Logging in is not working.

[Jon la Cour]

Hello,

I've installed Gitorious on my website at git.mydomain.com. All http
requests are sent to varnish then to Apache with passenger. All https
requests are sent to a nginx server used solely as a reverse proxy for
https requests, this is also setup using passenger. There is a signed
SSL certificate on the nginx server for all https requests. Everything
runs fine and works great, except that logging in does not work. I've
read various other discussions about the same issue but there doesn't
seem to be any working or real solution available.

What happens is when I try to log in, it just sends me right back to
the login page instantly. It does this with Firefox/Chrome.

In the production.log file the only error is "The specified
gitorious_host is reserved in Gitorious". On the wiki it says that
Gitorious reserves git.* for git cloning. Would that at all effect the
login issue, or is it more something to do with cookies?

Thanks, help is appreciated.

[Marius Mårnes Mathiesen]

On Tue, Aug 9, 2011 at 8:17 PM, Jon la Cour <j...@lacour.me> wrote:

In the production.log file the only error is "The specified
gitorious_host is reserved in Gitorious". On the wiki it says that
Gitorious reserves git.* for git cloning. Would that at all effect the
login issue, or is it more something to do with cookies?

This sounds like a cookie issue. I assume you're accessing the site using whatever hostname is specified in gitorious.yml, right? One place to start is to check the Set-Cookie headers sent from your server (http and https, these need to be the same). You can do this either with a browser plugin/equivalent, or using curl. The Set-Cookie response header will contain a domain part which should match the hostname you're using - does it?

- Marius

[Jon la Cour]

I just copied all the headers and information that the login POSTs to /
session. I manually sent requests with the same headers to see what
response headers I would receive, there is no Set-Cookie header, but
this was logged into production.log for each request: "WARNING:
Invalid request host 'git.mydomain.com'. Session cookies will not
work"

Here are the response headers as well:

Date: Wed, 10 Aug 2011 17:29:56 GMT
Content-Encoding: gzip
Age: 0
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
Status: 200
X-Has-Flash: true
Connection: keep-alive
Content-Length: 1886
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 13
Via: 1.1 varnish
Server: nginx/1.0.5
ETag: "646f566f0a31b08a6ff5a3526443bf42"
Vary: Accept-Encoding
X-Varnish: 1297057104
Cache-Control: private, max-age=0, must-revalidate, max-age=0, public
Content-Type: text/html; charset=utf-8
Accept-Ranges: bytes
Expires: Wed, 10 Aug 2011 17:29:56 GMT


And here is my production configuration:

cookie_secret: removed
repository_base_path: "/home/git/data/repositories"
extra_html_head_data:
system_message:
gitorious_client_port: 8001
gitorious_client_host: git.mydomain.com
gitorious_host: git.mydomain.com
gitorious_user: git
exception_notification_emails:
mangle_email_addresses: true
public_mode: true
locale: en
archive_cache_dir: "/home/git/data/tarballs"
archive_work_dir: "/home/git/data/tarball-work"
only_site_admins_can_create_projects: true
hide_http_clone_urls: true
use_ssl: true
is_gitorious_dot_org: false
gitorious_support_email: s...@mydomain.com

Thanks

On Aug 10, 6:35 am, Marius Mårnes Mathiesen

[Jon la Cour]

Any ideas?

[Marius Mårnes Mathiesen]

On Wed, Aug 10, 2011 at 7:39 PM, Jon la Cour <j...@lacour.me> wrote:

I just copied all the headers and information that the login POSTs to /
session. I manually sent requests with the same headers to see what
response headers I would receive, there is no Set-Cookie header, but
this was logged into production.log for each request: "WARNING:
Invalid request host 'git.mydomain.com'. Session cookies will not
work"

Jon,

The warning you're getting indicates a mismatch between the request host and what's in gitorious.yml. Are you sure your gitorious.yml is valid YAML?

Cheers,

- Marius

[Jon la Cour]

It seems to be all correctly formatted, here it is though.
http://pastebin.com/Y72U0eFt

On Aug 15, 5:38 am, Marius Mårnes Mathiesen

[Reid Ellis]

Did you change "git.mydomain.com" to something more real?

Reid

[Jon la Cour]

Yes. :)

[Reid Ellis]

I only ask because it is these precise lines in the gitorious.yml that may have the error, and you've posted hand-edited versions of them. :-/

Reid

[Jon la Cour]

I am aware of that, all I changed was the cookie secret and domains
shown
Other than that it is an exact copy of my gitorious.yml file.

[Marius Mårnes Mathiesen]

On Wed, Aug 17, 2011 at 12:12 AM, Jon la Cour <j...@lacour.me> wrote:

It seems to be all correctly formatted, here it is though.
http://pastebin.com/Y72U0eFt

Jon,

I just added your file into my dev machine and tried triggering the error you're seeing ("WARNING: Invalid request host..."). This is done by the code 

    if !GitoriousConfig.valid_request_host?(request.host)

...so I tried evaluating:

        GitoriousConfig.valid_request_host?("git.mydomain.com")

which evaluated to 0, which is truthy in Ruby. This means that if the SessionsController receives a request where the host is in fact "git.mydomain.com", the warning will not be logged with this gitorious.yml file.

At this point it probably makes sense to simplify your stack to isolate the error. Some ideas:

- run the app directly with Mongrel/Thin/Webrick (ie. `RAILS_ENV=production script/server`)

- run the app without SSL 

- run the app with either Nginx or Apache

For the non-SSL experiments, you'll need to disable the SSL requirement in gitorious.yml, of course.

Cheers,

- Marius