| Issue 1125: | Installation Guide should have a section on dealing with running behind a firewall | |
| 7 people starred this issue and may be notified of changes. | Back to list |
Affected Versions: 2.1 and 2.2
What steps will reproduce the problem?
java -jar gerrit-x.y.z.war init -d review_site
when it gets to the part about 'Bouncy Castle', it can't download the jar file.
Running the installer with:
java -Dhttp.proxyHost=${firewall_host} -Dhttp.proxyPort=${firewall_port} -jar gerrit-x.y.z.war init -d review_site
solves that problem.
On a related note, the Google OpenId provider uses 'https:' in its URL - which again may have
problems with a (corporate) firewall.
I solved this by running '... gerrit-x.y.z.war init -d review_site --no-auto-start'. Once it had
finished, I altered the gerrit.config file in review_site/etc:
...
[container]
user = gerrit
javaHome = /some/path/to/your/favourite/jre
javaOptions=-Dhttps.proxyHost=${firewall_host} -Dhttps.proxyPort=${firewall_port}
[http]
proxy = http://${firewall_host}:${firewall_port}
...
and I was able to register with my Google account as my OpenId
The above information should be easy to add to the documentation - I'll work up a patch later
Nov 14, 2011
just a suggestion: on a (linux) server that runs behind a proxy, usually the environment variable http_proxy is set either in /etc/profile or in /etc/.bashrc: http_proxy=http://<proxy-server-ip>:<port> in situations when this environment variable is present and visible, it may make sense to use its value unless another one is given over the system properties or in gerrit.conf.
Nov 14, 2011
I agree - if the environment variable value is available and no one has set anything in the gerrit.config file, it should be used.
Jan 8, 2014
It looks like this hasn't been addressed yet. I'm installing 2.8, in an attempt to evaluate Gerrit. And I ran into the same problems. Note that my solution was slightly cleaner. I'm starting Gerrit by using the bin/gerrit.sh script instead of a java command. So I defined http.proxyHost, http.proxyPort, https.proxyHost, and https.proxyPort on the javaOptions line in [container]. And I had to create an [http] config section, because in my installation there wasn't one (there was an [httpd] section only). That's where the proxy line goes. |
|
| ► Sign in to add a comment |
An easier way to handle the problems of running behind a firewall is to create a 'pre-configured' review_site: review_site/ ├── etc │ └── gerrit.config └── git └── some_pre_existing_project.git (clone into here with 'git clone --mirror') and in the gerrit.config file, put only the required entries: [container] javaOptions=-Dhttps.proxyHost=${firewall_host} -Dhttps.proxyPort=${firewall_port} [http] proxy = http://${firewall_host}:${firewall_port} When 'gerrit init' runs, it will use the existing artifacts and will add (without overwriting!) any additional directories/file/[entries] as necessary. One still needs to specify the http.proxyHost/http.proxyPort on the command-line: java -Dhttp.proxyHost=${firewall_host} -Dhttp.proxyPort=${firewall_port} -jar gerrit-x.y.z.war ... Would it make sense to have 'gerrit init' check for a pre-configured gerrit.config file and parse out the http/https settings and set the System properties before any network I/O is performed? It would make the command-line simpler. Perhaps even better would be a new entry in gerrit.config: [https] proxy = https://${firewall_host}:${firewall_port} so that the information is specified in a manner consistent with the [http] entry There may be a bug (?) in that after 'gerrit init' is finished with a pre-configured review_site, it doesn't auto-start the gerrit.sh - even without --no-auto-start on the command line. Is this known/desired behaviour?