| Issue 1028: | Cannot create new branch if using listenUrl = proxy-http:... | |
| 2 people starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.1.8 What steps will reproduce the problem? 1. Configure gerrit with listenUrl = proxy-http://*:8080/gerrit/ 2. try to create a new branch in a project via the web UI What is the expected output? What do you see instead? Web UI gives 'internal error' and error log has: [2011-06-29 16:33:56,033] WARN /gerrit : Error in addBranch com.google.inject.ProvisionException: Guice provision errors: 1) Cannot get @RemotePeer while locating com.google.gerrit.httpd.HttpRemotePeerProvider while locating java.net.SocketAddress annotated with interface com.google.gerrit.server.RemotePeer 1 error at com.google.inject.InjectorImpl$4.get(InjectorImpl.java:767) at com.google.gerrit.server.IdentifiedUser.newRefLogIdent(IdentifiedUser.java:315) at com.google.gerrit.server.IdentifiedUser.newRefLogIdent(IdentifiedUser.java:293) at com.google.gerrit.httpd.rpc.project.AddBranch.call(AddBranch.java:140) at com.google.gerrit.httpd.rpc.project.AddBranch.call(AddBranch.java:49) at com.google.gerrit.httpd.rpc.Handler.to(Handler.java:65) at com.google.gerrit.httpd.rpc.project.ProjectAdminServiceImpl.addBranch(ProjectAdminServiceImpl.java:108) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at com.google.gwtjsonrpc.server.MethodHandle.invoke(MethodHandle.java:91) at com.google.gwtjsonrpc.server.JsonServlet.doService(JsonServlet.java:382) at com.google.gwtjsonrpc.server.JsonServlet.service(JsonServlet.java:268) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:216) at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:141) at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:63) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:76) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.gerrit.httpd.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:54) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:122) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:110) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:473) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:921) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:403) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:856) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114) at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:59) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114) at org.eclipse.jetty.server.Server.handle(Server.java:352) at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:596) at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1069) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:805) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218) at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:426) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:510) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.access$000(SelectChannelEndPoint.java:34) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:450) at java.lang.Thread.run(Thread.java:636) Caused by: java.net.UnknownHostException: unknown at java.net.InetAddress.getAllByName0(InetAddress.java:1201) at java.net.InetAddress.getAllByName(InetAddress.java:1128) at java.net.InetAddress.getAllByName(InetAddress.java:1064) at java.net.InetAddress.getByName(InetAddress.java:1014) at com.google.gerrit.httpd.HttpRemotePeerProvider.get(HttpRemotePeerProvider.java:43) at com.google.gerrit.httpd.HttpRemotePeerProvider.get(HttpRemotePeerProvider.java:29) at com.google.inject.BoundProviderFactory.get(BoundProviderFactory.java:58) at com.google.inject.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:45) at com.google.inject.InjectorImpl.callInContext(InjectorImpl.java:811) at com.google.inject.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:42) at com.google.inject.servlet.ServletScopes$1$1.get(ServletScopes.java:53) at com.google.inject.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:48) at com.google.inject.InjectorImpl$4$1.call(InjectorImpl.java:758) at com.google.inject.InjectorImpl.callInContext(InjectorImpl.java:804) at com.google.inject.InjectorImpl$4.get(InjectorImpl.java:754) ... 52 more If I switch requestLog on, I see that all requests are logged with 'unknown' peer address in httpd_log. If I change to listenUrl = http:... (without proxy-), it works (and httpd_log has the correct peer address).
Jun 29, 2011
#1
sop@google.com
Status:
AwaitingInformation
Jun 30, 2011
My reverse proxy is Apache httpd 2.2.9 with this configuration:
ProxyPass /gerrit/ http://backend:8080/gerrit/
ProxyPassReverse /gerrit/ http://backend:8080/gerrit/
It seems the problem is that the reverse proxy is accessed via another squid proxy, which adds
X-Forwarded-For: unknown
(see http://www.squid-cache.org/Doc/config/forwarded_for/). Apache HTTPD then merges this to
X-Forwarded-For: unknown, 192.168.3.4
So the bug in gerrit is that it uses the first value in the X-Forwarded-For header while it should be using the last. All values in X-Forwarded-For except for the last value (which is added by the reverse proxy) are not trustworthy and may be faked by any client. The current behaviour seems like a security problem.
Jan 31, 2012
The status is still "AwaitingInformation". I think I have provided the information you requested. Please change the status.
Aug 10, 2015
Ping. Please remove the "AwaitingInformation" status.
Aug 10, 2015
(No comment was entered for this change.)
Status:
New
Aug 10, 2015
Thanks. This still happens with gerrit 2.11.2 |
|
| ► Sign in to add a comment |