问题[gitlab](ubuntu)

我正在使用 Gitlab Runner 将新网站版本部署到服务器中。最初的部署场景是使用当前日期时间字符串（如“2019-10-27-17-43-05”）浅克隆到新目录。然后系统将从主应用程序目录创建新的符号链接到这个新文件夹。在运行编译和其他作业之后。所以几天后，我们有许多未使用的文件和文件夹填满了硬盘。

releases/
releases/2019-10-29-10-49-31
releases/2019-10-29-01-27-44
releases/2019-10-29-14-51-59
releases/2019-10-27-17-43-05
releases/2019-10-28-00-20-16
releases/2019-10-29-14-31-18
releases/2019-10-28-19-00-41
releases/2019-10-29-01-11-43
releases/2019-10-29-14-22-41
releases/2019-10-28-00-03-52
releases/2019-10-27-17-15-24
releases/2019-10-28-00-17-26
releases/2019-10-29-01-20-44
releases/2019-10-27-23-12-52
releases/2019-10-29-10-47-17
releases/2019-10-29-14-24-11

符号链接在这里：

ubuntu@saatchi:/usr/local/lsws/app$ ll
total 44
drwxrwxr-x+  4 nobody        gitlab-runner 4096 Oct 29 14:56 ./
drwxrwxr-x+  4 nobody        gitlab-runner 4096 Oct 27 17:11 ../
-rw-rwxr--+  1 nobody        root           749 Oct 27 17:05 .env*
-rw-rwxr--+  1 nobody        gitlab-runner   23 Oct 24 17:48 .gitignore*
lrwxrwxrwx   1 gitlab-runner gitlab-runner   62 Oct 29 14:56 current -> /usr/local/lsws/app/releases/2019-10-29-14-51-59/
drwxrwxr-x+ 20 nobody        gitlab-runner 4096 Oct 29 14:51 releases/
drwxrwxr-x+  6 nobody        gitlab-runner 4096 Oct 24 17:48 storage/

请推荐最佳实践来删除这个旧目录。我自己的意见是删除所有旧目录，不包括最近的 2 个。成功克隆后，使用“查找”命令。如果这很好，请告诉我完整的命令。

我正在尝试将我的 Ubuntu 服务器配置为允许 Apache 和 Nginx (GitLab) 并排运行，每个 Web 服务器监视不同的网络接口。

我将以下接口绑定到指定的网络地址：

eno1: 192.168.0.100 [GitLab/nginx]

eno2: 192.168.0.110 [Apache]

在gitlab.rb配置中，我指定了external-urlashttp://192.168.0.100:80并且我没有对默认的 Apache2 配置文件进行任何更改。

当我尝试在浏览器（谷歌浏览器）中访问网络地址时，无论我输入http://192.168.0.100还是http://192.168.0.110，我都会点击 GitLab 登录页面 - Nginx 似乎正在接管，无论我为external_url.

此外，在gitlab.rb配置文件中，我还尝试更改以下 nginx 配置属性：

nginx['status'] = {
  "enable" => true,
  "listen_address" => ["192.168.0.100"],
  "port" => 80
}

现在，当我冒险访问该http://192.168.0.110地址时，我收到一个 404 错误，但这来自 Nginx Web 服务器 - 但是，我的理解是它不应该监听该地址。

任何人都可以提供任何建议，请/

所以这是我在这里提出的问题的附录。感谢@dessert，他在这个问题上提供了很多帮助。

所以我试图通过使用他们的用户名和密码来验证 Gitlab 用户，而不是通过创建模拟令牌。目前，@dessert 创建的使用模拟令牌对用户进行身份验证的代码如下：

$ curl -d '{"title":"test key","key":"'"$(cat ~/.ssh/id_rsa.pub)"'"}' -H 'Content-Type: application/json' https://gitlab.com/api/v4/user/keys?private_token=<my_access_token>

主要关注`private_token=，除了在这里找到的模拟令牌的创建

$ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --data "name=mytoken" --data "expires_at=2017-04-04" --data "scopes[]=api" https://gitlab.example.com/api/v4/users/42/impersonation_tokens

我希望能够使用 Gitlab 用户的用户名和密码对其进行身份验证。我已经在 Github 上看到过这个，并且我自己也做过：

$ curl -u "USERNAME:PASSWORD" --data "{\"title\": \"TITLE\", \"key\": \"$(cat ~/.ssh/id_rsa.pub)\"}" https://api.github.com/user/keys

通过用户输入的用户名USERNAME和PASSWORD密码进行身份验证的位置和位置。

我不需要帮助阅读用户的输入；那不是问题。我的问题（总结）是能够通过他们的用户名和密码对 Gitlab 用户进行身份验证。

再次感谢@dessert 的帮助，感谢任何其他帮助！

快速编辑：我发现这个论坛帖子使用登录名和密码进行身份验证，大多数人都说使用个人访问令牌。这是否意味着我必须让用户给我他们的 PAT 以进行身份​​验证？或者我是否提供了我的PAT 并且它以某种方式做某事？（我对此有点不清楚）

我正在创建一个 bash 可执行文件，它创建一个 SSH 密钥，并将其上传到用户的 Gitlab 帐户。我知道如何通过 bash 可执行文件创建 SSH 密钥：

ssh-keygen -o -f ~/.ssh/id_rsa

而且我也知道如何从中检索，但是我不知道如何将其上传到用户的 Gitlab 帐户。

我找到了多个文档，用于将用户的 SSH 上传到 Git集线器，但不是 Gitlab（我假设大多相似......？）。所以我会将它用于 Git hub

curl -u "USERNAME:PASSWORD" --data "{\"title\": \"TITLE\", \"key\": \"$(cat ~/.ssh/id_rsa.pub)\"}" https://api.github.com/user/keys

我会为用户自定义创建、、和输入USERNAME字段PASSWORD。TITLE

我想说这对于 Gitlab 来说会很简单（我POST /users/:id/keys在他们的 API 站点上找到了，但不知道如何将它作为curl命令来实现），但我不知道 Gitlab 和 Github 的关系有多密切。

我正在尝试通过 ssh 从不同的 ip 连接到 ubuntu 16.04 本地开发服务器，该服务器具有 gitlab 并具有公共主机名。example.com/2222. 我的 gitlab ssh 端口是9409

我的.ssh/config

Host server
    ProxyCommand ssh -W example.com:2222 username@server
    IdentityFile ~/.ssh/id_rsa

现在克隆

git clone ssh://server:9409/username/test.git

它说

Cloning into 'test'...
Bad owner or permissions on /.ssh/config
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

-W在我的情况下也需要？我还是不知道是ssh -W什么

编辑：

我chmod 600现在得到了ssh_exchange_identification: Connection closed by remote host

我仍然认为我的配置文件有问题

我使用 Gitlab CI 设置部署程序。我从 docker 容器创建 docker 容器和 ssh 到生产服务器这是我的命令和调试

mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "$SSH_DEPLOY_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh -vvv [email protected]


OpenSSH_6.7p1 Debian-5+deb8u4, OpenSSL 1.0.1t  3 May 2016
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xx.xxx [xxx.xxx.xx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 45:ee:11:16:b4:d1:e5:42:16:28:1f:6e:5e:69:01:dd
Warning: Permanently added 'xxx.xxx.xx.xxx' (ECDSA) to the list of known hosts.
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: rsa w/o comment (0x5594fdd2ddf0),
debug2: key: /root/.ssh/id_rsa ((nil)),
debug2: key: /root/.ssh/id_dsa ((nil)),
debug2: key: /root/.ssh/id_ecdsa ((nil)),
debug2: key: /root/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: rsa w/o comment
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug3: sign_and_send_pubkey: RSA 6b:7f:df:2a:bf:56:52:38:6c:d8:ac:14:91:5d:65:17
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:

我也尝试使用 -i 选项的命令

ssh -vvv -i /root/.ssh/id_rsa [email protected]

和结果

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: rsa w/o comment (0x55f1473311f0),
debug2: key: /root/.ssh/id_rsa ((nil)), explicit
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: rsa w/o comment
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug3: sign_and_send_pubkey: RSA 6b:7f:df:2a:bf:56:52:38:6c:d8:ac:14:91:5d:65:17
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password