1. 简介:
比较低端的gitserver,使用centos自带的git-daemon搭建gitserver,使用httpd做上传和下载,利用mod_auth_mysql做认证
2. 环境
# Apache的运行环境
apr-util-mysql.x86_64 1.5.2-6.el7 @base # git server的主进程
git-daemon.x86_64 1.8.3.1-14.el7_5 @updates # http服务器
httpd.x86_64 2.4.6-80.el7.centos.1 @updates # httpd的开发库
httpd-devel.x86_64 2.4.6-80.el7.centos.1 @updates # 让httpd支持mysql认证的库
libdbi-dbd-mysql.x86_64 0.8.3-16.el7 @base # mysql客户端
mariadb.x86_64 1:5.5.56-2.el7 @base # mysql服务器
mariadb-server.x86_64 1:5.5.56-2.el7 @base # CentOS版本 CentOS Linux release 7.5.1804 (Core)
# 内核版本
Linux centos-0 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
3. 安装
3.1. 安装必要的包
yum install -y git-daemon httpd httpd-devel mariadb mariadb-server libdbi-dbd-mysql apr-util-mysql
3.2. 检查httpd安装
# 修改http配置文件 ~]# sed "s/<ServerName/ServerName YOURSERVERIP:80/g" /etc/httpd/conf/httpd.conf # alias,cgi,env这三个模块必须要有 ~]# httpd -M |grep -Ei "<(alias|cgi|env)" alias_module (shared) env_module (shared) cgi_module (shared)
~]# systemctl start httpd
3.3. 检查git-deamon安装
~]# cat /usr/lib/systemd/system/git@.service [Unit] Description=Git Repositories Server Daemon Documentation=man:git-daemon(1) [Service] User=nobody ExecStart=-/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --user-path=public_git --syslog --inetd --verbose StandardInput=socket
~]# systemctl start git.socket
3.4. 检查mysql安装
~]# grep -Ev "^#|^$" /usr/lib/systemd/system/mariadb.service [Unit] Description=MariaDB database server After=syslog.target After=network.target [Service] Type=simple User=mysql Group=mysql ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n ExecStart=/usr/bin/mysqld_safe --basedir=/usr ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID TimeoutSec=300 PrivateTmp=true [Install] WantedBy=multi-user.target ~]# systemctl start mariadb
4. 配置
4.1. 配置git-deamon支持git协议
~]# cd /var/lib/git/ #初始化一个空的目录 ~]# git init --bare myproject.git Initialized empty Git repository in /var/lib/git/myproject.git/
#可以在其他客户端使用git clone git://IPADDRESS/myproject.git尝试下载了,但是目前只能下载,不能推送
4.2. 支持http方式的clone
#创建git目录并初始化仓库 ~]# mkdir /var/www/git ~]# cd /var/www/git ~]# git init --bare testproject.git ~]# chown -R apache:apache /var/www/git #修改httpd配置文件的DocumentRoot sed -i "s/^DocumentRoot/#&/" /etc/httpd/conf/httpd.conf
创建/etc/httpd/conf.d/git.conf
<VirtualHost *:80>
ServerName centos-0
#下面的参数可以使用man git-http-backend查看
SetEnv GIT_PROJECT_ROOT /var/www/git
#检查GIT是否支持smart功能,如果支持就打开smart功能
SetEnv GIT_HTTP_EXPORT_ALL
#要授权读或者写主要取决于/usr/libexec/git-core/目录的权限
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
<Directory "/usr/libexec/git-core/">
Options ExecCGI Indexes
Require all granted
</Directory>
</VirtualHost>
可以试着clone了
git clone http://IPADDRESS/git/testproject.git
但是目前依然不支持推送,如果想要推送需要在git的源上配置
git config http.receivepack true
4.3. 配置http支持文件认证
修改/etc/httpd/conf.d/git.conf
<VirtualHost *:80>
ServerName centos-0
#下面的参数可以使用man git-http-backend查看
SetEnv GIT_PROJECT_ROOT /var/www/git
#检查GIT是否支持smart功能,如果支持就打开smart功能
SetEnv GIT_HTTP_EXPORT_ALL
#要授权读或者写主要取决于/usr/libexec/git-core/目录的权限
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
<Directory "/usr/libexec/git-core/">
Options ExecCGI Indexes
Require all granted
</Directory>
<LocationMatch "^/git/.*/git-receive-pack$">
AuthType Basic
AuthName "Private Git Repo"
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user
</LocationMatch>
</VirtualHost>
添加用户
htpasswd -c -m /etc/httpd/conf/.htpasswd eric
4.4. 安装libdbi-dbd-mysql模块,这个模块只支持2.4版本之后,同时还支持pgsql和sqlite,是apache的开源项目
redhat上的介绍:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-web_servers
apache上的介绍:https://httpd.apache.org/docs/2.4/mod/mod_authn_dbd.html
配置数据库
# 直接连数据库,没有密码
~]# mysql -uroot
#给root用户设置一个密码
> update mysql.user set password=PASSWORD('mysql') where user='root';
# 创建一个git用户
>CREATE USER 'git'@'localhost' IDENTIFIED BY 'git';
# 创建git库
>create database git;
# 给权限
>GRANT all ON git.* TO 'git'@'localhost';
# 创建一个users表
>create table users ( user_name varchar(191) not null, user_passwd varchar(191), user_group varchar(191), primary key (user_name) );
修改配置文件/etc/httpd/conf.d/git.conf
参考 https://www.seei.biz/mysql-authentication-on-apache-2-4/
<VirtualHost *:80>
#LoadModule mysql_auth_module modules/mod_auth_mysql.so
ServerName centos-0
#下面的参数可以使用man git-http-backend查看
SetEnv GIT_PROJECT_ROOT /var/www/git
#检查GIT是否支持smart功能,如果支持就打开smart功能
SetEnv GIT_HTTP_EXPORT_ALL
#要授权读或者写主要取决于/usr/libexec/git-core/目录的权限
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
#使用Mysql认证方式
DBDriver mysql
#数据库参数
DBDParams "host=localhost dbname=git user=git pass=git"
# Minimum number of connections
DBDMin 4
# Maximum sustained number of connections
DBDKeep 8
#Set the hard maximum number of connections per process
DBDMax 20
# Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded
DBDExptime 300
<Directory "/usr/libexec/git-core/">
Options ExecCGI Indexes
Require all granted
</Directory>
<LocationMatch "^/git/.*/git-receive-pack$">
AuthType Basic
AuthName "Private Git Repo"
AuthDBDUserPWQuery "select user_passwd from users where user_name = %s and user_group = 'admin'"
AuthBasicProvider socache dbd
#AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user
</LocationMatch>
</VirtualHost>
创建一个用户并插入到数据库
# 利用http工具生成密码
~]# htpasswd -bns gitadmin gitadmin
admin:{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=
# 使用git用户连接数据库创建用户
~]# mysql -ugit -p
# 插入一条数据
> INSERT INTO `users` (`user_name`, `user_passwd`, `user_group`) VALUES('admin', '{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=', 'admin');
可以使用admin测试喽