Estou servindo git usando git-http-backend-wrapper
no Apache 2.4 no Ubuntu 14.04. Eu sou capaz de git clone https://my-server/git/repository
, mas quando eu tento GIT_CURL_VERBOSE=1 git push origin master
, recebo um 403. Eu tenho esse problema usando o git como um cliente no Mac OS 10.12 e no GalliumOS 2.0 (Ubuntu 16.04).
Aqui está tudo o que fiz no meu Mac. O resultado do push é o mesmo, mesmo que eu não apague minhas credenciais. Os resultados no Gallium são os mesmos, exceto que sempre sou solicitado por um nome de usuário e senha.
my-mac:test localuser$ git credential-osxkeychain erase
host=git.server
protocol=https
my-mac:test localuser$ GIT_CURL_VERBOSE=1 git clone https://git.server/git/my-repository
Cloning into 'my-repository'...
* Couldn't find host git.server in the .netrc file; using defaults
* Trying 15.31.63.127...
* TCP_NODELAY set
* Connected to git.server (15.31.63.127) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: server
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
> GET /git/my-repository/info/refs?service=git-upload-pack HTTP/1.1
Host: git.server
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Date: Sat, 23 Sep 2017 02:11:42 GMT
< Server: Apache/2.4.7 (Ubuntu)
< WWW-Authenticate: Basic realm="Private Git Access"
< Content-Length: 465
< Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host git.server left intact
Username for 'https://git.server': remoteuser
Password for 'https://[email protected]':
* Couldn't find host git.server in the .netrc file; using defaults
* Connection 0 seems to be dead!
* Closing connection 0
* Hostname git.server was found in DNS cache
* Trying 15.31.63.127...
* TCP_NODELAY set
* Connected to git.server (15.31.63.127) port 443 (#1)
* SSL re-using session ID
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: server
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
* Server auth using Basic with user 'remoteuser'
> GET /git/my-repository/info/refs?service=git-upload-pack HTTP/1.1
Host: git.server
Authorization: Basic (base-64 encoding of remoteuser:remotepassword)
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 200 OK
< Date: Sat, 23 Sep 2017 02:11:49 GMT
< Server: Apache/2.4.7 (Ubuntu)
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Transfer-Encoding: chunked
< Content-Type: application/x-git-upload-pack-advertisement
<
* Connection #1 to host git.server left intact
warning: You appear to have cloned an empty repository.
my-mac:test localuser$ cd my-repository/
my-mac:my-repository localuser$ touch test-file
my-mac:my-repository localuser$ git add test-file
my-mac:my-repository localuser$ git commit -m "Test commit."
[master (root-commit) 88969a2] Test commit.
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 test-file
my-mac:my-repository localuser$ git credential-osxkeychain erase
host=git.server
protocol=https
NX-74205:my-repository localuser$ GIT_CURL_VERBOSE=1 git push origin master
* Couldn't find host git.server in the .netrc file; using defaults
* Trying 15.31.63.127...
* TCP_NODELAY set
* Connected to git.server (15.31.63.127) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: server
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
> GET /git/my-repository/info/refs?service=git-receive-pack HTTP/1.1
Host: git.server
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Date: Sat, 23 Sep 2017 02:16:00 GMT
< Server: Apache/2.4.7 (Ubuntu)
< WWW-Authenticate: Basic realm="Private Git Access"
< Content-Length: 465
< Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host git.server left intact
Username for 'https://git.server': remoteuser
Password for 'https://[email protected]':
* Couldn't find host git.server in the .netrc file; using defaults
* Found bundle for host git.server: 0x7faeb3e00800 [can pipeline]
* Re-using existing connection! (#0) with host git.server
* Connected to git.server (15.31.63.127) port 443 (#0)
* Server auth using Basic with user 'remoteuser'
> GET /git/my-repository/info/refs?service=git-receive-pack HTTP/1.1
Host: git.server
Authorization: Basic (base-64 encoding of remoteuser:remotepassword)
User-Agent: git/2.13.5 (Apple Git-94)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 403 Forbidden
< Date: Sat, 23 Sep 2017 02:16:04 GMT
< Server: Apache/2.4.7 (Ubuntu)
< Expires: Fri, 01 Jan 1980 00:00:00 GMT, Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache, no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate, no-cache, max-age=0, must-revalidate
< Content-Length: 0
<
* Connection #0 to host git.server left intact
fatal: unable to access 'https://git.server/git/my-repository/': The requested URL returned error: 403
Aqui está a parte relevante do meu arquivo conf do Apache.
<VirtualHost *:443>
ServerName git.my-server
DocumentRoot /home/git
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /home/git>
Options ExecCGI Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location />
AuthType Basic
AuthName "Private Git Access"
AuthUserFile /home/git/.htpasswd
Require valid-user
</Location>
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/my-server.crt
SSLCertificateKeyFile /etc/ssl/private/my-server.key
SuexecUserGroup git git
ScriptAlias /git /var/www/sbin/git-http-backend-wrapper
</VirtualHost>