Jenkins 无法通过 http 从 gerrit 克隆 repo

Jenkins 无法通过 http 从 gerrit 克隆 repo

当我尝试使用 jenkins 用户从 gerrit 克隆 repo 时出现错误。

我在 gerrit 中有一个 jenkins 用户,并设置了 ssh 密钥和 http 密码。我可以使用密码登录 gerrit UI,但当我尝试通过 http 克隆 repo 时,出现了致命错误:身份验证失败。

我正在使用 nginx,以下是两个网站的配置

以下是 gerrit 的 nginx 配置

upstream gerrit {
    server localhost:8092 fail_timeout=0;
}

 server {
    listen 80;
    server_name gerrit.domain.com;
    return 301 https://$host$request_uri;
 }

 server {
    listen 443 ssl;
    server_name gerrit.domain.com www.gerrit.domain.com;

    proxy_ssl_session_reuse off;

    ssl_certificate 
    /etc/letsencrypt/live/gerrit.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key 
    /etc/letsencrypt/live/gerrit.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    if ($scheme != "https") {
       return 301 https://$host$request_uri;
    } # managed by Certbot

    location / {
       allow 10.8.0.0/24;
       deny all;
       proxy_set_header        Host $host:$server_port;
       proxy_set_header        X-Real-IP $remote_addr;
       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header        X-Forwarded-Proto $scheme;
       proxy_set_header Connection "";
       proxy_set_header Authorization $http_authorization;
       proxy_pass_header  Authorization;
       proxy_redirect http:// https://;
       proxy_pass              http://gerrit;
       proxy_http_version 1.1;
       proxy_request_buffering off;
       proxy_buffering off; # Required for HTTP-based CLI to work over SSL

       auth_basic "Restricted";
       auth_basic_user_file /etc/nginx/.htpasswd;
 }

以及 jenkins 的 nginx 配置

upstream jenkins {
    server localhost:8080 fail_timeout=0;
}

server {
    listen 80;
    server_name jenkins.domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name jenkins.domain.com www.jenkins.domain.com;

    ssl_certificate /etc/letsencrypt/live/jenkins.domain.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/jenkins.domain.com-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    proxy_ssl_session_reuse off;

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    location / {
        allow 10.8.0.0/24;
        deny all;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_redirect http:// https://;
        proxy_pass              http://jenkins;
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off; # Required for HTTP-based CLI to work over SSL
        add_header 'X-SSH-Endpoint' 'jenkins.domain.com:50022' always;
        proxy_read_timeout 150;
    }
    location = /favicon.ico {
        log_not_found off;
    }
}

我尝试使用存储在 /etc/nginx/.htpasswd 中的密码和我在 gerrit UI 中为 jenkins 用户生成的密码,但两者都不起作用。

有人知道为什么它不起作用吗?

此外,在 nginx error.log 中我可以看到“用户“jenkins”:密码不匹配”错误。但使用相同的密码我可以登录 gerrit UI。

答案1

我发现删除后

auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;

来自 gerrit nginx 配置 jenkins 的行能够克隆 repo,但之后我从网站收到错误,提示 http 身份验证未正确设置。

答案2

我会将失败超时时间从 0 增加,因为逻辑告诉我,在超时和失败之前会给你恰好 0 秒的时间。

相关内容