You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Mehler <da...@gmail.com> on 2019/11/08 18:16:03 UTC
[users@httpd] git push to apache produces return code 22
Hello,
I'm trying to run git on FreeBSD with Apache 2.4 as the web server. My
issue is I can pull/clone from the repo via remote:
git clone https://git.example.com/myrepo.git
This works fine. The issue comes when I atempt to push changes:
git commit -m "commit message"
git push origin master
This gives me an error message of can nnott access url return code 22.
The git and apache versions i'm using are:
apache24-2.4.41
git-2.24.0
They are installed from FreeBSD ports.
This previously was working, I'm wondering if an update has introduced
a new/incompatible change.
Here's my apache configuration:
# The git.example.com http virtual host
<VirtualHost *:80>
DocumentRoot /usr/local/www/git/repos
ServerName git.example.com
ServerAdmin webmaster@example.com
ErrorLog /var/log/git-httpd-error.log
CustomLog /var/log/git-httpd-access.log combined
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
</IfModule>
# Completely deny pushing over HTTP
<LocationMatch "git-receive-pack">
Require all denied
</LocationMatch>
</VirtualHost>
# The git.example.com https virtual host
<VirtualHost *:443>
DocumentRoot /usr/local/www/git/repos
ServerName git.example.com
ServerAdmin webmaster@example.com
ErrorLog /var/log/git-httpd-error.log
CustomLog /var/log/git-httpd-access.log combined
# Uncomment the below 2 lines when deploy http2
H2Direct on
Protocols h2 h2c http/1.1
SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme.sh/example.com/fullchain.crt"
SSLCertificateKeyFile
"/usr/local/etc/ssl/acme.sh/example.com/private/server-ec256.key"
SSLCACertificateFile "/usr/local/etc/ssl/acme.sh/example.com/cacert.crt"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
<Directory "/usr/local/www/git/repos">
Options +ExecCGI
SSLRequireSSL
AllowOverride None
AuthType Basic
AuthName "Private Git Access"
AuthUserFile "/usr/local/etc/apache24/git-auth-file"
AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
Require valid-user
<If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
=~ m#/git-receive-pack$#">
Require group gitwrite
</If>
</Directory>
ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
<Directory "/usr/local/libexec/git-core">
SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
SetEnv GIT_HTTP_EXPORT_ALL
# For anonymous write
#SetEnv REMOTE_USER anonymousweb
Options +ExecCGI
SSLRequireSSL
AuthType Basic
AuthName "Private Git Access"
AuthUserFile "/usr/local/etc/apache24/git-auth-file"
AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
Require valid-user
<If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
=~ m#/git-receive-pack$#">
Require group gitwrite
</If>
</Directory>
# gitweb
Alias /gitweb "/usr/local/www/gitweb"
<Directory "/usr/local/www/gitweb">
DirectoryIndex gitweb.cgi
Options ExecCGI
SSLRequireSSL
AuthType Basic
AuthName "Private Gitweb Access"
AuthUserFile "/usr/local/etc/apache24/git-auth-file"
Require valid-user
<Files gitweb.cgi>
SetHandler cgi-script
</Files>
SetEnv GITWEB_CONFIG /usr/local/etc/gitweb.conf
</Directory>
</VirtualHost>
git-auth-file:
user:password
git-htgroup-file:
gitwrite: user
I am not getting anything in the apache log files.
Any ideas?
Thanks.
Dave.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] git push to apache produces return code 22
Posted by David Mehler <da...@gmail.com>.
Hello Konstantin,
Thank you for your reply.
In answer to your last question I am seeing information in the access
log indicating atempts to push files but they're getting either 401 or
404 messages.
I have temporarily commented out the require valid-user directive and
restarted apache. I am getting the same error.
If you've got a working git/gitweb configuration can I get a look at
it? I'd like to compare your working setup to my non-working one.
Thanks.
Dave.
On 11/8/19, Konstantin Kolinko <kn...@gmail.com> wrote:
> пт, 8 нояб. 2019 г. в 21:16, David Mehler <da...@gmail.com>:
>
>> 'm trying to run git on FreeBSD with Apache 2.4 as the web server. My
>> issue is I can pull/clone from the repo via remote:
>>
>> git clone https://git.example.com/myrepo.git
>
> 1. Looking at you 'ScriptAlias' directive, I think that for your
> configuration the correct URL for your repository is actually
>
> https://git.example.com/git/myrepo.git
>
> You also have gitweb configured at
>
> https://git.example.com/gitweb/myrepo.git
>
>> DocumentRoot /usr/local/www/git/repos
>
> 2. With your DocumentRoot directive you directly expose your Git
> repository files as a static website at the root URL of your site.
> That is the reason why
>
> git clone https://git.example.com/myrepo.git
>
> works, but Git uses an old dump version of protocol for that access,
> directly reading files one-by-one from the repository. Such access is
> read-only and does not use the "smart" protocol supported by
> git-http-backend executable.
>
> A correct configuration would be to point DocumentRoot to some empty
> directory, explicitly configured to serve as a root of your web server
> (e.g. with a simple index.html).
>
> [...]
>
>> <Directory "/usr/local/www/git/repos">
>> Options +ExecCGI
>> SSLRequireSSL
>> AllowOverride None
>>
>> AuthType Basic
>> AuthName "Private Git Access"
>> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
>> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
>> Require valid-user
>> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
>> =~ m#/git-receive-pack$#">
>> Require group gitwrite
>> </If>
>> </Directory>
>
> 3. I think that "Require" cannot be used twice in the same section
> like you are using it above. From the docs the first 'Require' wins,
> the second one is ignored.
>
> I think that the first 'Require' can be moved into an "<Else>" section,
>
> http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
> http://httpd.apache.org/docs/2.4/mod/core.html#else
>
> 4. Personally, I prefer to use <LocationMatch> instead of <Directory>.
>
> In you case I think that will be
>
> <LocationMatch "^/git/">
>
>
>> ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
>> <Directory "/usr/local/libexec/git-core">
>> SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
>> SetEnv GIT_HTTP_EXPORT_ALL
>> # For anonymous write
>> #SetEnv REMOTE_USER anonymousweb
>> Options +ExecCGI
>> SSLRequireSSL
>>
>> AuthType Basic
>> AuthName "Private Git Access"
>> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
>> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
>> Require valid-user
>> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
>> =~ m#/git-receive-pack$#">
>> Require group gitwrite
>> </If>
>> </Directory>
>
> 5. The "Require" directive is used twice here as well.
>
>
>> I am not getting anything in the apache log files.
>
> 6. There is nothing in your access log file?
>
>> CustomLog /var/log/git-httpd-access.log combined
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] git push to apache produces return code 22
Posted by Konstantin Kolinko <kn...@gmail.com>.
пт, 8 нояб. 2019 г. в 21:16, David Mehler <da...@gmail.com>:
> 'm trying to run git on FreeBSD with Apache 2.4 as the web server. My
> issue is I can pull/clone from the repo via remote:
>
> git clone https://git.example.com/myrepo.git
1. Looking at you 'ScriptAlias' directive, I think that for your
configuration the correct URL for your repository is actually
https://git.example.com/git/myrepo.git
You also have gitweb configured at
https://git.example.com/gitweb/myrepo.git
> DocumentRoot /usr/local/www/git/repos
2. With your DocumentRoot directive you directly expose your Git
repository files as a static website at the root URL of your site.
That is the reason why
git clone https://git.example.com/myrepo.git
works, but Git uses an old dump version of protocol for that access,
directly reading files one-by-one from the repository. Such access is
read-only and does not use the "smart" protocol supported by
git-http-backend executable.
A correct configuration would be to point DocumentRoot to some empty
directory, explicitly configured to serve as a root of your web server
(e.g. with a simple index.html).
[...]
> <Directory "/usr/local/www/git/repos">
> Options +ExecCGI
> SSLRequireSSL
> AllowOverride None
>
> AuthType Basic
> AuthName "Private Git Access"
> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
> Require valid-user
> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
> =~ m#/git-receive-pack$#">
> Require group gitwrite
> </If>
> </Directory>
3. I think that "Require" cannot be used twice in the same section
like you are using it above. From the docs the first 'Require' wins,
the second one is ignored.
I think that the first 'Require' can be moved into an "<Else>" section,
http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
http://httpd.apache.org/docs/2.4/mod/core.html#else
4. Personally, I prefer to use <LocationMatch> instead of <Directory>.
In you case I think that will be
<LocationMatch "^/git/">
> ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
> <Directory "/usr/local/libexec/git-core">
> SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
> SetEnv GIT_HTTP_EXPORT_ALL
> # For anonymous write
> #SetEnv REMOTE_USER anonymousweb
> Options +ExecCGI
> SSLRequireSSL
>
> AuthType Basic
> AuthName "Private Git Access"
> AuthUserFile "/usr/local/etc/apache24/git-auth-file"
> AuthGroupFile "/usr/local/etc/apache24/git-htgroup-file"
> Require valid-user
> <If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
> =~ m#/git-receive-pack$#">
> Require group gitwrite
> </If>
> </Directory>
5. The "Require" directive is used twice here as well.
> I am not getting anything in the apache log files.
6. There is nothing in your access log file?
> CustomLog /var/log/git-httpd-access.log combined
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org