centos 6.9 +nginx 配置GIT HTTPS服务器(证书采用自签名)
第一部分原通过SSH访问的GIT服务器迁移
1.把原服务器GIT资源库目录完成复制至新的服务器
2.安装GIT服务器
新的服务器
创建用户
useradd git
password git
下载GIT源码,编译安装
wget https://www.kernel.org/pub/software/scm/git/git-2.9.4.tar.gz
tar zxf git-2.9.4.tar.gz
cd git-2.9.4
autoconf
./configure
make && make install
git --version
查看是否最新GIT版本
本步SSH方式已经可以访问
3.安装NGINX服务器与配置
[root@digging nginx]# cat /etc/yum.repos.d/nginx.repo
# nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1
yum install nginx -y
yum install -y spawn-fcgi fcgi-devel fcgi
cd /usr/local/src git clone https://github.com/gnosek/fcgiwrap.git cd fcgiwrap && autoreconf -i && ./configure && make && make install
git clone https://github.com/lighttpd/spawn-fcgi.git cd spawn-fcgi && ./autogen.sh && ./configure && make && make install
注:GIT也可以这样安装
vim /etc/init.d/fcgiwrap # 配置启动脚本 #! /bin/bash ### BEGIN INIT INFO # Provides: fcgiwrap # Required-Start: $remote_fs # Required-Stop: $remote_fs # Should-Start: # Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: FastCGI wrapper # Description: Simple server for running CGI applications over FastCGI ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin SPAWN_FCGI="/usr/local/bin/spawn-fcgi" DAEMON="/usr/local/sbin/fcgiwrap" NAME="fcgiwrap" PIDFILE="/var/run/$NAME.pid" FCGI_SOCKET="/var/run/$NAME.socket" FCGI_USER="www-data" FCGI_GROUP="www-data" FORK_NUM=5 SCRIPTNAME=/etc/init.d/$NAME case "$1" in start) echo -n "Starting $NAME... " PID=`pidof $NAME` if [ ! -z "$PID" ]; then echo " $NAME already running" exit 1 fi $SPAWN_FCGI -u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -P $PIDFILE -F $FORK_NUM -f $DAEMON if [ "$?" != 0 ]; then echo " failed" exit 1 else echo " done" fi ;; stop) echo -n "Stoping $NAME... " PID=`pidof $NAME` if [ ! -z "$PID" ]; then kill `pidof $NAME` if [ "$?" != 0 ]; then echo " failed. re-quit" exit 1 else rm -f $pid echo " done" fi else echo "$NAME is not running." exit 1 fi ;; status) PID=`pidof $NAME` if [ ! -z "$PID" ]; then echo "$NAME (pid $PID) is running..." else echo "$NAME is stopped" exit 0 fi ;; restart) $SCRIPTNAME stop sleep 1 $SCRIPTNAME start ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|status}" exit 1 ;; esac
# 注意 spawn-fcgi 跟 fcgiwrap 脚本路径及 FCGI_GROUP 跟 FCGI_GROUP
# 脚本启动了 5 个 cgi 进程,按需调整
nginx 配置
vim /usr/local/nginx-1.10.2/conf/vhost/git.server.conf server { listen 80; server_name git.server.com;
client_max_body_size 100m;
auth_basic "Git User Authentication"; auth_basic_user_file /usr/local/nginx-1.10.2/conf/pass.db; location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ { root /data/git; } location ~ /.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { root /data/git; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_connect_timeout 24h; fastcgi_read_timeout 24h; fastcgi_send_timeout 24h; fastcgi_param SCRIPT_FILENAME /usr/local/libexec/git-core/git-http-backend; fastcgi_param PATH_INFO $uri; fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT /data/git; fastcgi_param REMOTE_USER $remote_user; include fastcgi_params; } }
# 自己按需修改 nginx.conf,user www-data www-data; 不要忘记加入 include vhost/*.conf;
# 注意 认证文件 pass.db 路径
# 注意 git-http-backend 路径
# 第一个 location 用于静态文件直接读取
# 第二个 location 用于将指定动作转给 cgi 执行
# 根目录指向 git 仓库目录
配置GIT库登录用户名与密码
yum -y install httpd-tools # 安装 htpasswd 命令 cd /usr/local/nginx-1.10.2/conf htpasswd -c pass.db wang # 添加用户时执行 htpasswd pass.db username
生成自签名CA证书
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/git2.key -out /etc/nginx/git2.crt
注意目录
配置NGINX的HTTPS
ssl on;
ssl_certificate /etc/nginx/git2.crt;
ssl_certificate_key /etc/nginx/git2.key;
因为是自签名需要git config --global http.sslVerify false,如果客户端报SSL证书的错误,也运行这个命令。
参考资料:
http://www.cnblogs.com/wangxiaoqiangs/p/6179610.html