commit | 963e5e092c657dd147a78cf1c5b710a1e812be15 | [log] [tgz] |
---|---|---|
author | Dariusz Luksza <dariusz@luksza.org> | Mon Sep 18 13:54:24 2023 +0100 |
committer | Dariusz Luksza <dariusz@luksza.org> | Mon Sep 18 15:47:13 2023 +0100 |
tree | fd4bbb49e38c5d6d3092e4ef599c208319772171 | |
parent | 8ab08cce9685c0cc8db590f5f4fab1c99dd95fe9 [diff] |
Honor X-FORWARDED-HOST when negociating server name In the environemnt where there are multiple hops between Gerrit and a reverse-proxy server (eg. HTTPS => HAProxy => Gerrit). The HTTP request server name may not be actually the name of user facing host. For this purpose a special HTTP header `X-FORWARDED_HOST`[1] is used. The VirutalHostFilter should first check for that header, then fallback to the request server name. [1] https://www.rfc-editor.org/rfc/rfc7239.html#section-5.3 Bug: Issue 300877890 Change-Id: I5a89c216754af7db19b4967f8daaa1c5284b695c
Gerrit lib module to split the projects' space into virtual hosts similarly of what you would do with an HTTP Server and different domain names.
Build this module as it was a Gerrit plugin:
virtualhost
directory to Gerrit /plugins/virtualhost
bazel build plugins/virtualhost
virtualhost.jar
module is generated under /bazel-genfiles/plugins/virtualhost/
Copy virtualhost.jar
library to Gerrit /lib
and add the following two extra settings to gerrit.config
:
[gerrit] installModule = com.gerritforge.gerrit.modules.virtualhost.GuiceModule [httpd] filterClass = com.gerritforge.gerrit.modules.virtualhost.VirtualHostFilter
/etc/virtualhost.config contains the definition of the virtual hosts and the set of projects included.
Each server
section defines a virtual host and contains a set of projects included. Projects are defined using Gerrit ref-matching expressions and can be repeated multiple times to include multiple matchers.
Example to include all the projects starting with team1/
and the ones starting with the username:
[server "team1.mycompany.com"] projects = team1/* projects = ${username}/*
For all the other server names that are not defined and for SSH access, there is a special default section that lists of visible projects.
Example to include all the projects by default:
[default] projects = ^.*