Fatal编程技术网
  • apache2/
  • Apache2 如何在apache上使用http auth在tomcat7上设置gerrit

Apache2 如何在apache上使用http auth在tomcat7上设置gerrit

apache2

Apache2 如何在apache上使用http auth在tomcat7上设置gerrit,apache2,tomcat7,gerrit,http-authentication,Apache2,Tomcat7,Gerrit,Http Authentication,操作系统-Ubuntu 14.04.3 LTC 安装了git、Tomcat7、mysql和apache2 我将tomcat7配置为支持SSL: server.xml <Connector port="4432" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProto

操作系统-Ubuntu 14.04.3 LTC

安装了git、Tomcat7、mysql和apache2

我将tomcat7配置为支持SSL: server.xml

<Connector port="4432" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="some_path"
               keystorePass="some_pass" />
并重新启动了apache2和tomcat7服务。 现在,当我转到https://my\u gerrit\u站点:4432/时,我看到了tomcat7

它起作用了

当我转到https://my\u gerrit\u站点:4432/gerrit时,我看到了

配置错误

检查HTTP服务器的身份验证设置

HTTP服务器未在授权中提供用户名 将请求转发给Gerrit Code Review时的标头

如果HTTP服务器是ApacheHTTPD,请检查代理配置 包括具有正确位置的授权指令,确保 它以“/”结尾:

ServerName我的\u gerrit\u站点

ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

<Proxy *>
      Order deny,allow
      Allow from all
</Proxy>

<Location /gerrit/login/>
  AuthType Basic
  AuthName "Gerrit Code Review"
  Require valid-user
  ...
</Location>

AllowEncodedSlashes On
ProxyPass /gerrit/ http://.../gerrit/ nodecode </VirtualHost>
apache_errorlog.log

[Tue Jul 19 20:18:39.067497 2016] [proxy:warn] [pid 6382:tid 140713740175104] [client x.x.x.x:27949] AH01144: No protocol handler was valid for the URL /gerrit/login/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
卡塔琳娜,出去

[2016-07-19 20:18:18,855] [http-bio-4432-exec-6] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user by Authorization request header.  Check container or server configuration.
我做错了什么?我需要更改哪些设置

谢谢

您需要将canonocalWebUrl更改为外部url

canonicalWebUrl = https://my_gerrit_site:82/gerrit
您需要将canonocalWebUrl更改为外部url

canonicalWebUrl = https://my_gerrit_site:82/gerrit
您不需要将Tomcat与Gerrit一起使用,请参见此处的更多信息:

如果您的目标是配置反向代理,请查看此处:

您不需要将Tomcat与Gerrit一起使用,请参阅此处的更多信息:

如果您的目标是配置反向代理,请查看以下内容:

当我尝试启用代理、代理http、代理ajp、ssl(a2enmod)时,我遇到了一些与两个虚拟主机之一相关的错误(当我尝试为gerrit创建http身份验证时,创建并启用了它们的配置文件)。 所以,当我禁用了配置错误的虚拟主机时,我没有出现错误

使用apache2配置进行http验证:

LoadModule ssl_module modules/mod_ssl.so
Listen 4433

<VirtualHost *:4433>
        ServerName localhost

        ProxyRequests Off
        ProxyVia Off
        ProxyPreserveHost On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        #AllowEncodedSlashes On

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        <Location /gerrit/login/>
                AuthType Basic
                AuthName "Gerrit Code Review"
                AuthBasicProvider file
                AuthUserFile /var/opt/gerrit/users/passwords
                Require valid-user
        </Location>
         ProxyPass /gerrit/ https://localhost:4432/gerrit/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog /var/opt/gerrit/apache_errorlog.log
        CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>   

LoadModule ssl\u module modules/mod\u ssl.so
听着,4433
服务器名本地主机
代理请求关闭
ProxyVia关闭
代理主机
SSLProxyEngine打开
SSLProxyVerify无
SSLProxyCheckPeerCN关闭
SSLProxyCheckPeerName关闭
SSLProxycheckpeer关闭
#SSL引擎交换机:
#为此虚拟主机启用/禁用SSL。
斯伦金安
#通过安装,可以创建自签名(snakeoil)证书
#ssl证书包。看见
#/usr/share/doc/apache2/README.Debian.gz了解更多信息。
#如果密钥和证书都存储在同一个文件中,则只有
#需要SSLCertificateFile指令。
SSLCertificateFile/etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile/etc/ssl/private/ssl-cert-snakeoil.key
#AllowEncodesOn
命令拒绝,允许
通融
AuthType Basic
AuthName“Gerrit代码审查”
AuthBasicProvider文件
AuthUserFile/var/opt/gerrit/users/passwords
需要有效用户
ProxyPass/gerrit/https://localhost:4432/gerrit/
#可用日志级别:trace8、…、trace1、调试、信息、通知、警告、,
#错误、暴击、警报、紧急情况。
#还可以为特定应用程序配置日志级别
#模块,例如。
#日志级别信息ssl:警告
ErrorLog/var/opt/gerrit/apache_ErrorLog.log
CustomLog/var/opt/gerrit/apache_CustomLog.log组合
当我尝试启用代理、代理http、代理ajp、ssl(a2enmod)时,我遇到了一些与两个虚拟主机之一相关的错误(当我尝试为gerrit创建http身份验证时,创建并启用了它们的配置文件)。 所以,当我禁用了配置错误的虚拟主机时,我没有出现错误

使用apache2配置进行http验证:

LoadModule ssl_module modules/mod_ssl.so
Listen 4433

<VirtualHost *:4433>
        ServerName localhost

        ProxyRequests Off
        ProxyVia Off
        ProxyPreserveHost On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        #AllowEncodedSlashes On

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        <Location /gerrit/login/>
                AuthType Basic
                AuthName "Gerrit Code Review"
                AuthBasicProvider file
                AuthUserFile /var/opt/gerrit/users/passwords
                Require valid-user
        </Location>
         ProxyPass /gerrit/ https://localhost:4432/gerrit/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog /var/opt/gerrit/apache_errorlog.log
        CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>   

LoadModule ssl\u module modules/mod\u ssl.so
听着,4433
服务器名本地主机
代理请求关闭
ProxyVia关闭
代理主机
SSLProxyEngine打开
SSLProxyVerify无
SSLProxyCheckPeerCN关闭
SSLProxyCheckPeerName关闭
SSLProxycheckpeer关闭
#SSL引擎交换机:
#为此虚拟主机启用/禁用SSL。
斯伦金安
#通过安装,可以创建自签名(snakeoil)证书
#ssl证书包。看见
#/usr/share/doc/apache2/README.Debian.gz了解更多信息。
#如果密钥和证书都存储在同一个文件中,则只有
#需要SSLCertificateFile指令。
SSLCertificateFile/etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile/etc/ssl/private/ssl-cert-snakeoil.key
#AllowEncodesOn
命令拒绝,允许
通融
AuthType Basic
AuthName“Gerrit代码审查”
AuthBasicProvider文件
AuthUserFile/var/opt/gerrit/users/passwords
需要有效用户
ProxyPass/gerrit/https://localhost:4432/gerrit/
#可用日志级别:trace8、…、trace1、调试、信息、通知、警告、,
#错误、暴击、警报、紧急情况。
#还可以为特定应用程序配置日志级别
#模块,例如。
#日志级别信息ssl:警告
ErrorLog/var/opt/gerrit/apache_ErrorLog.log
CustomLog/var/opt/gerrit/apache_CustomLog.log组合
为什么要使用Tomcat?需要吗?最好让gerrit自己工作。是的,我使用tomcat是因为它是必需的。你为什么要使用tomcat?需要吗?最好让gerrit自己工作。是的,我使用tomcat是因为它是必需的。不幸的是,它不工作。所有错误都相同,Internet Explorer无法显示网页(和/gerrit)。据我所知,apache使用http(而不是https)很不幸,它不起作用。所有错误都相同,Internet Explorer无法显示网页(和/gerrit)。据我所知,apache使用 
canonicalWebUrl = https://my_gerrit_site:82/gerrit

Problem was with apache2 and virtual host configuration. 

LoadModule ssl_module modules/mod_ssl.so
Listen 4433

<VirtualHost *:4433>
        ServerName localhost

        ProxyRequests Off
        ProxyVia Off
        ProxyPreserveHost On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        #AllowEncodedSlashes On

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        <Location /gerrit/login/>
                AuthType Basic
                AuthName "Gerrit Code Review"
                AuthBasicProvider file
                AuthUserFile /var/opt/gerrit/users/passwords
                Require valid-user
        </Location>
         ProxyPass /gerrit/ https://localhost:4432/gerrit/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog /var/opt/gerrit/apache_errorlog.log
        CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>