通过HTTP基本身份验证的Git命令
[英]Git commands via HTTP Basic Auth
问题描述
I'm using Gitlab 7 via Nginx+Unicorn. 
我正在通过Nginx + Unicorn使用Gitlab 7。 Once I had enabled HTTP Basic Auth, git commands like "git push" or "git pull" stopped working. 启用HTTP基本身份验证后,诸如“ git push”或“ git pull”之类的git命令停止工作。 Without HTTP Basic Auth all working well. 如果没有HTTP Basic Auth,一切都将正常运行。 How I may fix it? 我该如何解决? I need to enable the HTTP Basic Auth without any damage for developers. 我需要启用HTTP基本身份验证,而不会对开发人员造成任何损害。 My nginx conf-file for gitlab: 我的gitlab的nginx conf文件:
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}
server {
listen *:80 default_server;
server_name gitlab.delfit.com;
server_tokens off;
root /home/git/gitlab/public;
client_max_body_size 300m;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
# serve static files from defined root folder;.
# @gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# auth_basic "Restricted";
# auth_basic_user_file /home/git/gitlab/.htpasswd;
proxy_pass http://gitlab;
}
error_page 502 /502.html;
}
The error after enabling basic auth is: 启用基本身份验证后的错误是:
user@machine:~/git/myproject$ git push
fatal: Authentication failed for 'http://gitlab.myorg.com/user/repo.git'
Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
0 2014-07-24 14:54:39
So you've managed to add two layers of authentication. 因此,您设法添加了两层身份验证。 One at the nginx layer, then Gitlab has it's own when you push/pull repositories. 在nginx层一个,然后在您推/拉存储库时Gitlab拥有它自己的。
Here's the flow you've created. 这是您创建的流程。 When someone pushes code, they are attempting to authenticate against the nginx authentication, and not against Gitlab. 当有人推送代码时,他们尝试根据nginx身份验证而不是针对Gitlab进行身份验证。 Once the user is authenticated against nginx, they'll have to authenticate against Gitlab. 用户通过nginx认证后,就必须通过Gitlab进行认证。 Then you'll authenticate against gitlab, but that will unauthenticate you against nginx because HTTP can only hold one set of credentials. 然后,您将通过gitlab进行身份验证,但这将使您无法通过nginx进行身份验证,因为HTTP仅可以保存一组凭据。
I'd personally just let Gitlab's built in authentication do it's job. 我个人只是让Gitlab的内置身份验证来完成它的工作。 But if you really have to have authentication at nginx, I see two options. 但是,如果您真的必须在nginx上进行身份验证,我会看到两个选择。 Switch pushing and pulling from Gitlab to SSH, and don't use HTTP to push and pull repositories. 将推送和提取从Gitlab切换到SSH,并且不要使用HTTP来推送和提取存储库。 Or, put a conditional statement in nginx to not prompt for authentication when the URL matches {repo}.git or similar format. 或者,在URL匹配{repo}.git或类似格式时,将条件语句放在nginx中以不提示进行身份验证。 But to be warned, if is evil in nginx . 但是要警告, nginx是否邪恶 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.