通过HTTP Basic Auth进行Git命令

时间:2014-07-22 12:46:07

标签: git nginx gitlab

我通过Nginx + Unicorn使用Gitlab 7。一旦我启用了HTTP Basic Auth,git命令就像" git push"或者" git pull"停止工作。没有HTTP Basic Auth一切正常。我怎么解决它?我需要启用HTTP Basic Auth而不会对开发人员造成任何损害。 我的gitlab的nginx配置文件:

upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}
server {
  listen *:80 default_server;
  server_name gitlab.delfit.com;
  server_tokens off;
  root /home/git/gitlab/public;

  client_max_body_size 300m;

  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;

#    auth_basic "Restricted";
#    auth_basic_user_file /home/git/gitlab/.htpasswd;    

    proxy_pass http://gitlab;
  }

  error_page 502 /502.html;
}

启用基本身份验证后的错误是:

user@machine:~/git/myproject$ git push
fatal: Authentication failed for 'http://gitlab.myorg.com/user/repo.git'

提前致谢!

1 个答案:

答案 0 :(得分:0)

所以你设法添加了两层身份验证。一个在nginx层,然后Gitlab在你推/拉存储库时拥有它。

这是您创建的流程。当有人推送代码时,他们会尝试针对nginx身份验证进行身份验证,而不是针对Gitlab。一旦用户针对nginx进行了身份验证,他们就必须对Gitlab进行身份验证。然后你将对gitlab进行身份验证,但是这将取消对nginx的验证,因为HTTP只能拥有一组凭据。

我个人只是让Gitlab的内置身份验证做到了。但是,如果真的必须在nginx上进行身份验证,我会看到两个选项。切换从Gitlab推送到SSH,并且不使用HTTP来推送和提取存储库。或者,在URL匹配{repo}.git或类似格式时,在nginx中放置条件语句以不提示进行身份验证。但要注意,if is evil in nginx