* Access to git repository through squid proxy: The remote end hung up unexpectedly
@ 2011-12-10 8:56 Mathieu Peltier
2011-12-10 15:37 ` Konstantin Khomoutov
2011-12-10 22:58 ` Konstantin Khomoutov
0 siblings, 2 replies; 5+ messages in thread
From: Mathieu Peltier @ 2011-12-10 8:56 UTC (permalink / raw)
To: git
Hi,
I am trying to access a git repository (git:// URL) through a squid proxy.
squid allows CONNECT for port 9418:
$ more /etc/squid/squid.conf
...
acl password proxy_auth REQUIRED
acl git_port port 9418
...
http_access allow CONNECT git_port password
http_access deny CONNECT !SSL_ports
The proxy server can connect to git server :
$ telnet git.server.org 9418
Trying w.x.y.z...
Connected to git.server.org.
Escape character is '^]'.
Here is the error I get on the client side:
$ git config --list
core.gitproxy=gitproxy.sh
$ more ~/bin/gitproxy.sh
#!/bin/sh
PROXY=x.domain.org
PROXYPORT=8080
PROXYAUTH=user:pass
DEBUG="-d -d -d -d"
exec socat $DEBUG - PROXY:$PROXY:$1:$2,proxyport=$PROXYPORT,proxyauth=$PROXYAUTH
$ git clone git://git.server.org/gitroot/repo/repo
Initialized empty Git repository in /tmp/GIT/repo/.git/
...
2011/12/09 12:22:44 socat[21428] D socat version 1.7.1.3 on Aug 23 2010 23:26:54
2011/12/09 12:22:44 socat[21428] D setenv("SOCAT_VERSION", "1.7.1.3", 1)
...
2011/12/09 12:22:44 socat[21428] D running on Linux version #1 SMP Tue
Mar 23 09:47:08 UTC 2010, release x.y
2011/12/09 12:22:44 socat[21428] D argv[0]: "socat"
2011/12/09 12:22:44 socat[21428] D argv[1]: "-d"
2011/12/09 12:22:44 socat[21428] D argv[2]: "-d"
2011/12/09 12:22:44 socat[21428] D argv[3]: "-d"
2011/12/09 12:22:44 socat[21428] D argv[4]: "-d"
2011/12/09 12:22:44 socat[21428] D argv[5]: "-"
2011/12/09 12:22:44 socat[21428] D argv[6]:
"PROXY:x.domain.org:git.server.org:9418,proxyport=8080,proxyauth=user:pass"
...
2011/12/09 12:22:44 socat[21428] I setting option "proxyport" to "8080"
2011/12/09 12:22:44 socat[21428] I setting option
"proxy-authorization" to "user:pass"
...
2011/12/09 12:22:44 socat[21428] I sending "CONNECT
git.server.org:9418 HTTP/1.0\r\n"
...
2011/12/09 12:22:44 socat[21428] I proxy_connect: received answer
"HTTP/1.1 403 OK\r\n"
2011/12/09 12:22:44 socat[21428] E CONNECT git.server.org:9418: OK
2011/12/09 12:22:44 socat[21428] N exit(1)
2011/12/09 12:22:44 socat[21428] I shutdown(3, 2)
2011/12/09 12:22:44 socat[21428] D shutdown() -> 0
fatal: The remote end hung up unexpectedly
I tried to use also nc but I get the same error.
Any advice?
Thanks in advance,
Mathieu
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Access to git repository through squid proxy: The remote end hung up unexpectedly
2011-12-10 8:56 Access to git repository through squid proxy: The remote end hung up unexpectedly Mathieu Peltier
@ 2011-12-10 15:37 ` Konstantin Khomoutov
2011-12-10 17:56 ` Mathieu Peltier
2011-12-10 22:58 ` Konstantin Khomoutov
1 sibling, 1 reply; 5+ messages in thread
From: Konstantin Khomoutov @ 2011-12-10 15:37 UTC (permalink / raw)
To: Mathieu Peltier; +Cc: git
On Sat, 10 Dec 2011 09:56:07 +0100
Mathieu Peltier <mathieu.peltier@gmail.com> wrote:
> Hi,
> I am trying to access a git repository (git:// URL) through a squid
> proxy.
>
> squid allows CONNECT for port 9418:
[...]
> 2011/12/09 12:22:44 socat[21428] D shutdown() -> 0
> fatal: The remote end hung up unexpectedly
>
> I tried to use also nc but I get the same error.
> Any advice?
I think you have to verify the git-daemon (you did not say you're using
git-daemon, but it can be presupposed based on the port number) works
by itself before starting to wrap it into layers of complexity.
What happens if you try to clone a git repo directly, without any
tunneling? If this is not possible, try to clone on the host running
git-daemon (use an URL like git://localhost/path/to/repo.git).
If it fails (I suppose it will), try increasing the daemon verbosity
(see git-daemon) manpage.
After all, may be it's as simple as forgetting to `touch` git-export-ok
file in the repository you're trying to clone.
P.S.
As a side note: why are you trying to implement such a strange setup?
Why not just use plain old SSH which just works and provides good level
of security (contrary to Basic HTTP authentication you might be using).
If you need a level of control about who can do what with the repository
you could look at https://github.com/sitaramc/gitolite
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Access to git repository through squid proxy: The remote end hung up unexpectedly
2011-12-10 8:56 Access to git repository through squid proxy: The remote end hung up unexpectedly Mathieu Peltier
2011-12-10 15:37 ` Konstantin Khomoutov
@ 2011-12-10 22:58 ` Konstantin Khomoutov
2011-12-12 9:25 ` Mathieu Peltier
1 sibling, 1 reply; 5+ messages in thread
From: Konstantin Khomoutov @ 2011-12-10 22:58 UTC (permalink / raw)
To: Mathieu Peltier; +Cc: git
On Sat, Dec 10, 2011 at 09:56:07AM +0100, Mathieu Peltier wrote:
[...]
> 2011/12/09 12:22:44 socat[21428] I setting option "proxyport" to "8080"
> 2011/12/09 12:22:44 socat[21428] I setting option
> "proxy-authorization" to "user:pass"
> ...
> 2011/12/09 12:22:44 socat[21428] I sending "CONNECT
> git.server.org:9418 HTTP/1.0\r\n"
> ...
> 2011/12/09 12:22:44 socat[21428] I proxy_connect: received answer
> "HTTP/1.1 403 OK\r\n"
> 2011/12/09 12:22:44 socat[21428] E CONNECT git.server.org:9418: OK
> 2011/12/09 12:22:44 socat[21428] N exit(1)
> 2011/12/09 12:22:44 socat[21428] I shutdown(3, 2)
> 2011/12/09 12:22:44 socat[21428] D shutdown() -> 0
> fatal: The remote end hung up unexpectedly
[...]
HTTP 403 means "access denied" or "forbidden".
IIRC, a proxy (or any other HTTP-speaking server) should respond with
the 401 code when a client first requests a protected resource, and the
client is then supposed to retry its request but this time it should
provide an authentication info (and the auth mech selected).
You have an ellipsis in your debug output in the place that exchange is
supposed to be happening so I'm unable to dig deeper.
Looks like either your socat supplies incorrect credentials or proxy
does not ask socat to actually authenticate and just denies the request.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Access to git repository through squid proxy: The remote end hung up unexpectedly
2011-12-10 22:58 ` Konstantin Khomoutov
@ 2011-12-12 9:25 ` Mathieu Peltier
0 siblings, 0 replies; 5+ messages in thread
From: Mathieu Peltier @ 2011-12-12 9:25 UTC (permalink / raw)
To: Konstantin Khomoutov; +Cc: git
> Looks like either your socat supplies incorrect credentials or proxy
> does not ask socat to actually authenticate and just denies the request.
The problem is solved. Sorry in fact it was just a problem with the
proxy configuration: the squid proxy was configured to use another
proxy server which was denying to use HTTP connect on 9418 port...
Thanks for you help.
Mathieu
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-12-12 9:26 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-10 8:56 Access to git repository through squid proxy: The remote end hung up unexpectedly Mathieu Peltier
2011-12-10 15:37 ` Konstantin Khomoutov
2011-12-10 17:56 ` Mathieu Peltier
2011-12-10 22:58 ` Konstantin Khomoutov
2011-12-12 9:25 ` Mathieu Peltier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).