Gerrit installation on CentOS doesn't work

Question

I have installed gerrit on my centos server, but I have a problem with the authentication. I would like to give authentication privileges for the centos users in a given group. Basically, every user in the gerrit group should have the possibility to log in with its password.

But, when I access the gerrit link, there is a redirect to gerrit:8081/login when I get the following message:

The HTTP server did not provide the username in the Authorization header when it forwarded the request to Gerrit Code Review.

If the HTTP server is Apache HTTPd, check the proxy configuration includes an authorization directive with the proper location, ensuring it ends with '/':

Do you have any hints why this doesn't work?

The VirtualHost part of the /etc/httpd/conf/httpd.conf file looks something like this:

<VirtualHost gerrit:8081>
    ServerName gerrit

    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On

    <Proxy *>
          Order deny,allow
          Allow from all
    </Proxy>

    <Location "/login/">
      AuthType Basic
      AuthName "Gerrit Code Review"
    AuthBasicProvider file
      AuthUserFile /etc/passwd
      Require valid-user
    </Location>


    AllowEncodedSlashes On
       ProxyPass /r http://localhost:8081/r nocanon
</VirtualHost>

And the gerrit.config file:

[gerrit]
        basePath = /repos
        canonicalWebUrl = http://freshattitude.eu:8081/
[database]
        type = mysql
        hostname = localhost
        database = gerrit
        username = gerrit
[auth]
        type = HTTP
        emailFormat = {0}@example.com
[sendemail]
        smtpServer = localhost
        smtpUser = root
[container]
        user = gerrit
        javaHome = /usr/java/jdk1.7.0_25/jre
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = http://*:8081/
[cache]
        directory = cache

Answer 1

As far as I know Gerrit requires the authentication details to be provided in the request header when using HTTP authentication. So, when using this anonymous access is not possible. Because of this I changed the Location "/login/" to Location "/", then authentication is always done before going to Gerrit. That it works and I can live with it.

This might actually be some regression bug that crept in somewhere but that how I have it working.

Answer 2

You made some mistakes. On the one hand, you have to set in gerrit.config

httpd.listenUrl = proxy-http://127.0.0.1:8081/

so that Gerrit knows about the proxy in front of it.

Furthermore, your Apache vhost has to listen to a different port (at least when both services run on the same server). In fact, I'm wondering how you've been able to start both at the same time ;-)

So set an apache vhost up for port 80, not for port 8081. Then users will connect to http://freshattitude.eu/.

Finally, again in gerrit.config, you have to fix your canonicalWebUrl and remove the :8081, as because of you're using a proxy, this is how you tell to Gerrit what its URL towards the outside world is.

I think you should go through Gerrit docs on reverse proxy config once.

Afterwards you will end up with Gerrit listening only on localhost port 8081 and apache listening to port 80 (sure, you might want to use SSL, then use the proxy-https variant in gerrit.config).

Answer 3

This is the configuration which runs and help you https://groups.google.com/forum/?hl=en#!topic/repo-discuss/qwQxy_izXzo

Thanks & Regards,
Alok Thaker