我的设置
- 操作系统:debian
- git:v 1.7.10
- apache(启用了 suexec 模式)配置了 git-http-backend 和 LDAP 授权给 git repos,这适用于克隆操作,但不适用于推送,这就是问题所在。我使用 HTTPS 作为与 git 服务器的通信协议。
这是我的配置:
虚拟主机配置:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /git/myrepos
<Directory "/git/myrepos">
Allow from All
Options +ExecCGI
AllowOverride All
</Directory>
ScriptAlias /git /git/myrepos/bin/suexec-wrapper.sh
SSLEngine on
SSLCertificateFile /etc/ssl/git.crt
SSLCertificateKeyFile /etc/ssl/git.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
/git/myrepos/bin/suexec-wrapper.sh:
#!/bin/bash
PATH_INFO=$SCRIPT_URL
GIT_PROJECT_ROOT=/git/myrepos
REMOTE_USER=$REDIRECT_REMOTE_USER
export GIT_HTTP_EXPORT_ALL=true
/usr/lib/git-core/git-http-backend
克隆 repos 工作正常(例如git clone https://192.168.0.1/repo1.git)。它接受 ldap 用户的凭证并克隆 repo。
当推送 repo(例如git push origin master)时,它会要求输入凭证,接受它们,然后抛出错误:
error: Cannot access URL https://192.168.0.1/repo1.git/, return code 22
fatal: git-http-push failed
当以详细模式运行推送时(GIT_CURL_VERBOSE=1 git push origin master),它会要求输入凭证、接受它们并且(输出尾部):
* STATE: DO => DO_DONE handle 0x1cdd270; (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x1cdd270; (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x1cdd270; (connection #0)
* additional stuff not fine transfer.c:1037: 0 0
* The requested URL returned error: 401
* Closing connection #0
* Expire cleared
error: Cannot access URL https://192.168.0.1/repo1.git/, return code 22
fatal: git-http-push failed
- 我是否正确配置了 apache git-http-backend (带有包装脚本?)?
- 哪些因素可能导致推送操作出现问题?
- 如何更详细地调试它?
非常感谢您的任何建议!
答案1
经过多次尝试,我找到了解决方案。问题在于 git-http-backend 的 VirtualHost 配置不正确。
这是我的工作配置:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /git/myrepos
SetEnv GIT_PROJECT_ROOT /git/myrepos
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /myrepos/ /usr/lib/git-core/git-http-backend
AliasMatch ^/myrepos/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /git/myrepos/$1
AliasMatch ^/repos/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /git/myrepos/$1
ScriptAliasMatch "(?x)^/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}\.(pack|idx)) | git-(upload|receive)-pack))$" /usr/lib/git-core/git-http-backend/$1
<Directory "/usr/lib/git-core/">
Options +ExecCGI
Allow From All
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/git.crt
SSLCertificateKeyFile /etc/ssl/git.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<Location /repo1.git>
Order deny,allow
Deny from all
Allow from all
AuthName "GIT Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPBindDN domain\user
AuthLDAPBindPassword passwd
AuthLDAPURL ldap://ldap.server:389/ou=git,DC=domain?sAMAccountName
Require ldap-group cn=git_repo1,ou=git,dc=domain
</Location>
</VirtualHost>
</IfModule>
现在,所有 git 操作都可以通过 https 和 ldap 授权与 git-http-backend 一起正常运行:)
也许它对某些人有用。