apache - GitSmartHTTP for gitolite repositories over Apache 不允许我推送

Question

我正在设置一个 git-http-backend CGI 脚本来处理我的 git.domain 子域。服务器位于AWS云上的ELB(弹性负载均衡器)后面。我的服务器配置如下(我的 git 托管由 gitolite 处理):

<VirtualHost *:80>
    ServerName git.domain
    ServerAdmin hjpotter92+git@domain

    #SuexecUserGroup git git                                                                                                                                                                    
    DocumentRoot /opt/gitolite/repositories/

    PerlLoadModule Apache::Authn::Redmine

    SetEnv GIT_PROJECT_ROOT /opt/gitolite/repositories/
    SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER # Have also tried removing this variable
    SetEnv GIT_HTTP_EXPORT_ALL

    ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \                                                                                                                                                                    
           info/refs | \                                                                                                                                                                        
           objects/(info/[^/]+ | \                                                                                                                                                              
           [0-9a-f]{2}/[0-9a-f]{38} | \                                                                                                                                                         
           pack/pack-[0-9a-f]{40}\.(pack|idx)) | \                                                                                                                                              
           git-(upload|receive)-pack))$" \
        /opt/gitolite/git-core/git-http-backend/$1

    <Directory "/opt/gitolite/git-core">
        AllowOverride None
        Options +ExecCGI -Includes
        Require all granted
    </Directory>
    <Location />
        # enabled in desparation...
        # saw it somewhere in bugzilla powered mailing list
        DAV On

        Order allow,deny
        Require all granted

        AuthType Basic
        AuthName "Git Repositories"
        AuthUserFile /dev/null
        Require valid-user

        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler

        RedmineDSN "DBI:mysql:database=redmine;host=endpoint.rds.amazonaws.com"
        RedmineDbUser "user"
        RedmineDbPass "your"
        RedmineGitSmartHttp yes
    </Location>

    LogLevel info
    CustomLog /var/log/apache2/gitolite.access.log combined
    ErrorLog  /var/log/apache2/gitolite.error.log
</VirtualHost>

我的 apache 服务器由 www-data:www-data 用户/组运行，gitolite 由 git:git 用户/组设置。为了允许 apache 读取/写入存储库，我已经这样做了:

# usermod -a -G git www-data
// and as a desparate measure, in frustration, the following:
# usermod -a -G www-data git

PerlAccessHandler 和用户身份验证工作正常，因为我能够使用 redmine 设置中的一组有效凭据来克隆我的存储库。

但是，当我尝试插入时；我在服务器日志中收到以下内容:

10.0.225.176 [11/Feb/2017:07:46:26 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 401 726 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 401 725 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "GET /xxx.git/info/refs?service=git-upload-pack HTTP/1.1" 200 848 "-" "git/2.11.0"
10.0.225.176 [11/Feb/2017:07:46:27 +0530] "POST /xxx.git/git-upload-pack HTTP/1.1" 200 130408 "-" "git/2.11.0"

在客户端(在我在负载均衡器中设置的任何连接超时(30 秒到 10 分钟)后出现以下内容):

Counting objects: 2, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 930 bytes | 0 bytes/s, done.
Total 2 (delta 1), reused 0 (delta 0)
error: RPC failed; HTTP 504 curl 22 The requested URL returned error: 504 GATEWAY_TIMEOUT
fatal: The remote end hung up unexpectedly
fatal: The remote end hung up unexpectedly

通常情况下，我还使用 POST 到长度为 0 的 git-upload-pack (对于具有相同提交的同一存储库的同一命令)

10.0.225.222 [11/Feb/2017:07:50:55 +0530] "POST /pandorica.git/git-receive-pack HTTP/1.1" 200 0 "-" "git/2.11.0"
10.0.225.222 [11/Feb/2017:07:53:21 +0530] "POST /pandorica.git/git-receive-pack HTTP/1.1" 200 0 "-" "git/2.11.0"

并在我的服务器错误日志中收到以下内容:

[core:error] [pid 1683] (70007)The timeout specified has expired: [client 10.0.225.176:2534] AH00574: ap_content_length_filter: apr_bucket_read() failed
[cgid:error] [pid 1683] (70007)The timeout specified has expired: [client 10.0.225.176:2534] AH02550: Failed to flush CGI output to client

我什至玩过 setuid 和 git 用户的 setuid，希望它可以帮助我推送到存储库；但没有效果!

chmod u+s /opt/gitolite/repositories
chmod g+s /opt/gitolite/repositories
// and the same commands for `*.git` inside `repositories`

/opt/gitolite/repositories/xyz.git/内的 git 配置:

http.postbuffer=200M
core.repositoryformatversion=0
core.filemode=true
core.bare=true
redminegitolite.projectid=xxx
http.receivepack=true
http.uploadpack=true

<小时/>

作为引用，我已经完成了以下各项:

1. git-http-backend
2. Apache and git-http-backend
3. How to set up git over http?
4. Setting Up git-http-backend with apache 2.4
5. Setting up Git Server on Windows With git-http-backend.exe

<小时/>

如何设置 Apache VHost 以使其开始接受 git Push。

Answer 1

花了我一段时间。就我而言，这是权限。我将 docker 引擎进程配置为以非 root 身份运行容器。 --userns-remap

我有

#/etc/subuid 
docker-user:100000:65536

#/etc/subgid 
docker-runner:100000:65536

#/etc/passwd
docker-user:x:90:90::/home/docker-user:/sbin/nologin
dockremap:x:220:220::/home/dockremap:/bin/false
docker-root:x:100000:2::/home/docker-root:/sbin/nologin
docker-daemon:x:100001:2::/home/docker-daemon:/sbin/nologin 

只需使用此命令:

setfacl -RL -m g:100000:rwx -m g:100002:rwx /var/git