Re: apache, git, smart http, pushing over https gives error 22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Not sure if this went through, my apologies if it's a duplicate.

I'm getting an error 22 when atempting to push to a git server over
https using http-backend and authentication. The issue seems to be an
error in my configuration below. If I checkout with:

https://git.domain.com/reponame.git

it works, this shouldn't because if I then try to push to that url I
get the error 22. To fix it I have to do:

https://git.domain.com/git/reponame.git

this asks for authentication when pulling from the repo and again for
pushing local changes/modifications back to it.

The url https://git.domain.com/git/reponame.git is correct while the
configuration allows https://git.domain.com/reponame.git I need to
stop this behavior since atempting to push back to it results in an
error, and only allow authenticated clones/pulls and/or authenticated
pushes back to https://git.domain.name/reponame.git

Suggestions welcome.

Thanks.
Dave.

# cat git.conf
 # The git.host.name.com http virtual host
 <VirtualHost *:80>
 DocumentRoot /usr/local/www/git/repos
 ServerName git.host.name.com
 ServerAdmin webmaster@xxxxxxxxxxxxx
 ErrorLog /var/log/git-httpd-error.log
 CustomLog /var/log/git-httpd-access.log combined

 ### Redirect all http urls to https #
 <IfModule mod_rewrite.c>
 RewriteEngine On
     RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
 </IfModule>

 # OPTIONAL: Completely deny pushing over HTTP
 <LocationMatch "git-receive-pack">
 Require all denied
 </LocationMatch>
 </VirtualHost>

 # The git.host.name.com https virtual host
 <VirtualHost *:443>
 DocumentRoot /usr/local/www/git/repos
 ServerName git.host.name.com
 ServerAdmin webmaster@xxxxxxxxxxxxx
 ErrorLog /var/log/git-httpd-error.log
 CustomLog /var/log/git-httpd-access.log combined

 # Uncomment the below 2 lines when deploy http2
 H2Direct on
 Protocols h2 h2c http/1.1

 SSLEngine on
 SSLCertificateFile "/usr/local/etc/ssl/acme.sh/host.name.com/fullchain.crt"
 SSLCertificateKeyFile
 "/usr/local/etc/ssl/acme.sh/host.name.com/private/server-ec256.key"
 SSLCACertificateFile "/usr/local/etc/ssl/acme.sh/host.name.com/cacert.crt"

 # HSTS (mod_headers is required) (15768000 seconds = 6 months)
 Header always set Strict-Transport-Security "max-age=15768000"

 <Directory "/usr/local/www/git/repos">
 Options +ExecCGI
   SSLRequireSSL
 AllowOverride None

 AuthType Basic
 AuthName "Private Git Access"
 AuthUserFile "/usr/local/etc/apache24/git-auth-file"
 AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
 Require valid-user
 <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
 =~ m#/git-receive-pack$#">
 Require group gitwrite
 </If>
 </Directory>

 ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
 <Directory "/usr/local/libexec/git-core">
 SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
 SetEnv GIT_HTTP_EXPORT_ALL
 # For anonymous write
   #SetEnv REMOTE_USER anonymousweb
 Options +ExecCGI
   SSLRequireSSL

 AuthType Basic
 AuthName "Private Git Access"
 AuthUserFile "/usr/local/etc/apache24/git-auth-file"
 AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
 Require valid-user
 <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
 =~ m#/git-receive-pack$#">
 Require group gitwrite
 </If>
 </Directory>

 # gitweb
 Alias /gitweb "/usr/local/www/gitweb"

 <Directory "/usr/local/www/gitweb">
 DirectoryIndex gitweb.cgi
 Options ExecCGI
   SSLRequireSSL

 AuthType Basic
 AuthName "Private Gitweb Access"
 AuthUserFile "/usr/local/etc/apache24/git-auth-file"
 Require valid-user

 <Files gitweb.cgi>
 SetHandler cgi-script
 </Files>
 SetEnv  GITWEB_CONFIG  /usr/local/etc/gitweb.conf
 </Directory>
 </VirtualHost>

On 3/18/20, David Mehler <dave.mehler@xxxxxxxxx> wrote:
> Hello,
>
> Adding to this it seems as if I have a bug in the configuration of
> apache. For some reason I can clone with:
>
> https://git.domain.com/repoName.git
>
> which shouldn't happen. In order to write back to the repo I have to
> use the url:
>
> https://git.domain.name/git/repoName.git
>
> where in my configuration is this issue, I believe it's in apache?
>
> Thanks.
> Dave.
>
>
> On 3/17/20, David Mehler <dave.mehler@xxxxxxxxx> wrote:
>> Hello,
>>
>> I've got git running on apache 2.4 and am using smart http with the
>> http-backend cgi script. From an external source I can clone the repo:
>>
>> git clone https://git.host.com/repoName.git
>>
>> this works fine. I can clone it locally. I can add changes to this
>> repo but when pushing back to origin master with:
>>
>> git push origin master
>>
>> I'm getting:
>>
>> Error can not access url: https://git.host.name/repoName.git error code
>> 22
>> fatal: git-http-push failed
>> Error: failed to push some refs to https://git.host.name/repoName.git
>>
>> Here's my sanitized apache git configuration file. Any assistance
>> appreciated.
>>
>> # cat git.conf
>> # The git.host.name.com http virtual host
>> <VirtualHost *:80>
>> DocumentRoot /usr/local/www/git/repos
>> ServerName git.host.name.com
>> ServerAdmin webmaster@xxxxxxxxxxxxx
>> ErrorLog /var/log/git-httpd-error.log
>> CustomLog /var/log/git-httpd-access.log combined
>>
>> ### Redirect all http urls to https #
>> <IfModule mod_rewrite.c>
>> RewriteEngine On
>>     RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
>> </IfModule>
>>
>> # OPTIONAL: Completely deny pushing over HTTP
>> <LocationMatch "git-receive-pack">
>> Require all denied
>> </LocationMatch>
>> </VirtualHost>
>>
>> # The git.host.name.com https virtual host
>> <VirtualHost *:443>
>> DocumentRoot /usr/local/www/git/repos
>> ServerName git.host.name.com
>> ServerAdmin webmaster@xxxxxxxxxxxxx
>> ErrorLog /var/log/git-httpd-error.log
>> CustomLog /var/log/git-httpd-access.log combined
>>
>> # Uncomment the below 2 lines when deploy http2
>> H2Direct on
>> Protocols h2 h2c http/1.1
>>
>> SSLEngine on
>> SSLCertificateFile
>> "/usr/local/etc/ssl/acme.sh/host.name.com/fullchain.crt"
>> SSLCertificateKeyFile
>> "/usr/local/etc/ssl/acme.sh/host.name.com/private/server-ec256.key"
>> SSLCACertificateFile
>> "/usr/local/etc/ssl/acme.sh/host.name.com/cacert.crt"
>>
>> # HSTS (mod_headers is required) (15768000 seconds = 6 months)
>> Header always set Strict-Transport-Security "max-age=15768000"
>>
>> <Directory "/usr/local/www/git/repos">
>> Options +ExecCGI
>>   SSLRequireSSL
>> AllowOverride None
>>
>> AuthType Basic
>> AuthName "Private Git Access"
>> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
>> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
>> Require valid-user
>> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
>> =~ m#/git-receive-pack$#">
>> Require group gitwrite
>> </If>
>> </Directory>
>>
>> ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
>> <Directory "/usr/local/libexec/git-core">
>> SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
>> SetEnv GIT_HTTP_EXPORT_ALL
>> # For anonymous write
>>   #SetEnv REMOTE_USER anonymousweb
>> Options +ExecCGI
>>   SSLRequireSSL
>>
>> AuthType Basic
>> AuthName "Private Git Access"
>> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
>> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
>> Require valid-user
>> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
>> =~ m#/git-receive-pack$#">
>> Require group gitwrite
>> </If>
>> </Directory>
>>
>> # gitweb
>> Alias /gitweb "/usr/local/www/gitweb"
>>
>> <Directory "/usr/local/www/gitweb">
>> DirectoryIndex gitweb.cgi
>> Options ExecCGI
>>   SSLRequireSSL
>>
>> AuthType Basic
>> AuthName "Private Gitweb Access"
>> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
>> Require valid-user
>>
>> <Files gitweb.cgi>
>> SetHandler cgi-script
>> </Files>
>> SetEnv  GITWEB_CONFIG  /usr/local/etc/gitweb.conf
>> </Directory>
>> </VirtualHost>
>>
>> In my git-auth-file I've got a username:password combination that I
>> believe is working because I can clone the repo.
>> In my git-htgroup-file I've got:
>>
>> gitwrite: username
>>
>> and in my apache git error file I have nothing.
>> Appreciate any help.
>> Thanks.
>> Dave.
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux