当我尝试使用 jenkins 用户从 gerrit 克隆 repo 时出现错误。
我在 gerrit 中有一个 jenkins 用户,并设置了 ssh 密钥和 http 密码。我可以使用密码登录 gerrit UI,但当我尝试通过 http 克隆 repo 时,出现了致命错误:身份验证失败。
我正在使用 nginx,以下是两个网站的配置
以下是 gerrit 的 nginx 配置
upstream gerrit {
server localhost:8092 fail_timeout=0;
}
server {
listen 80;
server_name gerrit.domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name gerrit.domain.com www.gerrit.domain.com;
proxy_ssl_session_reuse off;
ssl_certificate
/etc/letsencrypt/live/gerrit.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key
/etc/letsencrypt/live/gerrit.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
location / {
allow 10.8.0.0/24;
deny all;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_redirect http:// https://;
proxy_pass http://gerrit;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
以及 jenkins 的 nginx 配置
upstream jenkins {
server localhost:8080 fail_timeout=0;
}
server {
listen 80;
server_name jenkins.domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name jenkins.domain.com www.jenkins.domain.com;
ssl_certificate /etc/letsencrypt/live/jenkins.domain.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jenkins.domain.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
proxy_ssl_session_reuse off;
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
location / {
allow 10.8.0.0/24;
deny all;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_redirect http:// https://;
proxy_pass http://jenkins;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
add_header 'X-SSH-Endpoint' 'jenkins.domain.com:50022' always;
proxy_read_timeout 150;
}
location = /favicon.ico {
log_not_found off;
}
}
我尝试使用存储在 /etc/nginx/.htpasswd 中的密码和我在 gerrit UI 中为 jenkins 用户生成的密码,但两者都不起作用。
有人知道为什么它不起作用吗?
此外,在 nginx error.log 中我可以看到“用户“jenkins”:密码不匹配”错误。但使用相同的密码我可以登录 gerrit UI。
答案1
我发现删除后
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
来自 gerrit nginx 配置 jenkins 的行能够克隆 repo,但之后我从网站收到错误,提示 http 身份验证未正确设置。
答案2
我会将失败超时时间从 0 增加,因为逻辑告诉我,在超时和失败之前会给你恰好 0 秒的时间。