我想从以下位置迁移我的存储库:RedHat 6.9 (Santiago) with apache 2.2 and php 5.3
至:带有 apache 2.4 和 php 7.0 的 Ubuntu 16.04.4 LTS
我正在使用“gitweb/git-http-backend”通过 https 为存储库提供服务,因此,我在这里没有使用 SSH。另一个重要的事情是我不会更改 VirtualHost Server 名称,因此用户甚至不会注意到这一点。
不幸的是,我的新服务器上的初步测试无法正常工作,当尝试克隆现有存储库时,我会收到 404 not found 错误。
我在这里的第一个问题:对于测试,原始服务器的名称是:my_server.com,然后对于新服务器,我使用的是 my_server_dev.com。这仅用于测试。之后我会将新服务器的名称替换为旧服务器的名称。我是否必须更改测试设置存储库中的服务器名称才能查看 git 是否有效?我想一旦测试工作并且不必更改存储库上的任何内容,对吗?
这在我的旧服务器上工作:
<VirtualHost *:443>
ServerName my_server.com
AddType application/x-httpd-php .php
CustomLog "/var/log/httpd/my_server_access.log" common
RewriteEngine On
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/ssl/certs/my_cert.crt"
SSLCertificateChainFile "/etc/ssl/certs/my_fullchain.crt"
SSLCertificateKeyFile "/etc/ssl/certs/my_key.priv.key"
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
SetEnv GIT_PROJECT_ROOT /home/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
Alias /git /home/git
<Location /git>
AuthType Basic
AuthName "Git repositories"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldaps://my_server1.com my_server2.com my_server3.com/ou=users,ou=my_ou,o=my_domain,c=my_country?uid?sub?(objectClass=*)"
AuthLDAPBindDN "my_bind_dn"
AuthLDAPBindPassword my_password
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
require valid-user
AuthGroupFile /etc/httpd/my_group_file
</Location>
<Location /git/my_repo1.git>
Allow from all
Order allow,deny
require group group1 group2
</Location>
<Location /git/my_repo2.git>
Allow from all
Order allow,deny
require group group1 group3
</Location>
#More repositories here
</VirtualHost>
所以现在,在将“/home/git”下的所有内容从旧服务器复制到新服务器之后,我有:
<VirtualHost *:443>
ServerName my_server.com
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/my_cert.pem
SSLCertificateChainFile /etc/ssl/certs/my_fullchain.pem
SSLCertificateKeyFile /etc/ssl/certs/my_privkey.pem
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/my_domain_access.log combined
RewriteEngine On
DocumentRoot ${APACHE_ROOT}/my_server
<Directory ${APACHE_ROOT}/my_server>
Options Indexes FollowSymLinks MultiViews
Require all granted
AllowOverride All
</Directory>
SetEnv GIT_PROJECT_ROOT /var/www/html/my_server/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
Alias /git /var/www/html/my_server/git
<Location /git>
AuthType Basic
AuthName "Git repositories"
AuthBasicProvider ldap
AuthLDAPBindAuthoritative on
AuthLDAPURL "ldaps://my_server1.com my_server2.com my_server3.com/ou=users,ou=my_ou,o=my_domain,c=my_country?uid?sub?(objectClass=*)"
AuthLDAPBindDN "my_bind_dn"
AuthLDAPBindPassword my_password
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
require valid-user
AuthGroupFile /etc/apache2/my_group_file
</Location>
<Location /git/my_repo1.git>
require group group1 group2
</Location>
<Location /git/my_repo2.git>
require group group1 group3
</Location>
#More repositories here
</VirtualHost>
如果你仔细看,你会发现我唯一的变化是:
- 删除:“AddType application/x-httpd-php .php”。虽然“/etc/mods-enabled -> php7.0.*”已经在 Ubuntu 中启用了这个功能
- apache 目录更改为 Ubuntu 目录:/etc/apache2、/var/log/apache2 和 /var/www/html
- SSLCipherSuite 改变了一点,但这应该不是问题
这已更改:
命令允许,拒绝
允许所有人
经过:
要求所有授予
“/home/git”被更改为:“/var/www/html/my_domain/git”。老实说,我也尝试了第一个选项,但没有奏效。我见过“/var/www/html”之外的其他文件夹不起作用的情况。
- “/usr/libexec/git-core/git-http-backend/”更改为:“/usr/lib/git-core/git-http-backend/”,这是该二进制文件在 Ubuntu 上的位置。
- “AuthzLDAPAuthoritative”被更改为:“AuthLDAPBindAuthoritative”。apache 2.4 上不再存在第一个指令。
- 改变:
允许所有人
命令允许,拒绝
需要组 group1
只需:
需要组 group1
这对于 Apache 2.4 来说似乎已经足够了
我的其余配置几乎相同。我刚才 SSL 正在工作,LDAP 身份验证也是如此。如果我提供来自用户的凭据,即不允许访问存储库,那么我将在错误日志文件中看到:
[authz_groupfile:error] [pid 17829] [client xxx.xxx.xxx.xxx:xxxx] AH01666: Authorization of user my_user1 to access /git/my_repo.git failed, reason: user doesn't appear in group file (/etc/apache2/my_group_file).
[authz_core:error] [pid 17829] [client xxx.xxx.xxx.xxx:xxxx] AH01631: user my_user1: authorization failure for "/git/my_repo.git":
尝试使用具有访问权限的用户将通过身份验证,但我会在客户端上看到:
fatal: repository 'https://my_domain.com/git/my_repo.git/' not found
在访问日志中确实有一个404错误代码:
xxx.xxx.xxx.xxx - my_user [14/Mar/2018:20:45:29 +0100] "GET /git/my_repo.git/info/refs?service=git-upload-pack HTTP/1.1" 404 596 "-" "git/2.10.0.windows.1"
这里有什么问题?
先谢谢了
最好的问候约瑟夫