Gerrit install : http authentication
4,609 views
Skip to first unread message
vlad
Mar 2, 2011, 4:49:57 AM3/2/11
to Repo and Gerrit Discussion
Hello,
I am trying to install Gerrit on a Ubuntu 10.10 machine. I am new at
this and I'm taking baby steps.
I am trying to set auth mode to http.
I'm blocked now in HTTP server's authentication settings issue, the
HTTP server does not provide the the user name in the Authorization
header.
Environment:
Gerrit version 2.1.6.1.
I followed the steps suggested in the Installation guide.
- set up the the MySQL database
- created user gerrit2 (specified : --gecos 'Gerrit Code Review')
- run java -jar gerrit.war init -d review_site
No other configurations related to jetty, gitweb or other modules.
Files:
gerrit.config
[gerrit]
basePath = /home/vlad_trifan/test
[database]
type = MYSQL
hostname = localhost
database = reviewdb
username = gerrit2
[auth]
type = HTTP
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-6-sun-1.6.0.22/jre
[sshd]
listenAddress = x.x.x.x:29418
[httpd]
listenUrl = http://x.x.x.x:8080/
[cache]
directory = cache
In /etc/apache2/apache2.conf :
NameVirtualHost x.x.x.x:8080
<VirtualHost x.x.x.x:8080>
ServerName x.x.x.x
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<IfModule mod_disk_cache.c>
CacheEnable disk /
CacheIgnoreHeaders Set-Cookie
</IfModule>
<Location "/ssh_info">
# ProxyPass http://127.0.0.1:8080/ssh_info
Allow from all
Satisfy Any
</Location>
<Location /login/>
# ProxyPass http://127.0.0.1:8080/
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
</Location>
ProxyPass / http://.../
</VirtualHost>
The error message in browser :
Configuration Error
Check the HTTP server's authentication settings.
The HTTP server did not provide the username in the Authorization
header when it forwarded the request to Gerrit Code Review.
If the HTTP server is Apache HTTPd, check the proxy configuration
includes an authorization directive with the proper location, ensuring
it ends with '/':
In error_log:
ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable
to authenticate user by Authorization request header. Check container
or server configuration.
The big question :
What am I missing here?
Also , since I do not have an interface to add user and a public key ,
when I run :
ssh -p 29418 ger...@x.x.x.x
Permission denied (publickey).
Message from sshd_log
AUTH FAILURE FROM y.y.y.y user-not-found
Is this a separate issue?
Where and how could I inject the public key in the sql database, so I
could test connectivity behind HTTP Authorization.
/Vlad
I am trying to install Gerrit on a Ubuntu 10.10 machine. I am new at
this and I'm taking baby steps.
I am trying to set auth mode to http.
I'm blocked now in HTTP server's authentication settings issue, the
HTTP server does not provide the the user name in the Authorization
header.
Environment:
Gerrit version 2.1.6.1.
I followed the steps suggested in the Installation guide.
- set up the the MySQL database
- created user gerrit2 (specified : --gecos 'Gerrit Code Review')
- run java -jar gerrit.war init -d review_site
No other configurations related to jetty, gitweb or other modules.
Files:
gerrit.config
[gerrit]
basePath = /home/vlad_trifan/test
[database]
type = MYSQL
hostname = localhost
database = reviewdb
username = gerrit2
[auth]
type = HTTP
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-6-sun-1.6.0.22/jre
[sshd]
listenAddress = x.x.x.x:29418
[httpd]
listenUrl = http://x.x.x.x:8080/
[cache]
directory = cache
In /etc/apache2/apache2.conf :
NameVirtualHost x.x.x.x:8080
<VirtualHost x.x.x.x:8080>
ServerName x.x.x.x
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<IfModule mod_disk_cache.c>
CacheEnable disk /
CacheIgnoreHeaders Set-Cookie
</IfModule>
<Location "/ssh_info">
# ProxyPass http://127.0.0.1:8080/ssh_info
Allow from all
Satisfy Any
</Location>
<Location /login/>
# ProxyPass http://127.0.0.1:8080/
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
</Location>
ProxyPass / http://.../
</VirtualHost>
The error message in browser :
Configuration Error
Check the HTTP server's authentication settings.
The HTTP server did not provide the username in the Authorization
header when it forwarded the request to Gerrit Code Review.
If the HTTP server is Apache HTTPd, check the proxy configuration
includes an authorization directive with the proper location, ensuring
it ends with '/':
In error_log:
ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable
to authenticate user by Authorization request header. Check container
or server configuration.
The big question :
What am I missing here?
Also , since I do not have an interface to add user and a public key ,
when I run :
ssh -p 29418 ger...@x.x.x.x
Permission denied (publickey).
Message from sshd_log
AUTH FAILURE FROM y.y.y.y user-not-found
Is this a separate issue?
Where and how could I inject the public key in the sql database, so I
could test connectivity behind HTTP Authorization.
/Vlad
philrosenstein
Mar 3, 2011, 5:54:58 PM3/3/11
to Repo and Gerrit Discussion
I am experiencing the same issue using the built in jetty web server
capability. I suspect you and I both need to configure Gerrit to use
Apache as the web server, but how?
Phil
> listenUrl =http://x.x.x.x:8080/
capability. I suspect you and I both need to configure Gerrit to use
Apache as the web server, but how?
Phil
> [cache]
> directory = cache
>
> In /etc/apache2/apache2.conf :
> NameVirtualHost x.x.x.x:8080
> <VirtualHost x.x.x.x:8080>
> ServerName x.x.x.x
>
> ProxyRequests Off
> ProxyVia Off
> ProxyPreserveHost On
>
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> <IfModule mod_disk_cache.c>
> CacheEnable disk /
> CacheIgnoreHeaders Set-Cookie
> </IfModule>
>
> <Location "/ssh_info">
> # ProxyPasshttp://127.0.0.1:8080/ssh_info
> directory = cache
>
> In /etc/apache2/apache2.conf :
> NameVirtualHost x.x.x.x:8080
> <VirtualHost x.x.x.x:8080>
> ServerName x.x.x.x
>
> ProxyRequests Off
> ProxyVia Off
> ProxyPreserveHost On
>
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> <IfModule mod_disk_cache.c>
> CacheEnable disk /
> CacheIgnoreHeaders Set-Cookie
> </IfModule>
>
> <Location "/ssh_info">
> Allow from all
> Satisfy Any
> </Location>
>
> <Location /login/>
> # ProxyPasshttp://127.0.0.1:8080/
> Satisfy Any
> </Location>
>
> <Location /login/>
> AuthType Basic
> AuthName "Gerrit Code Review"
> Require valid-user
> </Location>
> ProxyPass /http://.../
> AuthName "Gerrit Code Review"
> Require valid-user
> </Location>
> </VirtualHost>
>
> The error message in browser :
> Configuration Error
> Check the HTTP server's authentication settings.
> The HTTP server did not provide the username in the Authorization
> header when it forwarded the request to Gerrit Code Review.
> If the HTTP server is Apache HTTPd, check the proxy configuration
> includes an authorization directive with the proper location, ensuring
> it ends with '/':
>
> In error_log:
> ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable
> to authenticate user by Authorization request header. Check container
> or server configuration.
>
> The big question :
> What am I missing here?
>
> Also , since I do not have an interface to add user and a public key ,
> when I run :
> ssh -p 29418 gerr...@x.x.x.x
>
> The error message in browser :
> Configuration Error
> Check the HTTP server's authentication settings.
> The HTTP server did not provide the username in the Authorization
> header when it forwarded the request to Gerrit Code Review.
> If the HTTP server is Apache HTTPd, check the proxy configuration
> includes an authorization directive with the proper location, ensuring
> it ends with '/':
>
> In error_log:
> ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable
> to authenticate user by Authorization request header. Check container
> or server configuration.
>
> The big question :
> What am I missing here?
>
> Also , since I do not have an interface to add user and a public key ,
> when I run :
Shawn Pearce
Mar 3, 2011, 6:04:29 PM3/3/11
to vlad, Repo and Gerrit Discussion
On Wed, Mar 2, 2011 at 01:49, vlad <vlad....@googlemail.com> wrote:
> gerrit.config
> gerrit.config
> In /etc/apache2/apache2.conf :
> NameVirtualHost x.x.x.x:8080
> <VirtualHost x.x.x.x:8080>
> NameVirtualHost x.x.x.x:8080
> <VirtualHost x.x.x.x:8080>
You cannot run these on the same port. Your Apache NameVirtualHost
should be on a different port than the internal Jetty web sever that
Gerrit is using.
Reply all
Reply to author
Forward
0 new messages