【Linux】【Services】【VersionControl】git-daemon, httpd, mysql搭建帶認證的gitserver

時間 2019-12-14

標籤 Linux Services VersionControl git daemon httpd mysql 搭建認證 gitserver 欄目 Linux 简体版

原文原文鏈接

1. 簡介：html

比較低端的gitserver，使用centos自帶的git-daemon搭建gitserver，使用httpd作上傳和下載，利用mod_auth_mysql作認證mysql

2. 環境linux

# Apache的運行環境
apr-util-mysql.x86_64                                                      1.5.2-6.el7                                                               @base
# git server的主進程
git-daemon.x86_64                                                          1.8.3.1-14.el7_5                                                          @updates
# http服務器
httpd.x86_64　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　2.4.6-80.el7.centos.1                                                     @updates
# httpd的開發庫
httpd-devel.x86_64                                                         2.4.6-80.el7.centos.1                                                     @updates
# 讓httpd支持mysql認證的庫
libdbi-dbd-mysql.x86_64                                                    0.8.3-16.el7                                                              @base
# mysql客戶端
mariadb.x86_64                                                             1:5.5.56-2.el7                                                            @base
# mysql服務器
mariadb-server.x86_64                                                      1:5.5.56-2.el7                                                            @base
# CentOS版本
CentOS Linux release 7.5.1804 (Core)
# 內核版本
Linux centos-0 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

3. 安裝git

3.1. 安裝必要的包web

yum install -y git-daemon httpd httpd-devel mariadb mariadb-server libdbi-dbd-mysql apr-util-mysql

3.2. 檢查httpd安裝sql

# 修改http配置文件
~]# sed  "s/\<ServerName/ServerName YOURSERVERIP:80/g" /etc/httpd/conf/httpd.conf

# alias，cgi，env這三個模塊必需要有
~]# httpd -M |grep -Ei "\<(alias|cgi|env)"
 alias_module (shared)
 env_module (shared)
 cgi_module (shared)

~]# systemctl start httpd

3.3. 檢查git-deamon安裝數據庫

~]# cat /usr/lib/systemd/system/git@.service
[Unit]
Description=Git Repositories Server Daemon
Documentation=man:git-daemon(1)

[Service]
User=nobody
ExecStart=-/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --user-path=public_git --syslog --inetd --verbose
StandardInput=socket

~]# systemctl start git.socket

3.4. 檢查mysql安裝apache

~]# grep -Ev "^#|^$" /usr/lib/systemd/system/mariadb.service
[Unit]
Description=MariaDB database server
After=syslog.target
After=network.target
[Service]
Type=simple
User=mysql
Group=mysql
ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n
ExecStart=/usr/bin/mysqld_safe --basedir=/usr
ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID
TimeoutSec=300
PrivateTmp=true
[Install]
WantedBy=multi-user.target

~]# systemctl start mariadb

4. 配置centos

4.1. 配置git-deamon支持git協議bash

~]# cd /var/lib/git/
#初始化一個空的目錄
~]# git init --bare myproject.git
Initialized empty Git repository in /var/lib/git/myproject.git/
#能夠在其餘客戶端使用git clone git://IPADDRESS/myproject.git嘗試下載了，可是目前只能下載，不能推送

4.2. 支持http方式的clone

#建立git目錄並初始化倉庫
~]# mkdir /var/www/git
~]# cd /var/www/git
~]# git init --bare testproject.git
~]# chown -R apache:apache /var/www/git

#修改httpd配置文件的DocumentRoot
sed -i "s/^DocumentRoot/#&/" /etc/httpd/conf/httpd.conf

建立/etc/httpd/conf.d/git.conf

<VirtualHost *:80>
        ServerName centos-0
        #下面的參數能夠使用man git-http-backend查看
        SetEnv GIT_PROJECT_ROOT /var/www/git
        #檢查GIT是否支持smart功能，若是支持就打開smart功能
        SetEnv GIT_HTTP_EXPORT_ALL
        #要受權讀或者寫主要取決於/usr/libexec/git-core/目錄的權限
        ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
        <Directory "/usr/libexec/git-core/">
                Options ExecCGI Indexes
                Require all granted
        </Directory>
</VirtualHost>

能夠試着clone了

git clone http://IPADDRESS/git/testproject.git

可是目前依然不支持推送，若是想要推送須要在git的源上配置

git config http.receivepack true

4.3. 配置http支持文件認證

修改/etc/httpd/conf.d/git.conf

<VirtualHost *:80>
        ServerName centos-0
        #下面的參數能夠使用man git-http-backend查看
        SetEnv GIT_PROJECT_ROOT /var/www/git
        #檢查GIT是否支持smart功能，若是支持就打開smart功能
        SetEnv GIT_HTTP_EXPORT_ALL
        #要受權讀或者寫主要取決於/usr/libexec/git-core/目錄的權限
        ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
        <Directory "/usr/libexec/git-core/">
                Options ExecCGI Indexes
                Require all granted
        </Directory>
        <LocationMatch "^/git/.*/git-receive-pack$">
                AuthType Basic
                AuthName "Private Git Repo"
                AuthUserFile /etc/httpd/conf/.htpasswd
                Require valid-user
        </LocationMatch>
</VirtualHost>

添加用戶

htpasswd -c -m /etc/httpd/conf/.htpasswd eric

4.4. 安裝libdbi-dbd-mysql模塊，這個模塊只支持2.4版本以後，同時還支持pgsql和sqlite，是apache的開源項目

redhat上的介紹：https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-web_servers

apache上的介紹：https://httpd.apache.org/docs/2.4/mod/mod_authn_dbd.html

配置數據庫

# 直接連數據庫，沒有密碼
~]# mysql -uroot
#給root用戶設置一個密碼
> update mysql.user set password=PASSWORD('mysql') where user='root';
# 建立一個git用戶
>CREATE USER 'git'@'localhost' IDENTIFIED BY 'git';
# 建立git庫
>create database git;
# 給權限
>GRANT all ON git.* TO 'git'@'localhost';
# 建立一個users表
>create table users ( user_name varchar(191) not null, user_passwd varchar(191), user_group varchar(191), primary key (user_name) );

修改配置文件/etc/httpd/conf.d/git.conf

參考 https://www.seei.biz/mysql-authentication-on-apache-2-4/

<VirtualHost *:80>
        #LoadModule mysql_auth_module modules/mod_auth_mysql.so
        ServerName centos-0
        #下面的參數能夠使用man git-http-backend查看
        SetEnv GIT_PROJECT_ROOT /var/www/git
        #檢查GIT是否支持smart功能，若是支持就打開smart功能
        SetEnv GIT_HTTP_EXPORT_ALL
        #要受權讀或者寫主要取決於/usr/libexec/git-core/目錄的權限
        ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
        #使用Mysql認證方式
        DBDriver mysql
        #數據庫參數
        DBDParams "host=localhost dbname=git user=git pass=git"
        # Minimum number of connections
        DBDMin 4
        # Maximum sustained number of connections
        DBDKeep 8
        #Set the hard maximum number of connections per process
        DBDMax 20
        # Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded
        DBDExptime 300
        <Directory "/usr/libexec/git-core/">
                Options ExecCGI Indexes
                Require all granted
        </Directory>
        <LocationMatch "^/git/.*/git-receive-pack$">
                AuthType Basic
                AuthName "Private Git Repo"
                AuthDBDUserPWQuery "select user_passwd from users where user_name = %s and user_group = 'admin'"
                AuthBasicProvider socache dbd
                #AuthUserFile /etc/httpd/conf/.htpasswd
                Require valid-user
        </LocationMatch>
</VirtualHost>

建立一個用戶並插入到數據庫

# 利用http工具生成密碼
~]# htpasswd -bns gitadmin gitadmin
admin:{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=
# 使用git用戶鏈接數據庫建立用戶
~]# mysql -ugit -p
# 插入一條數據
> INSERT INTO `users` (`user_name`, `user_passwd`, `user_group`) VALUES('admin', '{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=', 'admin');

能夠使用admin測試嘍