Git – 安装 Nginx http代理 常用命令

系统+安全 Liemer_Lius 52℃





> yum install -y fcgi-devel autoconf libtool automake fcgiwrap  # 安装依赖,fcgiwrap是http代理用的。


> yum install -y git
源码安装:  # 下载源码
make prefix=/usr/local/git-2.11 all
make prefix=/usr/local/git-2.11 install
> vim /etc/profile.d/
export PATH=$PATH:/usr/local/git-2.11/bin
> useradd -m -d /home/git -s /bin/git-shell git  # 默认shell改为/bin/git-shell,防止被暴力ssh攻击
> grep git /etc/passwd
> passwd git

Git用Nginx http代理


> vim /etc/init.d/fcgiwrap

use strict;
use warnings FATAL => qw( all );

use IO::Socket::UNIX;

my $bin_path = '/usr/local/bin/fcgiwrap';
my $socket_path = $ARGV[0] || '/tmp/cgi.sock';
my $num_children = $ARGV[1] || 1;

close STDIN;

unlink $socket_path;
my $socket = IO::Socket::UNIX->new(
    Local => $socket_path,
    Listen => 100,

die "Cannot create socket at $socket_path: $!\n" unless $socket;

for (1 .. $num_children) {
    my $pid = fork;
    die "Cannot fork: $!" unless defined $pid;
    next if $pid;

    exec $bin_path;
    die "Failed to exec $bin_path: $!\n";

> chmod +x /etc/init.d/fcgiwrap  && /etc/init.d/fcgiwrap # 启动服务

编辑虚拟server,添加git server地址配置:

> vim /usr/local/nginx/conf/conf.d/git.conf
server {
        listen      8000;
        server_name localhost;
        root /home/git/git_repo;
        client_max_body_size 100m;
        auth_basic "git";
        auth_basic_user_file /usr/local/nginx-1.18.0/conf/pass.db;
        location ~(/.*) {
           fastcgi_pass  unix:/tmp/cgi.sock;
           fastcgi_param SCRIPT_FILENAME   /usr/libexec/git-core/git-http-backend;
           fastcgi_param PATH_INFO         $1;
           fastcgi_param GIT_HTTP_EXPORT_ALL "";
           fastcgi_param GIT_PROJECT_ROOT  /home/git/git_repo;
           fastcgi_param REMOTE_USER $remote_user;
           include fastcgi_params;
> /usr/local/nginx/sbin/nginx -t && /usr/local/nginx/sbin/nginx &   # 启动Nginx


算法采用Crypt (all Unix servers),输入用户名密码点击生成(随机生成,每次结果都不一样)。

或者采用htpasswd命令(依赖yum install httpd-tools)


> htpasswd
	htpasswd [-cimB25dpsDv] [-C cost] [-r rounds] passwordfile username
	htpasswd -b[cmB25dpsDv] [-C cost] [-r rounds] passwordfile username password

	htpasswd -n[imB25dps] [-C cost] [-r rounds] username
	htpasswd -nb[mB25dps] [-C cost] [-r rounds] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -b  Use the password from the command line rather than prompting for it.
 -i  Read password from stdin without verification (for script usage).
 -m  Force MD5 encryption of the password (default).
 -2  Force SHA-256 crypt() hash of the password (secure).
 -5  Force SHA-512 crypt() hash of the password (secure).
 -B  Force bcrypt aencryption of the password (very secure).
 -C  Set the computing time used for the bcrypt algorithm
     (higher is more secure but slower, default: 5, valid: 4 to 31).
 -r  Set the number of rounds used for the SHA-256, SHA-512 algorithms
     (higher is more secure but slower, default: 5000).
 -d  Force CRYPT encryption of the password (8 chars max, insecure).
 -s  Force SHA-1 encryption of the password (insecure).
 -p  Do not encrypt the password (plaintext, insecure).
 -D  Delete the specified user.
 -v  Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA-1 algorithm does not use a salt and is less secure than the MD5 algorithm.

> htpasswd -d /usr/local/nginx-1.18.0/conf/pass.db git
New password: 
Re-type new password: 
Warning: Password truncated to 8 characters by CRYPT algorithm.
Updating password for user git
> cat pass.db 



> git init --bare lius.git   # init一共空仓库
Initialized empty Git repository in /root/test/lius.git/
> git clone http://git@localhost:8000/lius.git   # 克隆,能成功则说明http代理成功
Cloning into 'lius'...
Password for 'http://git@localhost:8000': 
remote: Counting objects: 47, done.
remote: Compressing objects: 100% (33/33), done.
remote: Total 47 (delta 7), reused 0 (delta 0)
Unpacking objects: 100% (47/47), done.
> ls
> cd lius
> vim src/main/java/com/test/jenkinsdemo/
> git commit src/main/java/com/test/jenkinsdemo/
Aborting commit due to empty commit message.  # 不可无commit message
> git commit -m "First edit..." src/main/java/com/test/jenkinsdemo/  # 提交,-m指定commit message
[master 128b68b] First edit...
 Committer: root <root@localhost.localdomain>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly:

    git config --global "Your Name"
    git config --global

After doing this, you may fix the identity used for this commit with:

    git commit --amend --reset-author

 1 file changed, 2 insertions(+), 2 deletions(-)
> git push   # push到master分支
warning: push.default is unset; its implicit value is changing in
Git 2.0 from 'matching' to 'simple'. To squelch this message
and maintain the current behavior after the default changes, use:

  git config --global push.default matching

To squelch this message and adopt the new behavior now, use:

  git config --global push.default simple

See 'git help config' and search for 'push.default' for further information.
(the 'simple' mode was introduced in Git 1.7.11. Use the similar mode
'current' instead of 'simple' if you sometimes use older versions of Git)

Password for 'http://git@localhost:8000': 
Counting objects: 17, done.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (9/9), 688 bytes | 0 bytes/s, done.
Total 9 (delta 2), reused 0 (delta 0)
To http://git@localhost:8000/lius.git
   bb75489..128b68b  master -> master

> git clone git@localhost:~/liemer.git  # 通过ssh来clone,类似scp的远端路径格式
Cloning into 'liemer'...
git@localhost's password: 
warning: You appear to have cloned an empty repository.




转载请注明 » Git – 安装 Nginx http代理 常用命令

喜欢 (3)