我通过Nginx + Unicorn使用Gitlab 7。一旦我启用了HTTP Basic Auth,git命令就像" git push"或者" git pull"停止工作。没有HTTP Basic Auth一切正常。我怎么解决它?我需要启用HTTP Basic Auth而不会对开发人员造成任何损害。 我的gitlab的nginx配置文件:
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}
server {
listen *:80 default_server;
server_name gitlab.delfit.com;
server_tokens off;
root /home/git/gitlab/public;
client_max_body_size 300m;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# auth_basic "Restricted";
# auth_basic_user_file /home/git/gitlab/.htpasswd;
proxy_pass http://gitlab;
}
error_page 502 /502.html;
}
启用基本身份验证后的错误是:
user@machine:~/git/myproject$ git push
fatal: Authentication failed for 'http://gitlab.myorg.com/user/repo.git'
提前致谢!
答案 0 :(得分:0)
所以你设法添加了两层身份验证。一个在nginx层,然后Gitlab在你推/拉存储库时拥有它。
这是您创建的流程。当有人推送代码时,他们会尝试针对nginx身份验证进行身份验证,而不是针对Gitlab。一旦用户针对nginx进行了身份验证,他们就必须对Gitlab进行身份验证。然后你将对gitlab进行身份验证,但是这将取消对nginx的验证,因为HTTP只能拥有一组凭据。
我个人只是让Gitlab的内置身份验证做到了。但是,如果真的必须在nginx上进行身份验证,我会看到两个选项。切换从Gitlab推送到SSH,并且不使用HTTP来推送和提取存储库。或者,在URL匹配{repo}.git或类似格式时,在nginx中放置条件语句以不提示进行身份验证。但要注意,if is evil in nginx。