On Tue, Aug 24, 2010 at 9:34 AM, Marius Mårnes Mathiesen < marius.mathie...@gmail.com> wrote:
> On Mon, Aug 23, 2010 at 1:13 PM, Benjamin Podszun < > benjamin.pods...@gmail.com> wrote: > >> Navigating to my site I see this in the logs: >> >> ==> /var/log/apache2/gitorious_ssl_access.log <== >> 10.20.10.70 - - [23/Aug/2010:14:09:45 +0300] "GET / HTTP/1.1" 401 2912 "-" >> "Links (2.2; Linux 2.6.31-16-generic-pae i686; 157x46)" >> 10.20.10.70 - - [23/Aug/2010:14:09:45 +0300] "GET / HTTP/1.1" 401 341 >> >> That's fine, it's asking for credentials >> > > This is Apache requesting credentials, right? > Exactly. I'm asked to make the site ask for domain credentials because we cannot hide projects (yet?), so anyone could basically browse our sources from the outside otherwise, even if it's just readonly. > ==> /var/log/apache2/gitorious_ssl_access.log <== >> 10.20.10.70 - mydomain\\Benjamin.Podszun [23/Aug/2010:14:09:52 +0300] "GET >> / HTTP/1.1" 302 2896 "-" "Links (2.2; Linux 2.6.31-16-generic-pae i686; >> 157x46)" >> 10.20.10.70 - mydomain\\Benjamin.Podszun [23/Aug/2010:14:09:52 +0300] "GET >> / HTTP/1.1" 302 94 >> >> That's bad. I logged in sucessfully but get a redirect >> > > Well, from what I understand you just gave your Apache credentials, right? > Is this about the behaviour you're looking for: > > - GET / (over SSL) => 401, require Apache authentication > - GET / (over SSL, with credentials) => 200 > Right, that would be what I'd expect. Maybe I'm really just missing something on my part, but it sure seems like Gitorious is being too clever here. > For the redirects, what Location header are you receiving? What does the > Rails log tell you? > Headers: bpods...@gitorious:/$ curl -k -I --anyauth -u domain\\benjamin.podszun https://10.10.10.67 Enter host password for user 'domain\benjamin.podszun': HTTP/1.1 401 Authorization Required Date: Tue, 24 Aug 2010 10:24:11 GMT Server: Apache/2.2.14 (Ubuntu) WWW-Authenticate: Basic realm="Gitorious" Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 HTTP/1.1 302 Found Date: Tue, 24 Aug 2010 10:24:11 GMT Server: Apache/2.2.14 (Ubuntu) X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.14 X-Runtime: 2 Cache-Control: no-cache Set-Cookie: _gitorious_sess=c97794b6cf38d50f763ceed4675134e0; domain=. git.mydomain.com; path=/; expires=Tue, 14 Sep 2010 11:24:11 GMT; HttpOnly Location: http://10.10.10.67/ Content-Length: 85 Status: 302 Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Since we're getting the X- headers here I'm really convinced that this response is coming from rails somehow.. Rails log: We're talking about the production log, right? Nothing at all. No entries for quite a while (only old ones where it complained about me using the subdomain "git" and ultrasphinx missing spelling support, both fixed). Can I make it more chatty? Thanks a lot for spending time in this thread. I'm really lost. I'm decent on the linux/administration side, I guess, but rails is still a mistery. Regards, Ben -- To post to this group, send email to gitorious@googlegroups.com To unsubscribe from this group, send email to gitorious+unsubscr...@googlegroups.com
