This article will describe installing Gerrit.
Table of Contents
1 Install Gerrit
In case of personal development and closed environment, you don't have to change authentication type from "DEVELOPMENT_BECOME_ANY_ACCOUNT" which allows any remote user to access all operation.
The following script will install Gerrit.
#!/bin/sh -e # Access to http://<hostname>:8080/. cat <<EOF | sudo tee /etc/apt/sources.list.d/gerritforge.list deb [trusted=yes] http://deb.gerritforge.com/ gerrit contrib EOF sudo apt update -y sudo apt install -y openjdk-8-jdk haveged sudo update-java-alternatives -s java-1.8.0-openjdk-amd64 sudo apt install -y gerrit sudo systemctl enable gerrit sudo reboot
Access to the following URL.
http://<hostname>:8080
Welcome page is displayed.
DEVELOPMENT_BECOME_ANY_ACCOUNT can switch to all user.
"git clone" can be used via HTTP and SSH.
$ git clone http://<hostname>:8080/<project>.git $ git clone ssh://<hostname>:49128/<project>.git
2 Change authentication type to HTTP
If there are few developer and closed environment, you can use "HTTP" as an authentication type.
"HTTP" uses the username and password of Apache digest authentication.
The following script will change authentication type to HTTP and setup Apache.
#!/bin/sh -e GERRIT_ADMIN_PASSWD=gerrit PORT=8080 FQDN=$(hostname -f) # Make gerrit to accept only http://localhost:8080/ but to recognize # http://<hostname>/ as web site URL. sudo cp /etc/gerrit/gerrit.config /etc/gerrit/gerrit.config.orig sudo sed -i /etc/gerrit/gerrit.config \ -e "s;type = DEVELOPMENT_BECOME_ANY_ACCOUNT;type = HTTP;g" \ -e "s;canonicalWebUrl = .*;canonicalWebUrl = http://${FQDN}/;g" \ -e "s;listenUrl = .*;listenUrl = proxy-http://localhost:${PORT}/;g" \ -e "s;firstTimeRedirectUrl = \(.*\);;g" # If gerrit.service is enabled and still not complete to start, wait it. while [ "$(systemctl is-active gerrit.service)x" = "activatingx" ]; do sleep 1 done sudo systemctl restart gerrit # Make apache to map http://<hostname>/ to http://localhost:8080/. sudo apt install -y apache2 sudo systemctl enable apache2 cat <<EOF | sudo tee /etc/apache2/sites-available/gerrit.conf ProxyPass / http://localhost:${PORT}/ nocanon ProxyPassReverse / http://localhost:${PORT}/ nocanon ProxyRequests Off <Proxy http://localhost:${PORT}/> Order deny,allow Allow from all </Proxy> <Location /> AuthType Digest AuthName "gerrit" AuthUserFile /etc/apache2/.htdigest Require valid-user </Location> EOF sudo a2enmod proxy_http sudo a2enmod auth_digest sudo a2ensite gerrit sudo systemctl restart apache2 # Add gerrit user. You need to add htdigest for each user. yes ${GERRIT_ADMIN_PASSWD} | \ sudo htdigest -c /etc/apache2/.htdigest "gerrit" admin yes ${GERRIT_ADMIN_PASSWD} | \ sudo htdigest /etc/apache2/.htdigest "gerrit" "${USER}"
Access to the following URL.
http://<hostname>
Digest authentication dialog is displayed.
Also admin user cannot switch to account.
"git clone" can be used via HTTP and SSH. HTTP needs to success Apache digest authentication.
$ git clone http://<hostname>/gerrit/<project>.git $ git clone ssh://<hostname>:49128/<project>.git
You need to add entry to htdigest for adding new user.
$ sudo htdigest /etc/apache2/.htdigest "gerrit" ${USER} Adding user hiroom2 in realm gerrit New password: Re-type new password:
Success Apache digest authentication with added user.
Added user profile page is displayed.
Added user needs SSH public key and email. email must be the same with ~/.gitconfig.