I have a working gerrit installation, the only thing is, gerrit is configured with HTTP authentication backend, and nginx handle the authentication.
Now, I want to use gerrit restapi (just to set Verified label via curl as a specific user). for that I need to use http password generated by gerrit in setting panel. so you can see the problem. there is two different password. first I try to set same password for both, (nginx password is in my control, gerrit is not) then I change try to create a new location for /a/ (gerrit prefix for authentication) and remove the nginx password on that route, yet no luck. the final nginx config is :
location /a/ {
proxy_pass http://127.0.0.1:8118;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
auth_basic "Gerrit";
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location / {
proxy_pass http://127.0.0.1:8118;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
auth_basic "Gerrit";
auth_basic_user_file /etc/nginx/conf.d/gerrit.htpasswd;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
my gerrit config is :
[gerrit]
basePath = git
canonicalWebUrl = http://gerrit.example.com/
[database]
type = postgresql
hostname = 127.0.0.1
database = reviewdb
username = gerrit2
[index]
type = LUCENE
[auth]
type = HTTP
[sendemail]
smtpServer = mail.vada.ir
from = ${user} Code Review <git@vada.ir>
smtpUser = git@vada.ir
smtpPass = T7SMkUYRqMP
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://127.0.0.1:8118/
[cache]
directory = cache
[plugins]
allowRemoteAdmin = true
changing the gerrit authentication is only an option if we can protect it from registration.
Thank you.