Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

GitSmartHTTP for gitolite repositories over Apache does not allow me to push

I am setting up a git-http-backend CGI script to handle my git.domain subdomain. The server is behind an ELB (elastic load balancer) on AWS cloud. My server config is as follows (my git hosting is handled by gitolite):

<VirtualHost *:80>
    ServerName git.domain
    ServerAdmin hjpotter92+git@domain

    #SuexecUserGroup git git                                                                                                                                                                    
    DocumentRoot /opt/gitolite/repositories/

    PerlLoadModule Apache::Authn::Redmine

    SetEnv GIT_PROJECT_ROOT /opt/gitolite/repositories/
    SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER # Have also tried removing this variable
    SetEnv GIT_HTTP_EXPORT_ALL

    ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \                                                                                                                                                                    
           info/refs | \                                                                                                                                                                        
           objects/(info/[^/]+ | \                                                                                                                                                              
           [0-9a-f]{2}/[0-9a-f]{38} | \                                                                                                                                                         
           pack/pack-[0-9a-f]{40}\.(pack|idx)) | \                                                                                                                                              
           git-(upload|receive)-pack))$" \
        /opt/gitolite/git-core/git-http-backend/$1

    <Directory "/opt/gitolite/git-core">
        AllowOverride None
        Options +ExecCGI -Includes
        Require all granted
    </Directory>
    <Location />
        # enabled in desparation...
        # saw it somewhere in bugzilla powered mailing list
        DAV On

        Order allow,deny
        Require all granted

        AuthType Basic
        AuthName "Git Repositories"
        AuthUserFile /dev/null
        Require valid-user

        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler

        RedmineDSN "DBI:mysql:database=redmine;host=endpoint.rds.amazonaws.com"
        RedmineDbUser "user"
        RedmineDbPass "your"
        RedmineGitSmartHttp yes
    </Location>

    LogLevel info
    CustomLog /var/log/apache2/gitolite.access.log combined
    ErrorLog  /var/log/apache2/gitolite.error.log
</VirtualHost>

My apache server is run by the www-data:www-data user/group, and the gitolite is setup with the git:git user/group. To allow apache to read/write to the repositories, I have done:

# usermod -a -G git www-data
// and as a desparate measure, in frustration, the following:
# usermod -a -G www-data git

The PerlAccessHandler and user auth is working perfectly, because I am able to clone my repositories using valid set of credentials from the redmine setup.

However, when I try to push; I get the following in the server logs:

10.0.225.176 [11/Feb/2017:07:46:26 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 401 726 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 401 725 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 200 848 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "POST /xxx.git/git-upload-pack HTTP/1.1" 200 130408 "-" "git/2.11.0"

and in the client side (the following appears after whatever connection timeout I have set in my load balancer, 30 sec to 10 min):

Counting objects: 2, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 930 bytes | 0 bytes/s, done.
Total 2 (delta 1), reused 0 (delta 0)
error: RPC failed; HTTP 504 curl 22 The requested URL returned error: 504 GATEWAY_TIMEOUT
fatal: The remote end hung up unexpectedly
fatal: The remote end hung up unexpectedly

More often than not, I also have POST to git-upload-pack of length 0 (for the same command of the same repository with the same commit)

10.0.225.222 [11/Feb/2017:07:50:55 +0530] "POST /pandorica.git/git-receive-pack HTTP/1.1" 200 0 "-" "git/2.11.0"
10.0.225.222 [11/Feb/2017:07:53:21 +0530] "POST /pandorica.git/git-receive-pack HTTP/1.1" 200 0 "-" "git/2.11.0"

and receive the following in my server error logs:

[core:error] [pid 1683] (70007)The timeout specified has expired: [client 10.0.225.176:2534] AH00574: ap_content_length_filter: apr_bucket_read() failed
[cgid:error] [pid 1683] (70007)The timeout specified has expired: [client 10.0.225.176:2534] AH02550: Failed to flush CGI output to client

I have even played with setuid and setuid for the git user, hoping that it might help me push to a repository; but to no avail!

chmod u+s /opt/gitolite/repositories
chmod g+s /opt/gitolite/repositories
// and the same commands for `*.git` inside `repositories`

The git config from inside the /opt/gitolite/repositories/xyz.git/:

http.postbuffer=200M
core.repositoryformatversion=0
core.filemode=true
core.bare=true
redminegitolite.projectid=xxx
http.receivepack=true
http.uploadpack=true

For references, I have already been through each of the following:

  1. git-http-backend
  2. Apache and git-http-backend
  3. How to set up git over http?
  4. Setting Up git-http-backend with apache 2.4
  5. Setting up Git Server on Windows With git-http-backend.exe

How do I setup the Apache VHost such that it starts accepting git push.

like image 207
hjpotter92 Avatar asked Feb 11 '17 02:02

hjpotter92


1 Answers

Took me a while. In my case it was permissions. I configured my docker engine process to run containers as non-root. --userns-remap

I have

#/etc/subuid 
docker-user:100000:65536

#/etc/subgid 
docker-runner:100000:65536

#/etc/passwd
docker-user:x:90:90::/home/docker-user:/sbin/nologin
dockremap:x:220:220::/home/dockremap:/bin/false
docker-root:x:100000:2::/home/docker-root:/sbin/nologin
docker-daemon:x:100001:2::/home/docker-daemon:/sbin/nologin 

Just use this command:

setfacl -RL -m g:100000:rwx -m g:100002:rwx /var/git 
like image 173
bioffe Avatar answered Oct 18 '22 14:10

bioffe