要做一个通过踏板机的ip进行git代码的上传与下载,所以思路不是踏板机上安装nginx反向代理,并且linux服务器也需要提供http方式的访问git,ssh方向不知道怎么进行反向代理。linux服务器也需要使用nginx进行http的设置,使用httpd设置的不好使。
一在服务器上安装git
安装git及相关依赖
yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-devel
yum install git
创建用户git
adduser git #添加用户git
passwd git #更改git的密码
为安全考虑需要禁止该用户shell登陆
vi /etc/passwd
#找到git的行,将/bin/bash更换为/usr/bin/git-shell
#git:x:1000:1000::/home/git:/bin/bash
git:x:1000:1000::/home/git:/usr/bin/git-shell
#查找git-shell目录
[root@localhost bin]# find / -name git-shell
/usr/bin/git-shell
/usr/libexec/git-core/git-shell
用户证书登录
cd /home/git/
mkdir .ssh
chmod 755 .ssh
touch .ssh/authorized_keys
chmod 644 .ssh/authorized_keys
然后将所有登陆用户的公钥保存在 authorized_keys 中。
就是通过ssh_gen 生成自己的密钥COPY到authorized_keys 中一行一个。
初始化仓库 /home/git/test.git
cd /home/git
git init --bare test.git #初始化仓库
chown -R git:git test.git #更改所属用户
Client端获取仓库
git clone git@ip地址:/home/git/test.git
至此可以通过ssh的方式下载代码库了。
HTTP方式设置
一、配置 EPEL源
sudo yum install -y epel-release
sudo yum -y update
二、安装Nginx
sudo yum install -y nginx
安装成功后,默认的网站目录为: /usr/share/nginx/html
默认的配置文件为:/etc/nginx/nginx.conf
自定义配置文件目录为: /etc/nginx/conf.d/
三、开启端口80和443
如果你的服务器打开了防火墙,你需要运行下面的命令,打开80和443端口。
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
四、安装fcgiwrap
git clone https://github.com/gnosek/fcgiwrap.git
yum install fcgi-devel autoconf automake libtool
cd fcgiwrap && autoreconf -i && ./configure && make && make install
vim /etc/init.d/fcgiwrap
#! /bin/sh
# chkconfig: 2345 55 25
DESC="fcgiwrap daemon"
DEAMON=/usr/bin/spawn-fcgi
PIDFILE=/var/run/spawn-fcgi.pid
FCGI_SOCKET=/var/run/fcgiwrap.socket
FCGI_PROGRAM=/usr/local/sbin/fcgiwrap
FCGI_USER=git
FCGI_GROUP=git
FCGI_EXTRA_OPTIONS="-M 0770"
OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P $PIDFILE -- $FCGI_PROGRAM"
do_start() {
$DEAMON $OPTIONS || echo -n "$DESC already running"
}
do_stop() {
kill -INT `cat $PIDFILE` || echo -n "$DESC not running"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
do_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
do_stop
echo "."
;;
restart)
echo -n "Restarting $DESC: $NAME"
do_stop
do_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart}" >&2
exit 3
;;
esac
exit 0
chmod +x /etc/init.d/fcgiwrap
chkconfig fcgiwrap on
添加 git server 的 nginx 配置
vim /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/dev.access.log;
error_log /var/log/nginx/dev.error.log;
#root /usr/share/nginx/html;
location /{
root /home/git/;
}
auth_basic "git";
auth_basic_user_file /usr/local/nginx/conf/pass.db;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ /git(/.*) {
gzip off;
root /usr/lib/git-core;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
fastcgi_param DOCUMENT_ROOT /usr/libexec/git-core/;
fastcgi_param SCRIPT_NAME git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /home/git/;
fastcgi_param PATH_INFO $1;
#fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
systemctl start nginx
systemctl status nginx.service
五,安装spawn-fcgi
yum install spawn-fcgi
/etc/init.d/fcgiwrap start
六、receivepack
cd /home/git/test.git/
git config http.receivepack true
vim /etc/selinux/config
selinux=disabled
#重启系统
reboot
七,设置密码
yum -y install httpd-tools
mkdir /usr/local/nginx/conf/
cd /usr/local/nginx/conf/
htpasswd -c pass.db git
#输入密码
八,设置iptables
iptables -P INPUT ACCEPT
iptables -F
service iptables save
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 127.0.0.1 -j ACCEPT
iptables -P INPUT DROP
service iptables save
九,下载代码
在安装有nginx的windows踏板机上下载代码
git clone http://localhost/git/test.git
以上方式在阿里云和虚拟机上都测试通过。
十,windows nginx配置
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream github {
server linux_server_ip;#要连接的代码服务器地址
keepalive 16;
}
server {
listen 80;
server_name localhost;
charset utf-8;
#access_log logs/host.access.log main;
#location / {
# root html;
# index index.html index.htm;
# }
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /{
client_max_body_size 1024m;
proxy_set_header Host linux_server_ip;#要连接的代码服务器地址
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Strict-Transport-Security;
proxy_pass http://github;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}