git push origin master 返回 403

git push origin master 返回 403

我在 Ubuntu 14.04 上使用 Apache 2.4 提供 git 服务git-http-backend-wrapper。我可以git clone https://my-server/git/repository,但是当我尝试时GIT_CURL_VERBOSE=1 git push origin master,我得到 403。我在 Mac OS 10.12 和 GalliumOS 2.0 (Ubuntu 16.04) 上使用 git 作为客户端时遇到了这个问题。

这是我在 Mac 上所做的一切。即使我不删除我的凭据,推送的结果也是相同的。在 Gallium 上的结果相同,只是总是提示我输入用户名和密码。

my-mac:test localuser$ git credential-osxkeychain erase
host=git.server
protocol=https

my-mac:test localuser$ GIT_CURL_VERBOSE=1 git clone https://git.server/git/my-repository
Cloning into 'my-repository'...
* Couldn't find host git.server in the .netrc file; using defaults
*   Trying 15.31.63.127...
* TCP_NODELAY set
* Connected to git.server (15.31.63.127) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: server
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
> GET /git/my-repository/info/refs?service=git-upload-pack HTTP/1.1
Host: git.server
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Sat, 23 Sep 2017 02:11:42 GMT
< Server: Apache/2.4.7 (Ubuntu)
< WWW-Authenticate: Basic realm="Private Git Access"
< Content-Length: 465
< Content-Type: text/html; charset=iso-8859-1
< 
* Connection #0 to host git.server left intact
Username for 'https://git.server': remoteuser
Password for 'https://[email protected]': 
* Couldn't find host git.server in the .netrc file; using defaults
* Connection 0 seems to be dead!
* Closing connection 0
* Hostname git.server was found in DNS cache
*   Trying 15.31.63.127...
* TCP_NODELAY set
* Connected to git.server (15.31.63.127) port 443 (#1)
* SSL re-using session ID
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: server
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
* Server auth using Basic with user 'remoteuser'
> GET /git/my-repository/info/refs?service=git-upload-pack HTTP/1.1
Host: git.server
Authorization: Basic (base-64 encoding of remoteuser:remotepassword)
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Sat, 23 Sep 2017 02:11:49 GMT
< Server: Apache/2.4.7 (Ubuntu)
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Transfer-Encoding: chunked
< Content-Type: application/x-git-upload-pack-advertisement
< 
* Connection #1 to host git.server left intact
warning: You appear to have cloned an empty repository.
my-mac:test localuser$ cd my-repository/
my-mac:my-repository localuser$ touch test-file
my-mac:my-repository localuser$ git add test-file
my-mac:my-repository localuser$ git commit -m "Test commit."
[master (root-commit) 88969a2] Test commit.
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 test-file
my-mac:my-repository localuser$ git credential-osxkeychain erase
host=git.server
protocol=https

NX-74205:my-repository localuser$ GIT_CURL_VERBOSE=1 git push origin master
* Couldn't find host git.server in the .netrc file; using defaults
*   Trying 15.31.63.127...
* TCP_NODELAY set
* Connected to git.server (15.31.63.127) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: server
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
> GET /git/my-repository/info/refs?service=git-receive-pack HTTP/1.1
Host: git.server
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Sat, 23 Sep 2017 02:16:00 GMT
< Server: Apache/2.4.7 (Ubuntu)
< WWW-Authenticate: Basic realm="Private Git Access"
< Content-Length: 465
< Content-Type: text/html; charset=iso-8859-1
< 
* Connection #0 to host git.server left intact
Username for 'https://git.server': remoteuser
Password for 'https://[email protected]': 
* Couldn't find host git.server in the .netrc file; using defaults
* Found bundle for host git.server: 0x7faeb3e00800 [can pipeline]
* Re-using existing connection! (#0) with host git.server
* Connected to git.server (15.31.63.127) port 443 (#0)
* Server auth using Basic with user 'remoteuser'
> GET /git/my-repository/info/refs?service=git-receive-pack HTTP/1.1
Host: git.server
Authorization: Basic (base-64 encoding of remoteuser:remotepassword)
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 403 Forbidden
< Date: Sat, 23 Sep 2017 02:16:04 GMT
< Server: Apache/2.4.7 (Ubuntu)
< Expires: Fri, 01 Jan 1980 00:00:00 GMT, Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache, no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate, no-cache, max-age=0, must-revalidate
< Content-Length: 0
< 
* Connection #0 to host git.server left intact
fatal: unable to access 'https://git.server/git/my-repository/': The requested URL returned error: 403

这是我的 Apache conf 文件的相关部分。

<VirtualHost *:443>
        ServerName git.my-server
        DocumentRoot /home/git
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        <Directory /home/git>
                Options ExecCGI Indexes FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

        <Location />
                AuthType Basic
                AuthName "Private Git Access"
                AuthUserFile /home/git/.htpasswd
                Require valid-user
        </Location>

        SSLEngine on
        SSLOptions +StrictRequire
        SSLCertificateFile /etc/ssl/certs/my-server.crt
        SSLCertificateKeyFile /etc/ssl/private/my-server.key

        SuexecUserGroup git git
        ScriptAlias /git /var/www/sbin/git-http-backend-wrapper
</VirtualHost>

答案1

因此,经过几天的偏离轨道和深入研究之后,答案就变得非常简单了。

[email protected]:/home/git/my-repository.git$ sudo -s
[email protected]:/home/git/my-repository.git# git config http.receivepack true
[email protected]:/home/git/my-repository.git# chown -R git:git .

相关内容