OS - Ubuntu 14.04.3 LTC
git,Tomcat7,mysql,apache2已安装。
我配置tomcat7来支持SSL: server.xml中
<Resource name="jdbc/ReviewDb"
auth="Container"
type="javax.sql.DataSource"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/gerrit_reviewdb"
username="gerrit"
password="gerrit"
maxActive="20"
maxIdle="10"
maxWait="-1"/>
并使用了mysql数据库: context.xml中
Listen 82
<VirtualHost *:82>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review2"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/ nocanon
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>
我在tomcat7上部署了gerrit,类型为auth development_become_any_account 。
接下来我在/ etc / apache2 / sites-available
文件夹中创建了文件gerrit_auth.conf[gerrit]
basePath = /var/opt/gerrit/repositories
canonicalWebUrl = https://my_gerrit_site:4432/gerrit
[database]
type = mysql
database = gerrit_reviewdb
hostname = localhost
username = gerrit
[index]
type = LUCENE
[auth]
type = http
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
[container]
user = tomcat7
javaHome = /usr/lib/jvm/jdk1.7.0_79/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://localhost:82/
[cache]
directory = cache
在gerrit.config中将auth类型改为 http
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
...
</Location>
AllowEncodedSlashes On
ProxyPass /gerrit/ http://.../gerrit/ nodecode </VirtualHost>
并重新启动服务apache2和tomcat7。 现在,当我去https:// my_gerrit_site:4432 /我看到tomcat7
有效!
当我去https:// my_gerrit_site:4432 / gerrit时,我看到了
配置错误
检查HTTP服务器的身份验证设置。
HTTP服务器未在授权中提供用户名 将请求转发给Gerrit Code Review时的标头。
如果HTTP服务器是Apache HTTPd,请检查代理配置 包括具有适当位置的授权指令,确保 它以'/'结尾:
ServerName my_gerrit_site
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error. More information about this error may be available in the server error log. Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82
当我去http:// my_gerrit_site:82 /我看
指数/
my_gerrit_site端口82上的Apache / 2.4.7(Ubuntu)服务器
当我去http:// my_gerrit_site:82 / gerrit / login /我明白了 具有身份验证的窗口,当我登录时,我看到
[Tue Jul 19 20:18:39.067497 2016] [proxy:warn] [pid 6382:tid 140713740175104] [client x.x.x.x:27949] AH01144: No protocol handler was valid for the URL /gerrit/login/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
apache_errorlog.log
[2016-07-19 20:18:18,855] [http-bio-4432-exec-6] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user by Authorization request header. Check container or server configuration.
catalina.out中
var http = require('http');
var server = http.createServer(function(req, res) {
res.writeHead(200);
res.end('Hello, world!');
});
server.listen(80, '111.111.111.111');
我做错了什么?我需要改变哪些设置?
由于
答案 0 :(得分:2)
Problem was with apache2 and virtual host configuration.
当我尝试启用代理,proxy_http,proxy_ajp,ssl(a2enmod)时,我遇到了与两个虚拟主机之一相关的错误(当我尝试为我的gerrit创建http auth时,创建并启用了其配置文件)。 因此,当我禁用(a2dissite)配置错误的虚拟主机时,我没有错误。
http auth的工作apache2配置:
LoadModule ssl_module modules/mod_ssl.so
Listen 4433
<VirtualHost *:4433>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>
答案 1 :(得分:0)
您需要将canonocalWebUrl更改为外部网址
canonicalWebUrl = https://my_gerrit_site:82/gerrit
答案 2 :(得分:0)
您不需要将Tomcat与Gerrit一起使用,请在此处查看更多信息:https://gerrit-review.googlesource.com/Documentation/install.html#requirements
如果您的目标是配置反向代理,请查看此处:https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html