My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1125: Installation Guide should have a section on dealing with running behind a firewall
7 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by mwnor...@gmail.com, Sep 9, 2011
Affected Versions: 2.1 and 2.2

What steps will reproduce the problem?

    java -jar gerrit-x.y.z.war init -d review_site
 
when it gets to the part about 'Bouncy Castle', it can't download the jar file.

Running the installer with:

   java -Dhttp.proxyHost=${firewall_host} -Dhttp.proxyPort=${firewall_port} -jar gerrit-x.y.z.war init -d review_site

solves that problem.

On a related note, the Google OpenId provider uses 'https:' in its URL - which again may have
problems with a (corporate) firewall.

I solved this by running '... gerrit-x.y.z.war init  -d review_site --no-auto-start'.  Once it had
finished, I altered the gerrit.config file in review_site/etc:
...
[container]
        user = gerrit
        javaHome = /some/path/to/your/favourite/jre
        javaOptions=-Dhttps.proxyHost=${firewall_host} -Dhttps.proxyPort=${firewall_port}
  [http]
        proxy = http://${firewall_host}:${firewall_port}
...

and I was able to register with my Google account as my OpenId

The above information should be easy to add to the documentation - I'll work up a patch later

Sep 11, 2011
#1 mwnor...@gmail.com
An easier way to handle the problems of running behind a firewall is to create a 'pre-configured' review_site:

review_site/
├── etc
│   └── gerrit.config
└── git
    └── some_pre_existing_project.git
              (clone into here with 'git clone --mirror')

and in the gerrit.config file, put only the required entries:

[container]
        javaOptions=-Dhttps.proxyHost=${firewall_host} -Dhttps.proxyPort=${firewall_port}
  [http]
        proxy = http://${firewall_host}:${firewall_port}
    
When 'gerrit init' runs, it will use the existing artifacts and will add (without overwriting!) any additional
directories/file/[entries] as necessary.

One still needs to specify the http.proxyHost/http.proxyPort on the command-line:

    java -Dhttp.proxyHost=${firewall_host} -Dhttp.proxyPort=${firewall_port} -jar gerrit-x.y.z.war ...

Would it make sense to have 'gerrit init' check for a pre-configured gerrit.config file and parse out
the http/https settings and set the System properties before any network I/O is performed? It would
make the command-line simpler. Perhaps even better would be a new entry in gerrit.config:
   [https]
       proxy = https://${firewall_host}:${firewall_port}
so that the information is specified in a manner consistent with the [http] entry

There may be a bug (?) in that after 'gerrit init' is finished with a pre-configured review_site, it doesn't
auto-start the gerrit.sh - even without --no-auto-start on the command line. Is this known/desired
behaviour?

Nov 14, 2011
#2 remigius...@descom-consulting.ch
just a suggestion: on a (linux) server that runs behind a proxy, usually the environment variable http_proxy is set either in /etc/profile or in /etc/.bashrc:

http_proxy=http://<proxy-server-ip>:<port>

in situations when this environment variable is present and visible, it may make sense to use its value unless another one is given over the system properties or in gerrit.conf.

Nov 14, 2011
#3 mwnor...@gmail.com
I agree - if the environment variable value is available and no one has set anything in
the gerrit.config file, it should be used.
Jan 8, 2014
#4 todd...@gmail.com
It looks like this hasn't been addressed yet. I'm installing 2.8, in an attempt to evaluate Gerrit. And I ran into the same problems. 

Note that my solution was slightly cleaner. I'm starting Gerrit by using the bin/gerrit.sh script instead of a java command. So I defined http.proxyHost, http.proxyPort, https.proxyHost, and https.proxyPort on the javaOptions line in [container]. And I had to create an [http] config section, because in my installation there wasn't one (there was an [httpd] section only). That's where the proxy line goes.
Sign in to add a comment

Powered by Google Project Hosting