Apache-2.2
git-http-backend 和 LDAP 身份驗證,推送錯誤:請求的 URL 返回錯誤:401 需要授權
我的設置
- 作業系統:debian
- 混帳:v 1.7.10
- apache(啟用了 suexec 模式)配置與 git-http-backend 和對 git repos 的 LDAP 授權,它適用於複製操作,但不適用於推送,這就是問題所在。我使用 HTTPS 作為我的 git 伺服器的通信協議。
這是我的配置:
虛擬主機配置:
<IfModule mod_ssl.c> <VirtualHost _default_:443> DocumentRoot /git/myrepos <Directory "/git/myrepos"> Allow from All Options +ExecCGI AllowOverride All </Directory> ScriptAlias /git /git/myrepos/bin/suexec-wrapper.sh SSLEngine on SSLCertificateFile /etc/ssl/git.crt SSLCertificateKeyFile /etc/ssl/git.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory>
/git/myrepos/bin/suexec-wrapper.sh:
#!/bin/bash PATH_INFO=$SCRIPT_URL GIT_PROJECT_ROOT=/git/myrepos REMOTE_USER=$REDIRECT_REMOTE_USER export GIT_HTTP_EXPORT_ALL=true /usr/lib/git-core/git-http-backend
複製 repos 可以正常工作(例如
git clone https://192.168.0.1/repo1.git
)。它接受 ldap 使用者的憑據並複製 repo。並且在推送回購(例如
git push origin master
)時,它會要求提供憑據,接受它們然後拋出錯誤:error: Cannot access URL https://192.168.0.1/repo1.git/, return code 22 fatal: git-http-push failed
當以詳細模式 ( ) 執行 push 時
GIT_CURL_VERBOSE=1 git push origin master
,它會要求提供憑據,接受它們並(輸出的尾部):* STATE: DO => DO_DONE handle 0x1cdd270; (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x1cdd270; (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x1cdd270; (connection #0) * additional stuff not fine transfer.c:1037: 0 0 * The requested URL returned error: 401 * Closing connection #0 * Expire cleared error: Cannot access URL https://192.168.0.1/repo1.git/, return code 22 fatal: git-http-push failed
- 我是否正確配置了 apache git-http-backend(使用 wrap 腳本?)?
- 什麼會導致推送操作出現問題?
- 如何調試它更詳細的方式?
任何建議都非常感謝!
經過多次嘗試,我找到了解決方案。問題在於 git-http-backend 的 VirtualHost 配置不正確。
這是我的工作配置:
<IfModule mod_ssl.c> <VirtualHost _default_:443> DocumentRoot /git/myrepos SetEnv GIT_PROJECT_ROOT /git/myrepos SetEnv GIT_HTTP_EXPORT_ALL ScriptAlias /myrepos/ /usr/lib/git-core/git-http-backend AliasMatch ^/myrepos/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /git/myrepos/$1 AliasMatch ^/repos/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /git/myrepos/$1 ScriptAliasMatch "(?x)^/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}\.(pack|idx)) | git-(upload|receive)-pack))$" /usr/lib/git-core/git-http-backend/$1 <Directory "/usr/lib/git-core/"> Options +ExecCGI Allow From All </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/git.crt SSLCertificateKeyFile /etc/ssl/git.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown <Location /repo1.git> Order deny,allow Deny from all Allow from all AuthName "GIT Authentication" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPBindDN domain\user AuthLDAPBindPassword passwd AuthLDAPURL ldap://ldap.server:389/ou=git,DC=domain?sAMAccountName Require ldap-group cn=git_repo1,ou=git,dc=domain </Location> </VirtualHost> </IfModule>
現在所有 git 操作都可以通過 https 和 ldap 授權與 git-http-backend 一起正常工作:)
也許它對某人有用。