基于CentOS搭建自己的GIT仓库

自己搭一个http的git服务器,使用nginx和httpd,兼容SELinux。

折腾玩玩的一个选项,环境为CentOS 7,Smart HTTP协议。
使用nginx做web服务器,Apache httpd作为GIT处理服务器,支持SELinux。

首先安装git和web服务器:

yum install install git nginx httpd httpd-tools setroubleshoot -y

创建一个git的web目录:

mkdir /var/www/git

修正权限:

semanage fcontext -m -t httpd_sys_rw_content_t "/var/www/git(/.*)?"
restorecon -Rv /var/www/git
chcon -u system_u -R /var/www/git
setsebool -P httpd_unified 1
chown -R apache:apache /var/www/git

nginx在前httpd在后就需要让httpd不要和nignx抢着监听80端口(这里监听8443端口):

sed -i 's/^Listen 80/Listen 127.0.0.1:8443/g' /etc/httpd/conf/httpd.conf

创建git服务器配置:

vi /etc/httpd/conf.d/git.conf

添加配置(下面的8443和监听的8443端口是对应的):

<VirtualHost *:8443>
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL
DocumentRoot /var/www/git
ScriptAlias / /usr/libexec/git-core/git-http-backend/
 
<Directory "/usr/libexec/git-core">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/git">
Dav On
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

httpd不暴露到公网,生成一个子进程就够了:

echo 'ServerLimit          1' >> /etc/httpd/conf/httpd.conf
echo 'StartServers         1' >> /etc/httpd/conf/httpd.conf

这样git后端就配置好了,接下来要配置nginx,让特定URL成为git的入口,在nginx.conf的server项内添加:

        location /git {
                auth_basic            "Private Git Repository";
                auth_basic_user_file  $document_root/.htpasswd;
                rewrite               ^/git/?(.*)$ /$1 break;
                proxy_pass            http://127.0.0.1:8443;
        }

auth_basic的意思是添加认证,防止任何人都能访问git仓库。
auth_basic_user_file参数就是用户权限文件,一般放在文档根目录($document_root)内,
就像/var/www/git/.htpasswd。文件名随意,只要nginx可以访问。下面是相对完整的nginx.conf文件示例:

user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen               443 ssl default_server;
        server_name          explause.com;
        ssl_certificate      "/etc/explause.crt";
        ssl_certificate_key  "/etc/explause.key";
        ssl_protocols        TLSv1.1 TLSv1.2;
        ssl_ciphers          HIGH:!aNULL:!MD5;

        root                 /var/www/html;
        index                index.php;
        client_max_body_size 100M;

        include /etc/nginx/default.d/*.conf;

        location ~ [^/]\.php(/|$) {
                fastcgi_param   HTTP_PROXY       "";
                fastcgi_param   SCRIPT_NAME      $fastcgi_script_name;
                fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                fastcgi_pass    127.0.0.1:9000;
                fastcgi_index   index.php;
                include         fastcgi_params;
        }

        location /git {
                auth_basic            "Private Git Repository";
                auth_basic_user_file  $document_root/.htpasswd;
                rewrite               ^/git/?(.*)$ /$1 break;
                proxy_pass            http://127.0.0.1:8443;
        }
    }
}

$document_root参数绑定于server项内的root参数。

创建认证文件,创建一个名为admin的用户:

htpasswd -c /var/www/html/.htpasswd admin

接下来会提示输入密码并确认,就成功创建了认证文件。添加新的用户到认证文件,去掉-c参数就行:

htpasswd /var/www/html/.htpasswd user2

修正权限信息:

chcon -u system_u /var/www/html/.htpasswd
chown nginx:nginx /var/www/html/.htpasswd
chmod 0600 /var/www/html/.htpasswd

这样只要启动nginx和httpd就能实现私有的git仓库啦。

systemctl start nginx
systemctl enable nginx
systemctl start httpd
systemctl enable httpd

这里提供一个创建git仓库的脚本,创建在/usr/sbin目录下:

vi /usr/sbin/addgitrepo

添加下面的内容:

#!/bin/bash
GIT_DIR="/var/www/git"
REPO_NAME=$1
mkdir -p "${GIT_DIR}/${REPO_NAME}.git"
git init --bare "${GIT_DIR}/${REPO_NAME}.git" > /dev/null
touch "${GIT_DIR}/${REPO_NAME}.git"/git-daemon-export-ok
git --git-dir="${GIT_DIR}/${REPO_NAME}.git" config http.receivepack true
git --git-dir="${GIT_DIR}/${REPO_NAME}.git" config http.uploadpack true
git --git-dir="${GIT_DIR}/${REPO_NAME}.git" update-server-info
chown -Rf apache:apache "${GIT_DIR}/${REPO_NAME}.git"
chcon -R system_u:object_r:httpd_sys_rw_content_t:s0 "${GIT_DIR}/${REPO_NAME}.git"
echo "Git repository '${REPO_NAME}' created in ${GIT_DIR}/${REPO_NAME}.git"

然后配置权限:

chmod +x /usr/sbin/addgitrepo

执行即可创建git仓库,支持push:

addgitrepo repo1

留下评论

您的电子邮箱地址不会被公开。 必填项已用 * 标注