httpd.apache.org/docs/2.4/en/howto/auth.html

https://httpd.apache.org/docs/2.4/en/mod/mod_authn_core.html#authtype

http://httpd.apache.org/docs/2.4/en/mod/mod_auth_basic.html

2020年12月18日金曜日 12:30:22 UTC+9 sword.l...@gmail.com:

Nuno Costa

unread,

Dec 24, 2020, 8:42:08 AM12/24/20

to Repo and Gerrit Discussion

Try with auth.gitBasicAuthPolicy set to HTTP.

[1] https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#auth.gitBasicAuthPolicy

Yingchun Li

unread,

Jan 7, 2021, 2:25:42 AM1/7/21

to Repo and Gerrit Discussion

Hi,Nuno Costa

Thank you, as my post before, I have already set auth.gitBasicAuthPolicy to HTTP.

[auth]

type = HTTP

emailFormat = {0}@test.com

That not works, but anyway, the ssh protocol works,

Br,

Yingchun

Nuno Costa

unread,

Feb 1, 2021, 6:21:20 AM2/1/21

to Repo and Gerrit Discussion

Hi Yingchun,

I would still explicitly set gitBasicAuthPolicy to HTTP and check.

It should default to HTTP since type is HTTP but still...

Yingchun Li

unread,

Feb 15, 2021, 7:02:36 AM2/15/21

to Repo and Gerrit Discussion

This post fixed my problem,

https://groups.google.com/g/repo-discuss/c/xxSvWk1GtRU/m/cbKYJ99FBQAJ
Now I add the