Hello, Not sure if this went through, my apologies if it's a duplicate. I'm getting an error 22 when atempting to push to a git server over https using http-backend and authentication. The issue seems to be an error in my configuration below. If I checkout with: https://git.domain.com/reponame.git it works, this shouldn't because if I then try to push to that url I get the error 22. To fix it I have to do: https://git.domain.com/git/reponame.git this asks for authentication when pulling from the repo and again for pushing local changes/modifications back to it. The url https://git.domain.com/git/reponame.git is correct while the configuration allows https://git.domain.com/reponame.git I need to stop this behavior since atempting to push back to it results in an error, and only allow authenticated clones/pulls and/or authenticated pushes back to https://git.domain.name/reponame.git Suggestions welcome. Thanks. Dave. # cat git.conf # The git.host.name.com http virtual host <VirtualHost *:80> DocumentRoot /usr/local/www/git/repos ServerName git.host.name.com ServerAdmin webmaster@xxxxxxxxxxxxx ErrorLog /var/log/git-httpd-error.log CustomLog /var/log/git-httpd-access.log combined ### Redirect all http urls to https # <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301] </IfModule> # OPTIONAL: Completely deny pushing over HTTP <LocationMatch "git-receive-pack"> Require all denied </LocationMatch> </VirtualHost> # The git.host.name.com https virtual host <VirtualHost *:443> DocumentRoot /usr/local/www/git/repos ServerName git.host.name.com ServerAdmin webmaster@xxxxxxxxxxxxx ErrorLog /var/log/git-httpd-error.log CustomLog /var/log/git-httpd-access.log combined # Uncomment the below 2 lines when deploy http2 H2Direct on Protocols h2 h2c http/1.1 SSLEngine on SSLCertificateFile "/usr/local/etc/ssl/acme.sh/host.name.com/fullchain.crt" SSLCertificateKeyFile "/usr/local/etc/ssl/acme.sh/host.name.com/private/server-ec256.key" SSLCACertificateFile "/usr/local/etc/ssl/acme.sh/host.name.com/cacert.crt" # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" <Directory "/usr/local/www/git/repos"> Options +ExecCGI SSLRequireSSL AllowOverride None AuthType Basic AuthName "Private Git Access" AuthUserFile "/usr/local/etc/apache24/git-auth-file" AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file" Require valid-user <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI} =~ m#/git-receive-pack$#"> Require group gitwrite </If> </Directory> ScriptAlias /git /usr/local/libexec/git-core/git-http-backend <Directory "/usr/local/libexec/git-core"> SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos SetEnv GIT_HTTP_EXPORT_ALL # For anonymous write #SetEnv REMOTE_USER anonymousweb Options +ExecCGI SSLRequireSSL AuthType Basic AuthName "Private Git Access" AuthUserFile "/usr/local/etc/apache24/git-auth-file" AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file" Require valid-user <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI} =~ m#/git-receive-pack$#"> Require group gitwrite </If> </Directory> # gitweb Alias /gitweb "/usr/local/www/gitweb" <Directory "/usr/local/www/gitweb"> DirectoryIndex gitweb.cgi Options ExecCGI SSLRequireSSL AuthType Basic AuthName "Private Gitweb Access" AuthUserFile "/usr/local/etc/apache24/git-auth-file" Require valid-user <Files gitweb.cgi> SetHandler cgi-script </Files> SetEnv GITWEB_CONFIG /usr/local/etc/gitweb.conf </Directory> </VirtualHost> On 3/18/20, David Mehler <dave.mehler@xxxxxxxxx> wrote: > Hello, > > Adding to this it seems as if I have a bug in the configuration of > apache. For some reason I can clone with: > > https://git.domain.com/repoName.git > > which shouldn't happen. In order to write back to the repo I have to > use the url: > > https://git.domain.name/git/repoName.git > > where in my configuration is this issue, I believe it's in apache? > > Thanks. > Dave. > > > On 3/17/20, David Mehler <dave.mehler@xxxxxxxxx> wrote: >> Hello, >> >> I've got git running on apache 2.4 and am using smart http with the >> http-backend cgi script. From an external source I can clone the repo: >> >> git clone https://git.host.com/repoName.git >> >> this works fine. I can clone it locally. I can add changes to this >> repo but when pushing back to origin master with: >> >> git push origin master >> >> I'm getting: >> >> Error can not access url: https://git.host.name/repoName.git error code >> 22 >> fatal: git-http-push failed >> Error: failed to push some refs to https://git.host.name/repoName.git >> >> Here's my sanitized apache git configuration file. Any assistance >> appreciated. >> >> # cat git.conf >> # The git.host.name.com http virtual host >> <VirtualHost *:80> >> DocumentRoot /usr/local/www/git/repos >> ServerName git.host.name.com >> ServerAdmin webmaster@xxxxxxxxxxxxx >> ErrorLog /var/log/git-httpd-error.log >> CustomLog /var/log/git-httpd-access.log combined >> >> ### Redirect all http urls to https # >> <IfModule mod_rewrite.c> >> RewriteEngine On >> RewriteCond %{HTTPS} off >> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301] >> </IfModule> >> >> # OPTIONAL: Completely deny pushing over HTTP >> <LocationMatch "git-receive-pack"> >> Require all denied >> </LocationMatch> >> </VirtualHost> >> >> # The git.host.name.com https virtual host >> <VirtualHost *:443> >> DocumentRoot /usr/local/www/git/repos >> ServerName git.host.name.com >> ServerAdmin webmaster@xxxxxxxxxxxxx >> ErrorLog /var/log/git-httpd-error.log >> CustomLog /var/log/git-httpd-access.log combined >> >> # Uncomment the below 2 lines when deploy http2 >> H2Direct on >> Protocols h2 h2c http/1.1 >> >> SSLEngine on >> SSLCertificateFile >> "/usr/local/etc/ssl/acme.sh/host.name.com/fullchain.crt" >> SSLCertificateKeyFile >> "/usr/local/etc/ssl/acme.sh/host.name.com/private/server-ec256.key" >> SSLCACertificateFile >> "/usr/local/etc/ssl/acme.sh/host.name.com/cacert.crt" >> >> # HSTS (mod_headers is required) (15768000 seconds = 6 months) >> Header always set Strict-Transport-Security "max-age=15768000" >> >> <Directory "/usr/local/www/git/repos"> >> Options +ExecCGI >> SSLRequireSSL >> AllowOverride None >> >> AuthType Basic >> AuthName "Private Git Access" >> AuthUserFile "/usr/local/etc/apache24/git-auth-file" >> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file" >> Require valid-user >> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI} >> =~ m#/git-receive-pack$#"> >> Require group gitwrite >> </If> >> </Directory> >> >> ScriptAlias /git /usr/local/libexec/git-core/git-http-backend >> <Directory "/usr/local/libexec/git-core"> >> SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos >> SetEnv GIT_HTTP_EXPORT_ALL >> # For anonymous write >> #SetEnv REMOTE_USER anonymousweb >> Options +ExecCGI >> SSLRequireSSL >> >> AuthType Basic >> AuthName "Private Git Access" >> AuthUserFile "/usr/local/etc/apache24/git-auth-file" >> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file" >> Require valid-user >> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI} >> =~ m#/git-receive-pack$#"> >> Require group gitwrite >> </If> >> </Directory> >> >> # gitweb >> Alias /gitweb "/usr/local/www/gitweb" >> >> <Directory "/usr/local/www/gitweb"> >> DirectoryIndex gitweb.cgi >> Options ExecCGI >> SSLRequireSSL >> >> AuthType Basic >> AuthName "Private Gitweb Access" >> AuthUserFile "/usr/local/etc/apache24/git-auth-file" >> Require valid-user >> >> <Files gitweb.cgi> >> SetHandler cgi-script >> </Files> >> SetEnv GITWEB_CONFIG /usr/local/etc/gitweb.conf >> </Directory> >> </VirtualHost> >> >> In my git-auth-file I've got a username:password combination that I >> believe is working because I can clone the repo. >> In my git-htgroup-file I've got: >> >> gitwrite: username >> >> and in my apache git error file I have nothing. >> Appreciate any help. >> Thanks. >> Dave. >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx