- wangbin
- 2018-12-13
- IT
git服务器搭建:https访问方式
一. 简介
话不多说,来记录下https访问方式的git服务器搭建过程.
二.git-http-backend
安装命令
yum -y install git git-core执行完后,git-http-backend会被安装到/usr/libexec/git-core/git-http-backend,它是一个CGI程序,用于向通过http://和https://协议访问存储库的Git客户端提供Git存储库的内容。
我们搭建https访问方式的git服务器就靠它了.
三. fcgiwrap和spawn-fcgi
安装命令
# fcgiwrap
yum -y install fcgiwrap
# spawn-fcgi
yum -y install spawn-fcgigit-http-backend是一个CGI程序,而nginx并不支持CGI程序,需要通过fcgiwrap来让nginx间接支持CGI程序。
spawn-fcgi的作用是管理fast-cgi进程,用它来管理fcgiwrap.
四. 配置spawn-fcgi
/etc/sysconfig/spawn-fcgi
# You must set some working options before the "spawn-fcgi" service will work.
# If SOCKET points to a file, then this file is cleaned up by the init script.
#
# See spawn-fcgi(1) for all possible options.
#
# Example :
#SOCKET=/var/run/php-fcgi.sock
#OPTIONS="-u apache -g apache -s $SOCKET -S -M 0600 -C 32 -F 1 -P /var/run/spawn-fcgi.pid -- /usr/bin/php-cgi"
FCGI_SOCKET=/var/run/fcgiwrap.socket
FCGI_PROGRAM=/usr/sbin/fcgiwrap
FCGI_USER=nobody
FCGI_GROUP=nobody
FCGI_EXTRA_OPTIONS="-M 0700"
OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P /var/run/spawn-fcgi.pid -- $FCGI_PROGRAM"启动spawn-fcgi
systemctl start spawn-fcgi到/var/run/目录下,查看多了fcgiwrap.socket文件,说明启动成功.
开机启动spawn-fcgi
systemctl enable spawn-fcgi好了,到这儿fcgiwrap和spawn-fcgi安装好了.
五. 配置nginx
# git.wangbin.io;
server {
listen 50443 ssl http2;
listen [::]:50443 ssl http2;
server_name git.wangbin.io;
# ssl
ssl_certificate /vps/manage/certificate/acme/*.wangbin.io/fullchain.cer;
ssl_certificate_key /vps/manage/certificate/acme/*.wangbin.io/*.wangbin.io.key;
ssl_trusted_certificate /vps/manage/certificate/acme/*.wangbin.io/fullchain.cer;
# ecc
ssl_certificate /vps/manage/certificate/acme/*.wangbin.io_ecc/fullchain.cer;
ssl_certificate_key /vps/manage/certificate/acme/*.wangbin.io_ecc/*.wangbin.io.key;
# log
access_log logs/wangbin.io/git.wangbin.io/access-git.wangbin.io.log siyou325;
error_log logs/wangbin.io/git.wangbin.io/error.log;
root /vps/git;
index index.html index.htm index.php;
charset utf-8;
# 设置最大上传文件大小
client_max_body_size 100m;
#Basic HTTP authentication
auth_basic "nginx basic http authentication for git.wangbin.io";
auth_basic_user_file /vps/manage/certificate/passwd/git/git-passwd.htpasswd;
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
root /vps/git;
}
location ~ /.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
root /vps/git;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param GIT_PROJECT_ROOT /vps/git;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param REMOTE_USER $remote_user;
}
# 禁止访问.svn目录,防止svn信息泄漏,必加项
location ~ ^(.*)\/\.svn\/ {
deny all;
}
}重新加载nginx
nginx -t
nginx -s reload六. 注意事项
-
auth_basic_user_file
你可能发现了nginx配置文件中的auth_basic_user_file参数,它是htpasswd生成的http认证文件,详细的使用命令可以搜索下.
这儿nginx配置中必须要有这项,不仅是用来认证用户,而且执行
git push命令推送代码的时候,如果没有用户也是不会成功的,被这个问题困扰了好几个小时,这里说下.
-
--with-http_dav_module
编译安装nginx的时候,要加上--with-http_dav_module,不添加的话执行
git push也是不会成功的.
七. 结尾
git clone https://git.wangbin.io/siyou325.git好了
参考: