如何使 git push 与 nginx 反向代理(HTTPS)后面的 nginx(基本身份验证)一起工作?

tag-icon tag-icon nginx proxy https git
如何使 git push 与 nginx 反向代理(HTTPS)后面的 nginx(基本身份验证)一起工作?

我喜欢在没有直接互联网访问的计算机(后端)上安装 git 服务器。应该有基本的身份验证。应该可以通过另一台计算机上的反向代理(前端)进行访问,该计算机使用 SSL/HTTPS。两台计算机都运行 Debian 7 稳定版(wheezy + wheezy-backports for nginx 和 git)。

到目前为止一切 (= git clone) 正常,但是git push

$ git push --set-upstream origin master
Username for 'https://myfrontend:443': myusername
Password for 'https://myusername@myfrontend:443': 
error: Cannot access URL https://myserver:443/git/gittest.git/, return code 22
fatal: git-http-push failed

后端nginx日志中的错误信息为:

2014/04/01 01:00:00 [error] 27000#0: *7 no user/password was provided for
basic authentication, client: myfrontend, server: mybackend, request:
"PROPFIND /git/gittest.git/ HTTP/1.0", host: "myfrontend"

看来基本身份验证对 有效clone,但对 无效push

前端的 nginx 配置是:

server {
    listen 443;
    server_name myfrontend;
    resolver 127.0.0.1;
    charset UTF-8;
    #
    root /var/www/;
    index index.html;
    #
    ssl on;
    ssl_certificate /etc/ssl/certs/myfronted.crt;
    ssl_certificate_key /etc/ssl/private/myfrontend.key;
    #
    ssl_session_timeout 5m;
    #
    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
    #
    location ~ /git(/.*) {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://mybackend:8081/git$1;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header REMOTE_USER $remote_user;
    }
}

后端的 nginx 配置是:

server {
    listen 8081;
    server_name mybackend;
    root /var/www;
    charset UTF-8;
    #
    location ~ /git(/.*) {
        auth_basic "Restricted";
        auth_basic_user_file /var/lib/git/.htpasswd;
        dav_methods PUT DELETE MKCOL COPY MOVE;
        dav_ext_methods PROPFIND OPTIONS;
        create_full_put_path on;
        #
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT /var/lib/git;
        fastcgi_param PATH_INFO $1;
        fastcgi_param DOCUMENT_ROOT /usr/lib/git-core/;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        include fastcgi_params;
    }
}

后端服务器上的 git 配置是:

[core]
repositoryformatversion = 0
filemode = true
bare = true
[http]
receivepack = true
[gitweb]
    owner = My Name

有没有其他更简单的方法在后端提供 git 服务?也许不用 nginx 或不用 fcgiwrap?不过,我希望没有 Apache 也能生存下去……

提前谢谢了!

答案1

问题出在前端语法上。我必须更改:

proxy_pass http://mybackend:8081/git$1;

改为正确:

proxy_pass http://mybackend:8081/git$1$is_args$args;

或者:

proxy_pass http://mybackend:8081$request_uri;

谢谢,威尔!

相关内容