redmine with smart http and redmine_git_hosting does not allow pushing to repository

Question

Redmine version: 3.4.4.stable redmine_git_hosting plugin version: 1.2.3 gitolite v.3

HTTPS only access to repositories. I can clone OK but when pushing I get the following error:

fatal: Authentication failed for '<repo URL>'

On the server side in the git_hosting.log I get the following error however:

SmartHttp : your are trying to push data without SSL!, exiting !

I am confused on what the real cause of the problem is

My virtual host redmine configuration file is:

`<VirtualHost *:443>
    ServerName .....
    ServerAlias ......
    ServerAdmin ....
    DocumentRoot  /opt/redmine/public
    PassengerRuby ......
    PassengerFriendlyErrorPages on

    ErrorLog /var/log/httpd/redmine-error_log
    CustomLog /var/log/httpd/redmine-access_log common

    <Directory "/opt/redmine">
      Require all granted
      # MultiViews must be turned off
      Options -MultiViews
    </Directory>

    PerlLoadModule Apache::Authn::Redmine

    <Location />
     Order allow,deny
     Allow from all

    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler

    RedmineDSN "DBI:Pg:database=redmine;host=127.0.0.1"
    RedmineDbUser "redmine"
    RedmineDbPass "xxxxx"

    RedmineGitSmartHttp yes
  </Location>
</VirtualHost>`

Thanx in advance for any help!

Answer 1

OK, I've figured it out (no thanx to the obscure error messages). I must be the only one who is using https! Basically my virtual host configuration is missing the 3 entries re SSL:

SSLEngine on SSLCertificateFile SSLCertificateKeyFile

Answer 2

This is an issue with SSL termination, when you talk to Git via HTTP/HTTPS.

In case you are using Redmine behind the NGINX reverse proxy you should add an extra header to preserve information about the original request scheme:

proxy_set_header   X-Forwarded-Proto $scheme;

For Apache doing the SSL termination the values should be:

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

In your case you are listening on *:443 and did not specify the SSL certificate settings for your virtual host. Another option would be to set "HTTP Only" for SmartHTTP under Redmine settings.