centos 6.9 +nginx 配置GIT HTTPS服务器(证书采用自签名)

第一部分原通过SSH访问的GIT服务器迁移

1.把原服务器GIT资源库目录完成复制至新的服务器

2.安装GIT服务器

新的服务器

创建用户

 useradd git

password git 

下载GIT源码,编译安装

wget https://www.kernel.org/pub/software/scm/git/git-2.9.4.tar.gz

 tar zxf git-2.9.4.tar.gz
 cd git-2.9.4
 autoconf
 ./configure
 make && make install
 git --version

查看是否最新GIT版本

本步SSH方式已经可以访问

3.安装NGINX服务器与配置

[root@digging nginx]# cat /etc/yum.repos.d/nginx.repo
# nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1

yum install nginx -y

yum install -y  spawn-fcgi fcgi-devel fcgi

 cd /usr/local/src
 git clone https://github.com/gnosek/fcgiwrap.git
 cd fcgiwrap && autoreconf -i && ./configure && make && make install

git clone https://github.com/lighttpd/spawn-fcgi.git
cd spawn-fcgi && ./autogen.sh && ./configure && make && make install

注:GIT也可以这样安装
vim /etc/init.d/fcgiwrap  # 配置启动脚本

#! /bin/bash
### BEGIN INIT INFO
# Provides:          fcgiwrap
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Should-Start:
# Should-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: FastCGI wrapper
# Description:       Simple server for running CGI applications over FastCGI
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
SPAWN_FCGI="/usr/local/bin/spawn-fcgi"
DAEMON="/usr/local/sbin/fcgiwrap"
NAME="fcgiwrap"

PIDFILE="/var/run/$NAME.pid"

FCGI_SOCKET="/var/run/$NAME.socket"
FCGI_USER="www-data"
FCGI_GROUP="www-data"
FORK_NUM=5
SCRIPTNAME=/etc/init.d/$NAME

case "$1" in
    start)
        echo -n "Starting $NAME... "

        PID=`pidof $NAME`
        if [ ! -z "$PID" ]; then
            echo " $NAME already running"
            exit 1
        fi

        $SPAWN_FCGI -u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -P $PIDFILE -F $FORK_NUM -f $DAEMON

        if [ "$?" != 0 ]; then
            echo " failed"
            exit 1
        else
            echo " done"
        fi
    ;;

    stop)
        echo -n "Stoping $NAME... "

        PID=`pidof $NAME`
        if [ ! -z "$PID" ]; then
            kill `pidof $NAME`
            if [ "$?" != 0 ]; then
                echo " failed. re-quit"
                exit 1
            else
                rm -f $pid
                echo " done"
            fi
        else
            echo "$NAME is not running."
            exit 1
        fi
    ;;

    status)
        PID=`pidof $NAME`
        if [ ! -z "$PID" ]; then
            echo "$NAME (pid $PID) is running..."
        else
            echo "$NAME is stopped"
            exit 0
        fi
    ;;

    restart)
        $SCRIPTNAME stop
        sleep 1
        $SCRIPTNAME start
    ;;

    *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|status}"
        exit 1
    ;;
esac
 

# 注意 spawn-fcgi 跟 fcgiwrap 脚本路径及 FCGI_GROUP 跟 FCGI_GROUP
# 脚本启动了 5 个 cgi 进程,按需调整

 

nginx 配置

vim /usr/local/nginx-1.10.2/conf/vhost/git.server.conf

server {
    listen      80;
    server_name git.server.com;

client_max_body_size 100m;
auth_basic "Git User Authentication"; auth_basic_user_file /usr/local/nginx-1.10.2/conf/pass.db; location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ { root /data/git; } location ~ /.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { root /data/git; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_connect_timeout 24h; fastcgi_read_timeout 24h; fastcgi_send_timeout 24h; fastcgi_param SCRIPT_FILENAME /usr/local/libexec/git-core/git-http-backend; fastcgi_param PATH_INFO $uri; fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT /data/git; fastcgi_param REMOTE_USER $remote_user; include fastcgi_params; } }
# 自己按需修改 nginx.conf,user www-data www-data; 不要忘记加入 include vhost/*.conf;
# 注意 认证文件 pass.db 路径
# 注意 git-http-backend 路径
# 第一个 location 用于静态文件直接读取
# 第二个 location 用于将指定动作转给 cgi 执行
# 根目录指向 git 仓库目录

配置GIT库登录用户名与密码
yum -y install httpd-tools # 安装 htpasswd 命令 cd /usr/local/nginx-1.10.2/conf htpasswd -c pass.db wang # 添加用户时执行 htpasswd pass.db username

生成自签名CA证书
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/git2.key -out /etc/nginx/git2.crt
注意目录

配置NGINX的HTTPS

ssl on;
ssl_certificate /etc/nginx/git2.crt;
ssl_certificate_key /etc/nginx/git2.key;

 


因为是自签名需要git config --global http.sslVerify false,如果客户端报SSL证书的错误,也运行这个命令。

参考资料:
http://www.cnblogs.com/wangxiaoqiangs/p/6179610.html

posted on 2017-05-26 14:52  net2817  阅读(436)  评论(0编辑  收藏  举报

导航