centos 6.9 +nginx 配置GIT HTTPS服务器(证书采用自签名)
第一部分原通过SSH访问的GIT服务器迁移
1.把原服务器GIT资源库目录完成复制至新的服务器
2.安装GIT服务器
新的服务器
创建用户
useradd git
password git
下载GIT源码,编译安装
wget https://www.kernel.org/pub/software/scm/git/git-2.9.4.tar.gz
tar zxf git-2.9.4.tar.gz
cd git-2.9.4
autoconf
./configure
make && make install
git --version
查看是否最新GIT版本
本步SSH方式已经可以访问
3.安装NGINX服务器与配置
[root@digging nginx]# cat /etc/yum.repos.d/nginx.repo
# nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1
yum install nginx -y
yum install -y spawn-fcgi fcgi-devel fcgi
cd /usr/local/src git clone https://github.com/gnosek/fcgiwrap.git cd fcgiwrap && autoreconf -i && ./configure && make && make install
git clone https://github.com/lighttpd/spawn-fcgi.git cd spawn-fcgi && ./autogen.sh && ./configure && make && make install
注:GIT也可以这样安装
vim /etc/init.d/fcgiwrap # 配置启动脚本
#! /bin/bash
### BEGIN INIT INFO
# Provides: fcgiwrap
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: FastCGI wrapper
# Description: Simple server for running CGI applications over FastCGI
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
SPAWN_FCGI="/usr/local/bin/spawn-fcgi"
DAEMON="/usr/local/sbin/fcgiwrap"
NAME="fcgiwrap"
PIDFILE="/var/run/$NAME.pid"
FCGI_SOCKET="/var/run/$NAME.socket"
FCGI_USER="www-data"
FCGI_GROUP="www-data"
FORK_NUM=5
SCRIPTNAME=/etc/init.d/$NAME
case "$1" in
start)
echo -n "Starting $NAME... "
PID=`pidof $NAME`
if [ ! -z "$PID" ]; then
echo " $NAME already running"
exit 1
fi
$SPAWN_FCGI -u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -P $PIDFILE -F $FORK_NUM -f $DAEMON
if [ "$?" != 0 ]; then
echo " failed"
exit 1
else
echo " done"
fi
;;
stop)
echo -n "Stoping $NAME... "
PID=`pidof $NAME`
if [ ! -z "$PID" ]; then
kill `pidof $NAME`
if [ "$?" != 0 ]; then
echo " failed. re-quit"
exit 1
else
rm -f $pid
echo " done"
fi
else
echo "$NAME is not running."
exit 1
fi
;;
status)
PID=`pidof $NAME`
if [ ! -z "$PID" ]; then
echo "$NAME (pid $PID) is running..."
else
echo "$NAME is stopped"
exit 0
fi
;;
restart)
$SCRIPTNAME stop
sleep 1
$SCRIPTNAME start
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|status}"
exit 1
;;
esac
# 注意 spawn-fcgi 跟 fcgiwrap 脚本路径及 FCGI_GROUP 跟 FCGI_GROUP
# 脚本启动了 5 个 cgi 进程,按需调整
nginx 配置
vim /usr/local/nginx-1.10.2/conf/vhost/git.server.conf
server {
listen 80;
server_name git.server.com;
client_max_body_size 100m;
auth_basic "Git User Authentication";
auth_basic_user_file /usr/local/nginx-1.10.2/conf/pass.db;
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
root /data/git;
}
location ~ /.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
root /data/git;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_connect_timeout 24h;
fastcgi_read_timeout 24h;
fastcgi_send_timeout 24h;
fastcgi_param SCRIPT_FILENAME /usr/local/libexec/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /data/git;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
}
# 自己按需修改 nginx.conf,user www-data www-data; 不要忘记加入 include vhost/*.conf;
# 注意 认证文件 pass.db 路径
# 注意 git-http-backend 路径
# 第一个 location 用于静态文件直接读取
# 第二个 location 用于将指定动作转给 cgi 执行
# 根目录指向 git 仓库目录
配置GIT库登录用户名与密码
yum -y install httpd-tools # 安装 htpasswd 命令 cd /usr/local/nginx-1.10.2/conf htpasswd -c pass.db wang # 添加用户时执行 htpasswd pass.db username
生成自签名CA证书
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/git2.key -out /etc/nginx/git2.crt
注意目录
配置NGINX的HTTPS
ssl on;
ssl_certificate /etc/nginx/git2.crt;
ssl_certificate_key /etc/nginx/git2.key;
因为是自签名需要git config --global http.sslVerify false,如果客户端报SSL证书的错误,也运行这个命令。
参考资料:
http://www.cnblogs.com/wangxiaoqiangs/p/6179610.html
