I am setting up a git-http-backend CGI script to handle my git.domain
subdomain. The server is behind an ELB (elastic load balancer) on AWS cloud. My server config is as follows (my git hosting is handled by gitolite):
<VirtualHost *:80>
ServerName git.domain
ServerAdmin hjpotter92+git@domain
#SuexecUserGroup git git
DocumentRoot /opt/gitolite/repositories/
PerlLoadModule Apache::Authn::Redmine
SetEnv GIT_PROJECT_ROOT /opt/gitolite/repositories/
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER # Have also tried removing this variable
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/opt/gitolite/git-core/git-http-backend/$1
<Directory "/opt/gitolite/git-core">
AllowOverride None
Options +ExecCGI -Includes
Require all granted
</Directory>
<Location />
# enabled in desparation...
# saw it somewhere in bugzilla powered mailing list
DAV On
Order allow,deny
Require all granted
AuthType Basic
AuthName "Git Repositories"
AuthUserFile /dev/null
Require valid-user
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
RedmineDSN "DBI:mysql:database=redmine;host=endpoint.rds.amazonaws.com"
RedmineDbUser "user"
RedmineDbPass "your"
RedmineGitSmartHttp yes
</Location>
LogLevel info
CustomLog /var/log/apache2/gitolite.access.log combined
ErrorLog /var/log/apache2/gitolite.error.log
</VirtualHost>
My apache server is run by the www-data:www-data
user/group, and the gitolite is setup with the git:git
user/group. To allow apache to read/write to the repositories, I have done:
# usermod -a -G git www-data
// and as a desparate measure, in frustration, the following:
# usermod -a -G www-data git
The PerlAccessHandler
and user auth is working perfectly, because I am able to clone my repositories using valid set of credentials from the redmine setup.
However, when I try to push; I get the following in the server logs:
10.0.225.176 [11/Feb/2017:07:46:26 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 401 726 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 401 725 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 200 848 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "POST /xxx.git/git-upload-pack HTTP/1.1" 200 130408 "-" "git/2.11.0"
and in the client side (the following appears after whatever connection timeout I have set in my load balancer, 30 sec to 10 min):
Counting objects: 2, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 930 bytes | 0 bytes/s, done.
Total 2 (delta 1), reused 0 (delta 0)
error: RPC failed; HTTP 504 curl 22 The requested URL returned error: 504 GATEWAY_TIMEOUT
fatal: The remote end hung up unexpectedly
fatal: The remote end hung up unexpectedly
More often than not, I also have POST
to git-upload-pack
of length 0 (for the same command of the same repository with the same commit)
10.0.225.222 [11/Feb/2017:07:50:55 +0530] "POST /pandorica.git/git-receive-pack HTTP/1.1" 200 0 "-" "git/2.11.0"
10.0.225.222 [11/Feb/2017:07:53:21 +0530] "POST /pandorica.git/git-receive-pack HTTP/1.1" 200 0 "-" "git/2.11.0"
and receive the following in my server error logs:
[core:error] [pid 1683] (70007)The timeout specified has expired: [client 10.0.225.176:2534] AH00574: ap_content_length_filter: apr_bucket_read() failed
[cgid:error] [pid 1683] (70007)The timeout specified has expired: [client 10.0.225.176:2534] AH02550: Failed to flush CGI output to client
I have even played with setuid and setuid for the git user, hoping that it might help me push to a repository; but to no avail!
chmod u+s /opt/gitolite/repositories
chmod g+s /opt/gitolite/repositories
// and the same commands for `*.git` inside `repositories`
The git config from inside the /opt/gitolite/repositories/xyz.git/
:
http.postbuffer=200M
core.repositoryformatversion=0
core.filemode=true
core.bare=true
redminegitolite.projectid=xxx
http.receivepack=true
http.uploadpack=true
For references, I have already been through each of the following:
How do I setup the Apache VHost such that it starts accepting git push
.
Took me a while. In my case it was permissions. I configured my docker engine process to run containers as non-root. --userns-remap
I have
#/etc/subuid
docker-user:100000:65536
#/etc/subgid
docker-runner:100000:65536
#/etc/passwd
docker-user:x:90:90::/home/docker-user:/sbin/nologin
dockremap:x:220:220::/home/dockremap:/bin/false
docker-root:x:100000:2::/home/docker-root:/sbin/nologin
docker-daemon:x:100001:2::/home/docker-daemon:/sbin/nologin
Just use this command:
setfacl -RL -m g:100000:rwx -m g:100002:rwx /var/git
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With