Konfiguration von git-http-backend mit Nginx (gibt PROPFIND 405 zurück)

tag-icon tag-icon nginx git spawn-fcgi
Konfiguration von git-http-backend mit Nginx (gibt PROPFIND 405 zurück)

Ich versuche, git-http-backend über nginx zu konfigurieren und habe einige Probleme.

Das tatsächliche Ergebnis ist, dass ich einen 405-Fehler für die PROPFIND-Anforderung erhalte:

192.168.1.45 - - [22/Feb/2015:16:50:46 +0100] "GET /lw/bla.git/info/refs?service=git-receive-pack HTTP/1.1" 200 0 "-" "git/2.3.0" "-"
192.168.1.45 - - [22/Feb/2015:16:50:46 +0100] "GET /lw/bla.git/HEAD HTTP/1.1" 200 23 "-" "git/2.3.0" "-"
192.168.1.45 - - [22/Feb/2015:16:50:46 +0100] "PROPFIND /lw/bla.git/ HTTP/1.1" 405 172 "-" "git/2.3.0" "-"

Versionen:

  • Debian GNU/Linux 7.8 (keuchend)
  • Git-Version 2.3.0
  • Nginx-Version: nginx/1.6.2
  • fcgiwrap Version 1.0.3

Die Konfigurationsteile:

Nginx-Site-Konfiguration

server {
   listen 443;
   server_name git.dloc.com;
   access_log /var/log/nginx/git.dloc.access.log main;
   error_log /var/log/nginx/git.dloc.error.log;

   ssl                 on;
   ssl_certificate     /etc/ssl/dloc/dloc.crt;
   ssl_certificate_key /etc/ssl/dloc/dloc.key;

location / {
  root  /var/git;
}

location ~ /git(/.*) {
    gzip off;
    root /var/git;
    include fastcgi_params;

    fastcgi_param SCRIPT_FILENAME /usr/local/libexec/git-core/git-http-backend;
    fastcgi_param DOCUMENT_ROOT /usr/local/libexec/git-core;
    fastcgi_param SCRIPT_NAME git-http-backend;
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    fastcgi_param GIT_PROJECT_ROOT /var/git/;
    fastcgi_param PATH_INFO $uri;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_pass unix:/var/run/cgit-fastcgi/cgit-fastcgi.socket;
  }
}

FastCGI-Socket

foobar@dloc:/var/git/lw/bla.git$ ls -al /var/run/cgit-fastcgi/
total 0
drwxrwx---  2 www-data www-data  80 Feb 21 21:23 .
drwxr-xr-x 21 root     root     760 Feb 22 16:14 ..
-rw-r--r--  1 www-data www-data   0 Feb 21 21:23 cgit-fastcgi.pid
srwxr-xr-x  1 www-data www-data   0 Feb 20 22:01 cgit-fastcgi.socket

git-http-backend

foobar@dloc:/var/git/lw$ sudo ls -al /usr/local/libexec/git-core/git-http-backend 
-rwxr-xr-x 1 root staff 4447063 Feb 13 23:45 /usr/local/libexec/git-core/git-http-backend

Git-Repository

foobar@dloc:~$ ls -al /var/git/lw/
drwxr-xr-x 7 www-data www-data 4096 Feb 22 00:36 bla.git

Es wurde erstellt von:

git --bare init bla.git && \
git config --local --add http.receivepack true && \
git update-server-info
chown -R www-data:www-data bla.git

Vollständige Ausführlichkeit des Client-Pushs

* Couldn't find host git.dloc.com in the .netrc file; using defaults
*   Trying 192.168.1.45...
* Connected to git.dloc.com (192.168.1.45) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
   CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: CN=*.dloc.de
*    start date: 2014-11-03 18:44:22 GMT
*    expire date: 2015-05-02 18:44:22 GMT
*    subjectAltName: git.dloc.com matched
*    issuer: O=Root CA; OU=http://www.cacert.org; CN=CA Cert Signing Authority;    [email protected]
*    SSL certificate verify ok.
> GET /lw/bla.git/info/refs?service=git-receive-pack HTTP/1.1
User-Agent: git/2.3.0
Host: git.dloc.com
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Server: nginx/1.6.2
< Date: Sun, 22 Feb 2015 16:07:58 GMT
< Content-Type: application/octet-stream
< Content-Length: 0
< Last-Modified: Sun, 22 Feb 2015 15:19:11 GMT
< Connection: keep-alive
< ETag: "54e9f36f-0"
< Accept-Ranges: bytes
< 
* Connection #0 to host git.dloc.com left intact
* Couldn't find host git.dloc.com in the .netrc file; using defaults
* Found bundle for host git.dloc.com: 0x1070d60
* Re-using existing connection! (#0) with host git.dloc.com
* Connected to git.dloc.com (192.168.1.45) port 443 (#0)
> GET /lw/bla.git/HEAD HTTP/1.1
User-Agent: git/2.3.0
Host: git.dloc.com
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Server: nginx/1.6.2
< Date: Sun, 22 Feb 2015 16:07:58 GMT
< Content-Type: application/octet-stream
< Content-Length: 23
< Last-Modified: Sat, 21 Feb 2015 22:25:43 GMT
< Connection: keep-alive
< ETag: "54e905e7-17"
< Accept-Ranges: bytes
< 
* Connection #0 to host git.dloc.com left intact
* Couldn't find host git.dloc.com in the .netrc file; using defaults
*   Trying 192.168.1.45...
* Connected to git.dloc.com (192.168.1.45) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
   CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: CN=*.dloc.de
*    start date: 2014-11-03 18:44:22 GMT
*    expire date: 2015-05-02 18:44:22 GMT
*    subjectAltName: git.dloc.com matched
*    issuer: O=Root CA; OU=http://www.cacert.org; CN=CA Cert Signing Authority;   [email protected]
*    SSL certificate verify ok.
> PROPFIND /lw/bla.git/ HTTP/1.1
User-Agent: git/2.3.0
Host: git.dloc.com
Accept: */*
Depth: 0
Content-Type: text/xml
Content-Length: 168
Expect: 100-continue

* The requested URL returned error: 405 Not Allowed
* Closing connection 0
error: Cannot access URL https://git.dloc.com/lw/bla.git/, return code 22
fatal: git-http-push failed
error: failed to push some refs to 'https://git.dloc.com/lw/bla.git'

Ich denke, dass die Anfrage nicht über das intelligente HTTP-Backend bedient wird. Ich konnte den Grund dafür jedoch nicht ermitteln.

Hat jemand eine Ahnung, was mit meiner Konfiguration nicht stimmt?

Dank im Voraus.

Antwort1

Oh, Entschuldigung, das war mein Fehler.

Das Problem mit meiner Konfiguration bestand darin, dass ich das Repository über https_://dlock.../lw/bla geklont habe, was aus folgendem Grund erfolgreich funktionierte:

location / {
  root  /var/git;
}

Erwartet aber location ~ /git(/.*) {auf jeden Fall: https_://dloc.../git/lw/bla, um Anfragen über ein intelligentes HTTP-Backend zu bedienen m(.

Falls jemand auf dasselbe Problem stößt, funktioniert bei mir die folgende Konfiguration (mit cgit):

server {
   listen 443;
   server_name git.dloc.com;
   access_log /var/log/nginx/git.dloc.access.log main;
   error_log /var/log/nginx/git.dloc.error.log;

   ssl                 on;
   ssl_certificate     /etc/ssl/dloc/dloc.crt;
   ssl_certificate_key /etc/ssl/dloc/dloc.key;

   auth_basic "Login";
   auth_basic_user_file /etc/apache2/passwd/git.pwd;
   location ~ /\. { deny  all; }

   location ~ /git(.*) {
      include /etc/nginx/fastcgi_params;
      fastcgi_param SCRIPT_FILENAME /usr/local/libexec/git-core/git-http-backend;
      fastcgi_param GIT_HTTP_EXPORT_ALL "";
      fastcgi_param GIT_PROJECT_ROOT /var/git;
      fastcgi_param PATH_INFO $1;
      fastcgi_pass      unix:/var/run/cgit-fastcgi/cgit-fastcgi.socket;
   }

   try_files $uri @cgit;

   # Serve static files
   location ~* ^.+\.(css|png|ico)$ {
      root /var/www/cgit;
      expires 30d;
   }

   location @cgit {
     include fastcgi_params;
     fastcgi_param       SCRIPT_FILENAME /var/www/cgit/cgit.cgi;
     fastcgi_pass        unix:/var/run/cgit-fastcgi/cgit-fastcgi.socket;
     fastcgi_param HTTP_HOST $server_name;
     fastcgi_param PATH_INFO $uri;
     fastcgi_param QUERY_INFO $uri;
  }
}

verwandte Informationen