要做一个通过踏板机的ip进行git代码的上传与下载,所以思路不是踏板机上安装nginx反向代理,并且linux服务器也需要提供http方式的访问git,ssh方向不知道怎么进行反向代理。linux服务器也需要使用nginx进行http的设置,使用httpd设置的不好使。
一在服务器上安装git
安装git及相关依赖
yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-devel
yum install git
创建用户git
adduser git
passwd git
为安全考虑需要禁止该用户shell登陆
vi /etc/passwd
git:x:1000:1000::/home/git:/usr/bin/git-shell
[root@localhost bin]
/usr/bin/git-shell
/usr/libexec/git-core/git-shell
用户证书登录
cd /home/git/
mkdir .ssh
chmod 755 .ssh
touch .ssh/authorized_keys
chmod 644 .ssh/authorized_keys
然后将所有登陆用户的公钥保存在 authorized_keys 中。
就是通过ssh_gen 生成自己的密钥COPY到authorized_keys 中一行一个。
初始化仓库 /home/git/test.git
cd /home/git
git init --bare test.git
chown -R git:git test.git
Client端获取仓库
git clone git@ip地址:/home/git/test.git
至此可以通过ssh的方式下载代码库了。
HTTP方式设置
一、配置 EPEL源
sudo yum install -y epel-release
sudo yum -y update
二、安装Nginx
sudo yum install -y nginx
安装成功后,默认的网站目录为: /usr/share/nginx/html
默认的配置文件为:/etc/nginx/nginx.conf
自定义配置文件目录为: /etc/nginx/conf.d/
三、开启端口80和443
如果你的服务器打开了防火墙,你需要运行下面的命令,打开80和443端口。
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
四、安装fcgiwrap
git clone https://github.com/gnosek/fcgiwrap.git
yum install fcgi-devel autoconf automake libtool
cd fcgiwrap && autoreconf -i && ./configure && make && make install
vim /etc/init.d/fcgiwrap
DESC="fcgiwrap daemon"
DEAMON=/usr/bin/spawn-fcgi
PIDFILE=/var/run/spawn-fcgi.pid
FCGI_SOCKET=/var/run/fcgiwrap.socket
FCGI_PROGRAM=/usr/local/sbin/fcgiwrap
FCGI_USER=git
FCGI_GROUP=git
FCGI_EXTRA_OPTIONS="-M 0770"
OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P $PIDFILE -- $FCGI_PROGRAM"
do_start() {
$DEAMON $OPTIONS || echo -n "$DESC already running"
}
do_stop() {
kill -INT `cat $PIDFILE` || echo -n "$DESC not running"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
do_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
do_stop
echo "."
;;
restart)
echo -n "Restarting $DESC: $NAME"
do_stop
do_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart}" >&2
exit 3
;;
esac
exit 0
chmod +x /etc/init.d/fcgiwrap
chkconfig fcgiwrap on
添加 git server 的 nginx 配置
vim /etc/nginx/nginx.conf
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/dev.access.log;
error_log /var/log/nginx/dev.error.log;
location /{
root /home/git/;
}
auth_basic "git";
auth_basic_user_file /usr/local/nginx/conf/pass.db;
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ /git(/.*) {
gzip off;
root /usr/lib/git-core;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
fastcgi_param DOCUMENT_ROOT /usr/libexec/git-core/;
fastcgi_param SCRIPT_NAME git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /home/git/;
fastcgi_param PATH_INFO $1;
}
}
}
systemctl start nginx
systemctl status nginx.service
五,安装spawn-fcgi
yum install spawn-fcgi
/etc/init.d/fcgiwrap start
六、receivepack
cd /home/git/test.git/
git config http.receivepack true
vim /etc/selinux/config
selinux=disabled
reboot
七,设置密码
yum -y install httpd-tools
mkdir /usr/local/nginx/conf/
cd /usr/local/nginx/conf/
htpasswd -c pass.db git
八,设置iptables
iptables -P INPUT ACCEPT
iptables -F
service iptables save
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 127.0.0.1 -j ACCEPT
iptables -P INPUT DROP
service iptables save
九,下载代码
在安装有nginx的windows踏板机上下载代码
git clone http://localhost/git/test.git
以上方式在阿里云和虚拟机上都测试通过。
十,windows nginx配置
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream github {
server linux_server_ip;
keepalive 16;
}
server {
listen 80;
server_name localhost;
charset utf-8;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /{
client_max_body_size 1024m;
proxy_set_header Host linux_server_ip;
proxy_hide_header Strict-Transport-Security;
proxy_pass http://github;
}
}
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)