Phabricator authentication issue with git

I’ve previously installed Phabricator on a VirtualBox from scratch. It took a bit of work so when I saw Bitnami had a setup for it I thought this would be great. I’ve started the app and I can’t clone or push to a newly created repository. Steps:

  • Start Server with Phabricator app
  • Create repository in diffusion
  • Set read/write for http
  • Set diffusion.allow-http-auth to true
  • Add VCS password for user
  • Reboot server (to restart phd)
    • How should this be done with Bitnami?
  • Attempt a clone

Using GIT_CURL_VERBOSE=1 the error still seems to just be authentication. I’m pretty sure the user names and password are correct. Is there anything else I should check?

can’t really help, but on the page you edit the repo - do you also have a warning about “Missing Binary git-http-backend”?

Yes I did have that warning. I forgot to say that I fixed that. Can you pull, push or clone?

That error seems to be because the git package has moved some things around. The default Phabrictor installer doesn’t handle it either. In standard ubuntu 14.04 you’d do this:

ln -s /usr/lib/git-core/git-http-backend /opt/phabricator/support/bin/

In the bitnami install the they have moved git and are already simlinking so you need to follow that that find the original binary. There are two ways you can fix it. Both need you to log into the server as the bitnami user. Either:

  1. Change environment.append-paths to include /opt/bitnami/git/libexec/git-core
  2. Add a link into the support bin dir by executing:
  • ln -s /opt/bitnami/git/libexec/git-core/git-http-backend /home/bitnami/apps/phabricator/htdocs/support/bin/

didn’t try http so far, as i had this warning and wanted to get ssh working first anyways…

aaah… that’s where it should go… in the preinstalled phabricator-VM i got, the htdocs location is a little different btw:
/opt/bin/apps/phabricator/htdocs

will give it a try via http asap…

aaah… that’s where it should go… in the preinstalled phabricator-VM i got, the htdocs location is a little different btw:
/opt/bin/apps/phabricator/htdocs

That’s where I expected it to be! I’m using AWS. Although I just saw this simply links to /opt/bitnami/apps/phabricator/htdocs on AWS. I don’t own VMWare but did setup a VirtualBox vagrant file that seemed to work (and if not the install and phabricator docs should be able to get you through). I could put that on github if that helps you. Does it help you? Do you use bitnami for anything else? I thought it might be easier to use and maintain but I’m questioning that now.

I didn’t proof read my message and what you quoted was incorrect. The correct command is:
ln -s /opt/bitnami/git/libexec/git-core/git-http-backend /home/bitnami/apps/phabricator/htdocs/support/bin/

back on your original post…

just tried - and can verfiy your error - also am getting:
fatal: Authentication failed for ‘http://…git’
definitly using correct user/pass (only got one).

btw…

i do it with
./phd restart
in /opt/bitnami/app/phabricator/bin

Did you get ssh to work?

didn’t work on it any further yet, would be waiting for an answer from someone in the know - maybe there are some hidden scripts or whatever… but seems there’s not much response to be expected :frowning:

Yeah, I ended up building it from that script of mine on AWS. Works well the only real issue is the domain name and backups but I’ll sort them out later.

Hi,

By default Bitnami VMs have SSH disabled by default, you can check how to enable it at https://wiki.bitnami.com/virtual_appliances_quick_start_guide#How_to_enable_sshd.3f

Do you continue having issues for setting the repositories? We also have a guide to configure it with Git at https://wiki.bitnami.com/Applications/Bitnami_Phabricator

it’s about authentication via http in this thread, no ssh involved afaik.

Hi @markusk, @porcoesphino,

We have investigated it and we have been able to reproduce the issue. In addition of git-http-backend , it seems that there an issue in Phabricator code:
https://secure.phabricator.com/T4921

We are working on a fix and we will release a new version soon. We will also document how to enable HTTP to access the repository.

I’m still curious what the issue is but I’ve setup my own server on AWS. It was simple enough and I don’t understand the changes bitnami had made well enough to justify debugging on a bitnami built server. Lot’s of people seem to like bitnami but I can’t see a huge advantage. What’s the advantage of it over vagrant (AWS plugin) with docker or puppet?

Hi @porcoesphino,

We focus on making deployments for web applications as simple as possible, however we also focus on delivering the best products in terms of performance and security.

Our stacks are isolated from the system (they won’t interfere in any way with your services, in the worst case it will be the other way around), which is also an advantage in case you want to use your server for other things than just one application/stack. Docker containers are also isolated but they are more complicated to manage.

We configure our stacks so they are the most secure possible (e.g. so in the case a hacker manages to get into your server, they can’t do anything apart from modifying some files), in the same way that we configure the stacks so they are as efficient as possible (e.g. with Apache with php-fpm, we also provide configuration files for cloud images which get activated depending on which instance you are using to take advantage of its specifications).

Of course, you may encounter issues in the same way you may encounter them while configuring a server for yourself. In this case, in addition to a missing file, there was an issue in Phabricator’s source code.

Hi @porcoesphino and @markusk,

We have figured out the cause of the issue and we are working on apply the best solution to our Phabricator stack. Please find below the instructions to enable HTTP authentication in your current installation. This steps assume that you have created local repository with HTTP read/write permissions, set diffusion.allow-http-auth and created VCS pass, as described in your first post.

  • Modify the file /opt/bitnami/apps/phabricator/conf/htaccess.conf, an change the line:
    RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
    for:
    RewriteRule ^(.*)$ /index.php?__path__=$1 [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},B,L,QSA]
  • Add the code below to /opt/bitnami/apps/phabricator/htdocs/webroot/index.php:

Just under <?php, at line 2:

if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
  list($name, $password) = explode(':', base64_decode($matches[1]));
  $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
  $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}

//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
  list($name, $password) = explode(':', base64_decode($matches[1]));
  $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
  $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
  • Run the command:
    sudo su -c "cat /opt/bitnami/git/bin/git | sed 's/git /git http-backend /' > /opt/bitnami/git/bin/git-http-backend ; chmod 755 /opt/bitnami/git/bin/git-http-backend"
  • Create a symbolic link to git-http-backend with:
    sudo ln -s /opt/bitnami/git/bin/git-http-backend /opt/bitnami/apps/phabricator/htdocs/support/bin/git-http-backend

Then you can restart all the services with the command:

sudo /opt/bitnami/ctlscript.sh restart

Please also note that:

  • If you are using native installer you will need to substitute /opt/bitnami for your installation directory.
  • If you installed as non-root user, you will have to remove sudo and sudo su -c in the commands above.

We hope that this work for you.

We are also working on a new version that will solve this issue soon and we will keep you in the loop.

Thanks for posting it.