search

louketo / louketo-proxy

A OpenID / Proxy service
Apache License 2.0
950 stars 343 forks source link

Git through Louketo proxy is broken #647

Open ghost opened 4 years ago

ghost commented 4 years ago

Title

Git through Louketo proxy is broken

Summary

My Git server is behind a Louketo Proxy, but unfortunately, I cannot clone/push/pull Git repositories through Louketo (clones fail), while it works when I do not use Louketo.

Environment

Expected Results

A successful Git clone.

Actual Results

Actual Git clone:

10:36:34.026499 git.c:442               trace: built-in: git clone -v https://172.42.42.1:31443/project.git
Cloning into 'project'...
10:36:34.028525 run-command.c:663       trace: run_command: git-remote-https origin https://172.42.42.1:31443/project.git
* Couldn't find host 172.42.42.1 in the .netrc file; using defaults
*   Trying 172.42.42.1:31443...
* Connected to 172.42.42.1 (172.42.42.1) port 31443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=XXX
*  start date: Jun 16 13:03:58 2020 GMT
*  expire date: Nov  2 13:03:58 2047 GMT
*  issuer: CN=XXX
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56099b38c0f0)
> GET /project.git/info/refs?service=git-upload-pack HTTP/2
Host: 172.42.42.1:31443
user-agent: git/2.27.0
accept: */*
accept-encoding: deflate, gzip
pragma: no-cache

* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 401 
< cache-control: no-cache
< content-type: text/plain; charset=utf-8
< date: Fri, 19 Jun 2020 08:36:34 GMT
< referrer-policy: strict-origin-when-cross-origin
< server: nginx
< set-cookie: experimentation_subject_id=XXX; path=/; expires=Tue, 19 Jun 2040 08:36:34 -0000; secure; HttpOnly; SameSite=None
< www-authenticate: Basic realm="GitLab"
< x-content-type-options: nosniff
< x-download-options: noopen
< x-frame-options: DENY
< x-permitted-cross-domain-policies: none
< x-request-id: d367f623-ef96-4ef5-bd5e-ccedf9febbb1
< x-runtime: 0.020089
< x-ua-compatible: IE=edge
< x-xss-protection: 1; mode=block
< content-length: 26
< 
* Connection #0 to host 172.42.42.1 left intact
10:36:34.237424 run-command.c:663       trace: run_command: '/usr/lib/git-core/git-credential-libsecret get'
* Found bundle for host 172.42.42.1: 0x56099b375530 [can multiplex]
* Re-using existing connection! (#0) with host 172.42.42.1
* Connected to 172.42.42.1 (172.42.42.1) port 31443 (#0)
* Server auth using Basic with user 'user'
* Using Stream ID: 3 (easy handle 0x56099b38c0f0)
> GET /project.git/info/refs?service=git-upload-pack HTTP/2
Host: 172.42.42.1:31443
authorization: Basic XXX
user-agent: git/2.27.0
accept: */*
accept-encoding: deflate, gzip
pragma: no-cache

< HTTP/2 200 
< cache-control: no-cache
< content-type: application/x-git-upload-pack-advertisement
< date: Fri, 19 Jun 2020 08:36:34 GMT
< referrer-policy: strict-origin-when-cross-origin
< server: nginx
< strict-transport-security: max-age=31536000
< content-length: 351
< 
* Connection #0 to host 172.42.42.1 left intact
10:36:34.501949 run-command.c:663       trace: run_command: '/usr/lib/git-core/git-credential-libsecret store'
10:36:34.537130 pkt-line.c:80           packet:          git< # service=git-upload-pack
10:36:34.537178 pkt-line.c:80           packet:          git< 0000
10:36:34.537187 pkt-line.c:80           packet:          git< 6f108714715b207665f564edb0550c6e70f3795c HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since deepen-not deepen-relative no-progress include-tag multi_ack_detailed no-done symref=HEAD:refs/heads/master agent=git/2.26.2
10:36:34.537193 pkt-line.c:80           packet:          git< 6f108714715b207665f564edb0550c6e70f3795c refs/heads/master
10:36:34.537196 pkt-line.c:80           packet:          git< 0000
10:36:34.539308 pkt-line.c:80           packet:          git> 6f108714715b207665f564edb0550c6e70f3795c refs/heads/master
10:36:34.539343 pkt-line.c:80           packet:          git> 6f108714715b207665f564edb0550c6e70f3795c refs/heads/master
10:36:34.539347 pkt-line.c:80           packet:          git> 0000
10:36:34.539412 run-command.c:663       trace: run_command: git fetch-pack --stateless-rpc --stdin --lock-pack --thin --check-self-contained-and-connected --cloning https://172.42.42.1:31443/project.git/
10:36:34.544292 git.c:442               trace: built-in: git fetch-pack --stateless-rpc --stdin --lock-pack --thin --check-self-contained-and-connected --cloning https://172.42.42.1:31443/project.git/
10:36:34.544359 pkt-line.c:80           packet:   fetch-pack< 6f108714715b207665f564edb0550c6e70f3795c refs/heads/master
10:36:34.544363 pkt-line.c:80           packet:   fetch-pack< 6f108714715b207665f564edb0550c6e70f3795c refs/heads/master
10:36:34.544365 pkt-line.c:80           packet:   fetch-pack< 0000
10:36:34.544368 pkt-line.c:80           packet:   fetch-pack< 6f108714715b207665f564edb0550c6e70f3795c HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since deepen-not deepen-relative no-progress include-tag multi_ack_detailed no-done symref=HEAD:refs/heads/master agent=git/2.26.2
10:36:34.544374 pkt-line.c:80           packet:   fetch-pack< 6f108714715b207665f564edb0550c6e70f3795c refs/heads/master
10:36:34.544376 pkt-line.c:80           packet:   fetch-pack< 0000
10:36:34.544538 pkt-line.c:80           packet:   fetch-pack> want 6f108714715b207665f564edb0550c6e70f3795c multi_ack_detailed no-done side-band-64k thin-pack ofs-delta deepen-since deepen-not agent=git/2.27.0
10:36:34.544570 pkt-line.c:80           packet:   fetch-pack> 0000
10:36:34.544589 pkt-line.c:80           packet:   fetch-pack> done
10:36:34.544614 pkt-line.c:80           packet:   fetch-pack> 0000
10:36:34.544672 pkt-line.c:80           packet:          git< 0098want 6f108714715b207665f564edb0550c6e70f3795c multi_ack_detailed no-done side-band-64k thin-pack ofs-delta deepen-since deepen-not agent=git/2.27.000000009done
10:36:34.544716 pkt-line.c:80           packet:          git< 0000
POST git-upload-pack (165 bytes)
* Found bundle for host 172.42.42.1: 0x56099b375530 [can multiplex]
* Re-using existing connection! (#0) with host 172.42.42.1
* Connected to 172.42.42.1 (172.42.42.1) port 31443 (#0)
* Server auth using Basic with user 'user'
* Using Stream ID: 5 (easy handle 0x56099b38c0f0)
> POST /project.git/git-upload-pack HTTP/2
Host: 172.42.42.1:31443
authorization: Basic eW9oYW4udmlzYWdlOlI2WjQ2ZGJ3
user-agent: git/2.27.0
accept-encoding: deflate, gzip
content-type: application/x-git-upload-pack-request
accept: application/x-git-upload-pack-result
content-length: 165

* We are completely uploaded and fine
* HTTP/2 stream 0 was not closed cleanly: Unknown error code (err 2)
* stopped the pause stream!
* Connection #0 to host 172.42.42.1 left intact
error: RPC failed; curl 92 HTTP/2 stream 0 was not closed cleanly: Unknown error code (err 2)
fatal: the remote end hung up unexpectedly

I am unable to clone anything.

Steps to reproduce

git clone https://172.42.42.1:31443/project.git

Where 31443 point to Louketo Proxy container. Louketo Proxy upstream URL is the Git instance.

Additional Information

My goal is to add a Louketo Proxy on a Kubernetes cluster, before the ingress controller.

Nuru commented 4 years ago

At the moment. the proxy does not properly and fully support HTTP2. See #575