利用Nginx搭建HTTP访问的Git服务器
利用Nginx搭建HTTP访问的Git服务器过程记录。搭建 Git 仓库,实现 SSH 协议、配合 Nginx 实现 HTTP 协议拉取、推送代码。利用 Nginx 实现 Gitweb 在线浏览代码,使用 Gitweb-theme 更新默认 Gitweb 样式。
一. 准备工作:
1. 下载nginx并安装
推荐到nginx官方网站下载并安装,有很详细的教程. 参考资料: http://nginx.org/en/linux_packages.html
(1). 编辑repo文件,这里以64位的CentOS 7为示例:
> vi /etc/yum.repos.d/nginx.repo
[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/x86_64/ gpgcheck=0 enabled=1
(2). 保存退出后,使用yum安装.可以选择把动态模块也安装上,具体参见上述站点
> yum install nginx -y
2. 下载git并安装
(1).不推荐使用yum安装的git版本,过低了.到github下载最新的git源码. 下载地址: https://github.com/git/git/releases
> yum -y remove git > yum -y install perl cpio autoconf tk zlib-devel libcurl-devel openssl-devel expat-devel gettext-devel perl-ExtUtils-MakeMaker automake gcc > cd /usr/local/src; wget https://github.com/git/git/archive/v2.11.1.tar.gz > tar zxf v2.11.1.tar.gz && cd git-2.11.1 > autoconf && ./configure && make && make install > git --version
(2). 这个时候,git安装好了,可以选择较高的稳定版本.我用的时候2.11.1
3. 下载spawn-fcgi, fcgi-devel, fcgiwrap并安装
(1). 安装spawn-fcgi.github地址: https://github.com/lighttpd/spawn-fcgi
这里需要注意的是,如果你没有安装前面的automake和gcc,请这里一定要把这些依赖安装好.
> cd /usr/local/src; > git clone https://github.com/lighttpd/spawn-fcgi.git > cd spawn-fcgi && ./autogen.sh && ./configure && make && make install
(2). 安装fcgi-devel.
安装前,需要先安装epel源,不然安装不了fcgi-devel
> yum -y install epel-release > yum -y install fcgi-devel
(3). 安装fcgiwrap. GitHub地址: https://github.com/gnosek/fcgiwrap
> cd /usr/local/src > git clone https://github.com/gnosek/fcgiwrap.git > cd fcgiwrap && autoreconf -i && ./configure && make && make install
二. 配置
1. 添加Git的运行用户, Git仓库初始化
> useradd -r -s /sbin/nologin git > mkdir -p /data/git && cd /data/git > git init --bare repo.git && chown -R git.git /data/git > cd repo.git && mv hooks/post-update.sample hooks/post-update > git update-server-info
2. 编写fcgiwrap启动脚本
> vi /etc/init.d/fcgiwrap
脚本内容:
#! /bin/bash
### BEGIN INIT INFO
# Provides: fcgiwrap
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: FastCGI wrapper
# Description: Simple server for running CGI applications over FastCGI
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
SPAWN_FCGI="/usr/local/bin/spawn-fcgi"
DAEMON="/usr/local/sbin/fcgiwrap"
NAME="fcgiwrap"
PIDFILE="/var/run/$NAME.pid"
FCGI_SOCKET="/var/run/$NAME.socket"
FCGI_USER="git"
FCGI_GROUP="git"
FORK_NUM=15
SCRIPTNAME=/etc/init.d/$NAME
case "$1" in
start)
echo -n "Starting $NAME... "
PID=`pidof $NAME`
if [ ! -z "$PID" ]; then
echo " $NAME already running"
exit 1
fi
$SPAWN_FCGI -u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -P $PIDFILE -F $FORK_NUM -f $DAEMON
if [ "$?" != 0 ]; then
echo " failed"
exit 1
else
echo " done"
fi
;;
stop)
echo -n "Stoping $NAME... "
PID=`pidof $NAME`
if [ ! -z "$PID" ]; then
kill `pidof $NAME`
if [ "$?" != 0 ]; then
echo " failed. re-quit"
exit 1
else
rm -f $pid
echo " done"
fi
else
echo "$NAME is not running."
exit 1
fi
;;
status)
PID=`pidof $NAME`
if [ ! -z "$PID" ]; then
echo "$NAME (pid $PID) is running..."
else
echo "$NAME is stopped"
exit 0
fi
;;
restart)
$SCRIPTNAME stop
sleep 1
$SCRIPTNAME start
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|status}"
exit 1
;;
esac注意其中"FCGI_USER"和"FCGI_GROUP"以及"FORK_NUM",分别为fastcgi运行的用户,组以及进程数(进程数按需调整).需要与之后配置的nginx的worker用户一样.
记得修改一下读写权限以及设置脚本为开机启动.然后我们启动fastcgi
> chmod a+x /etc/init.d/fcgiwrap > chkconfig --level 35 fcgiwrap on > /etc/init.d/fcgiwrap start
3. nginx配置. yum安装的nginx已经默认配置了WebDAV模块,所以不用麻烦了.如果发现没有WebDAV模块的功能,可以参考nginx的官方文档中Dynamic Modules的说明: http://nginx.org/en/docs/ngx_core_module.html#load_module
(1). 创建授权文件夹以及git的nginx设置文件
> mkdir -p /usr/local/nginx/config > vi /etc/nginx/conf.d/git.conf
内容如下:
server {
listen 80;
server_name gitServer;
root /usr/local/share/gitweb;
client_max_body_size 100m;
auth_basic "Git User Authentication";
auth_basic_user_file /usr/local/nginx/config/pass.db;
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
root /data/git;
}
location ~ /.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
root /data/git;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_connect_timeout 24h;
fastcgi_read_timeout 24h;
fastcgi_send_timeout 24h;
fastcgi_param SCRIPT_FILENAME /usr/local/libexec/git-core/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /data/git;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
try_files $uri @gitweb;
location @gitweb {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param GITWEB_CONFIG /etc/git/gitweb.conf;
fastcgi_param SCRIPT_FILENAME /usr/local/share/gitweb/gitweb.cgi;
fastcgi_param PATH_INFO $uri;
include fastcgi_params;
}
}(2). 修改/etc/nginx/nginx.conf中的worker进程所有者.
# 将此处的nginx用户修改为git用户,以保证能调用到fastcgi(需要和fcgiwrap脚本中的FCGI_USER保持一致)user git;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}4. 安装http-tools并添加认证用户
> yum -y install httpd-tools > cd /usr/local/nginx/config > htpasswd -c pass.db guestUser> git config --global color.ui true> git config --global user.name 'git'> git config --global user.email '[email protected]'
5. 配置gitweb,首先要确定默认安装的gitweb(采用源码安装git才会有)是否存在
> find /usr/local/share -name gitweb.cgi > cd /usr/local/share/gitweb && ll /usr/local/share/gitweb > vi /etc/git/gitweb.conf
gitweb.conf的配置内容如下:
# path to git projects (<project>.git) $projectroot = "/data/git"; # directory to use for temp files $git_temp = "/tmp"; # target of the home link on top of all pages $home_link = $my_uri || "/"; # html text to include at home page $home_text = "indextext.html"; # file with project list; by default, simply scan the projectroot dir. $projects_list = $projectroot; # javascript code for gitweb $javascript = "static/gitweb.js"; # stylesheet to use $stylesheet = "static/gitweb.css"; # logo to use $logo = "static/git-logo.png"; # the 'favicon' $favicon = "static/git-favicon.png";
三. 启动nginx,fastcgi
> nginx -t > systemctl start nginx > /etc/init.d/fcgiwrap start
四. 问题收集:
1. 访问http://hostname/repo.git出现502错误,nginx错误日志中出现:connect() to unix:/var/run/fcgiwrap.socket failed (13: Permission denied) while connecting to upstream
解决方法: 检查selinux是否开启,如果开启,请关闭或者配置策略使其能被访问.
2. Can't locate CPAN.pm in @INC (@INC contains: /usr/local/lib/perl5 /usr/local/share/perl5 /usr/lib/perl5/vendorperl /usr/share/perl5/vendorperl /usr/lib/perl5 /usr/share/perl5 .) BEGIN failed--compilation aborted.
解决方法: yum -y install perl-CPAN
3. Can't locate CGI.pm in @INC (@INC contains: /usr/local/lib/perl5 /usr/local/share/perl5 /usr/lib/perl5/vendorperl /usr/share/perl5/vendorperl /usr/lib/perl5 /usr/share/perl5 .) BEGIN failed--compilation aborted.
解决方法: yum -y install perl-CGI
4. Can't locate Time/HiRes.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/share/gitweb/gitweb.cgi line 20.
解决方法: yum -y install perl-Time-HiRes
五. Gitweb-theme 样式
如果觉得 gitweb 默认样式不好看,可以拿该样式替换
> cd /usr/local/src > git clone https://github.com/kogakure/gitweb-theme.git > cd gitweb-theme # -t 指定 gitweb 根目录,一路 y 即可 > ./setup -vi -t /usr/local/share/gitweb --install
Git 教程系列文章:
Git 的详细介绍:请点这里
Git 的下载地址:请点这里