OS - Ubuntu 14.04.3 LTC
git, Tomcat7, mysql, apache2 were installed.
I configured tomcat7 to support SSL: server.xml
<Connector port="4432" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="some_path"
keystorePass="some_pass" />
And used mysql database: context.xml
<Resource name="jdbc/ReviewDb"
auth="Container"
type="javax.sql.DataSource"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/gerrit_reviewdb"
username="gerrit"
password="gerrit"
maxActive="20"
maxIdle="10"
maxWait="-1"/>
I deployed gerrit on tomcat7 with type auth development_become_any_account.
Next I created file gerrit_auth.conf in folder /etc/apache2/sites-available
Listen 82
<VirtualHost *:82>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review2"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/ nocanon
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>
And chaged auth type to http in gerrit.config
[gerrit]
basePath = /var/opt/gerrit/repositories
canonicalWebUrl = https://my_gerrit_site:4432/gerrit
[database]
type = mysql
database = gerrit_reviewdb
hostname = localhost
username = gerrit
[index]
type = LUCENE
[auth]
type = http
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
[container]
user = tomcat7
javaHome = /usr/lib/jvm/jdk1.7.0_79/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://localhost:82/
[cache]
directory = cache
and restarted services apache2 and tomcat7. Now when I go to https:// my_gerrit_site:4432/ I see tomcat7
It works !
when I go to https:// my_gerrit_site:4432/gerrit I see
Configuration Error
Check the HTTP server's authentication settings.
The HTTP server did not provide the username in the Authorization header when it forwarded the request to Gerrit Code Review.
If the HTTP server is Apache HTTPd, check the proxy configuration includes an authorization directive with the proper location, ensuring it ends with '/':
ServerName my_gerrit_site
ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location /gerrit/login/> AuthType Basic AuthName "Gerrit Code Review" Require valid-user ... </Location> AllowEncodedSlashes On ProxyPass /gerrit/ http://.../gerrit/ nodecode </VirtualHost>
when I go to http:// my_gerrit_site:82/ I see
Index of /
Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82
when I go to http:// my_gerrit_site:82/gerrit/login/ I see window with authentication, and when I login I see
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4.7 (Ubuntu) Server at my_gerrit_site Port 82
apache_errorlog.log
[Tue Jul 19 20:18:39.067497 2016] [proxy:warn] [pid 6382:tid 140713740175104] [client x.x.x.x:27949] AH01144: No protocol handler was valid for the URL /gerrit/login/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
catalina.out
[2016-07-19 20:18:18,855] [http-bio-4432-exec-6] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user by Authorization request header. Check container or server configuration.
What I do wrong? What settings I need change?
Thanks
Problem was with apache2 and virtual host configuration.
When I tried enable proxy, proxy_http, proxy_ajp, ssl (a2enmod) I had some error related with one of two virtual hosts (files of their configurations were created and enabled when I try make http auth for my gerrit). So when I disabled (a2dissite) virtual host with bad configuration I did not have errors.
working apache2 configuration for http auth:
LoadModule ssl_module modules/mod_ssl.so
Listen 4433
<VirtualHost *:4433>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider file
AuthUserFile /var/opt/gerrit/users/passwords
Require valid-user
</Location>
ProxyPass /gerrit/ https://localhost:4432/gerrit/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog /var/opt/gerrit/apache_errorlog.log
CustomLog /var/opt/gerrit/apache_customlog.log combined
</VirtualHost>