Writing in the front
The thing is, during the epidemic this year, I bought a set of servers from a cloud. What did I do? Not to deploy projects, not to build websites, but to do code backup and management. Yeah, it’s all my own code, so you might say, how much code can you own? It’s not much. It’s all my personal work on GitHub. Why do this backup management? The reason is who the hell is to guarantee that some country won’t one day restrict our use of GitHub?
You can follow [Glacier Technology] wechat official account and reply [Git] to get Git installation package.
Deploy the private Git service
Just do it, order and pay, and then set up an enterprise-level private Git service. After the completion of the construction, I did not expect to be attacked a few days after the completion of the construction. Well, MD this cloud is not secure, then change to a cloud service? For someone with a certain amount of infiltration experience, I wouldn’t want to change, just to see if I could fend off these attacks. As a result, I carefully analyzed the routines and rules of these attacks and improved my private Git service step by step. So far, it has been able to withstand tens of thousands of attacks per day!
Before we introduce how to build an enterprise-level private Git service, let’s take a look at four Git communication protocols.
Git four communication protocols
In brief, the four communication protocols of Git are Local, SSH, HTTP and Git, as shown below.
Local protocol
Access based on local file systems or shared (NFS) file systems,
Advantages: Simple, direct use of existing file permissions and network access, small teams and small projects to build such a version management system is very easy.
Disadvantages: The disadvantages of this protocol are the limitations of the shared file system, only on the LAN, and the speed is slow.
Adaptation scenario: small team, small project temporary build version service.
Local protocol usage
(1) Clone the project from the local f/git/atals directory
git clone /f/git/atals/
Copy the codeEven bare repositories can be downloaded normally
git clone /f/git/atals.git
Copy the code(2) Clone local projects based on file protocol
git clone file:///f/git/atals/
Copy the codeIf you specify file:// explicitly at the beginning of the URL, Git behaves slightly differently. If you just specify a path, Git will try to use hard links or copy the required files directly. If you specify the file://, Git triggers the process normally used to transfer data over the network, sending in packaged files and saving disk space.
SSH protocol
Git support Supports the use of SSH protocol for communication, which is supported by most Linux and Uninx systems, so it is very convenient to use this protocol to set up Git version services.
Advantages: First, SSH is relatively simple to set up, second, SSH access is secure, SSH protocol is very efficient, before transmission will try to compress data.
Disadvantages: inflexible permission system, must provide the operating system account password, even if only need to read the version.
Suitable scenarios: small teams, small projects, temporary projects
Indicates the SSH protocol usage
Here we install Git service on Linux system first, and then use SSH protocol to communicate with Git service.
Install the Git service on Linux
(1) Installation depends on the environment
yum -y install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker
Copy the code(2) Download and decompress the source code
Wget HTTP: / / https://github.com/git/git/archive/v2.3.0.zipCopy the codeIf you feel that GitHub network speed is too slow, you can follow [Glacier Technology] wechat public account, reply [Git] to get Git installation package.
Unzip v2.3.0. ZipcdGit - 2.3.0Copy the code(3) Build and install (if you do not have permission, add sudo)
make prefix=/usr/local/git all
make prefix=/usr/local/git install
Copy the code(4) Add environment variables
vim /etc/profile
export PATH=/usr/local/git/bin:$PATH
source /etc/profile
Copy the codeIf the version number is displayed, the IP address is successfully added
Git --version Git version 2.3.0Copy the code(5) Create a naked project
git --bare init binghe.git
Copy the code(6) Local based on remote clone warehouse
git clone[email protected]: / data/git repository/binghe. Gitcd binghe/
Copy the code(7) Add files
echo "this is binghe" >> README.MD
Copy the code(8) Local add, submit, and push to remote
git add -A; git commit -am 'first commit'; git push;
Copy the codePossible errors:
git-upload-pack: command not found
Copy the codeThe SSH protocol can access only the directory in /usr/bin. The solution is as follows:
ln -s /usr/local/git/bin/git-upload-pack /usr/bin/git-upload-pack
ln -s /usr/local/git/bin/git-receive-pack /usr/bin/git-receive-pac\k
Copy the codeThe HTTP protocol
Git HTTP protocol is implemented according to the communication between WEB container (Apache, Nginx) and CGI components, and uses the permission system of WEB container itself for authorization verification. Before Git 1.6.6, only HTTP Dumb was supported. This protocol can only be downloaded but cannot be committed. It is usually used in conjunction with SSH, which assigns commit accounts, and HTTP Dumb provides read-only accounts. After 1.6.6, Git provides THE CGI of Git-http-Backend for receiving remote push.
Advantages: Solves the problem of single authentication of local and SSH permissions, and provides anonymous services based on HTTP URLS, so that users can access the public network. Local and SSH are difficult to achieve this, must implement a site like Github.
Disadvantages: Some complex setup requires deployment of WEB servers, and HTTPS certificates and other configurations
Scenario: Large teams, precise rights control, and services deployed on the public network
Configuring and using HTTP Dumb
(1) Create the server version repository
cd /data/git-repository
git --bare init binghe.git
cd binghe.git/hooks/mv
Copy the code(2) Version update hooks that perform updates when a version is committed
post-update.sample post-update
./post-update
Copy the codeNginx static access configuration
server { listen 80; server_name git.tl.com; location / { root /data/git-repository; }}Copy the code(3) Rename hooks
mv hooks/post-update.sample hooks/post-update
Copy the code(4) Local clone remote service
git clone http://git.tl.com/binghe.git
Copy the codeNote: THE HTTP Smart protocol is used based on CGI and GIT git-HTTP-Backend scripts. The configuration is complicated. Web management such as GitLab and Gogs is used instead.
The Git protocol
The Git protocol is a special daemon contained within Git; It listens on a specific port (9418), similar to the SSH service, but does not require any authorization for access.
Advantages: Currently, Git is the fastest network transport protocol used by Git. If your project has a lot of traffic, or if your project is large and doesn’t require user authorization for writes, it’s a good idea to have a Git daemon to provide services. It uses the same data transfer mechanism as SSH, but dispenses with the overhead of encryption and authorization.
Disadvantages: The disadvantage of Git protocol is the lack of authorization mechanism. In addition, 9418 is a non-standard port, which is generally not open by firewalls.
Use of Git protocol
cd binghe.git/
Copy the code(1) Create an empty file to open the project
touch git-daemon-export-ok
Copy the code(2) Start the daemon
nohub git daemon --reuseaddr --base-path=/data/git-repository/ /data/git-repository/ &
Copy the code(3) Local clone remote project
git cloneGit: / / 192.168.0.147:9418 / binghe. GitCopy the codeSee here, friends a little tired, let us show you a girl, later we continue today’s focus: build enterprise private Git service.
,
Build enterprise-level private Git service
Here, we are an enterprise-level GIt service built based on GOGS.
Gogs service installation
Gogs is an open source lightweight Git Web service. It is easy to use, complete files, and international. Its main functions are as follows:
- Provide Http and SSH protocol access to source code services
- Provides WEB interface to view modified source code
- Provide more perfect rights management functions, including organization, team, individual and other warehouse rights
- Provides simple project wiki functionality
- Provide work order management and milestone management.
Download and install
Liverpoolfc.tv: gogs. IO
Download: gogs. IO/docs/instal… Select LinX AMD64 to download and install
Documents: gogs. IO/docs/instal…
The installation
Unzip directory:
run
(1) Foreground operation
./gogs web
Copy the code(2) Background operation
nohup ./gogs web &
Copy the codeDefault port: 3000
Your first visit to http://:3000 will take you to the initialization page for boot configuration.
Select data such as mysql or SQLite. This is sqllite
Note: mysql index length problem is not installed successfully, you need to use mysql5.7 or higher version
Gogs Basic configuration
Email configuration description:
The mail configuration is used for email confirmation during registration, and authentication email sending during password retrieval. Its configuration is divided into two steps:
(1) Create an email account that has been enabled with the SMTP service. I use QQ mailbox here.
(2) In {gogs_home/custom/conf/app.ini file configuration.
The SMTP service is enabled for QQ mailbox
(1) Click Settings
(2) Enable SMTP
Email Settings
Setup file: {gogs_HOME}/custom/conf/app.ini
As you can see, the main information we configured is as follows.
ENABLED = true
HOST=smtp.qq.com:465
FROM=
USER=
PASSWD=
Copy the code- ENABLED: Indicates whether to enable the email service. True indicates that the email service is ENABLED.
- Host indicates the IP address of the SMTP server. (The SMTP service must be enabled on the corresponding mailbox and SSL must be used for access.)
- From Name and address of the sender
- User Send account
- Passwd An authorization code exists when the SMTP account is opened
After the restart, you can test directly. You can test in the following order.
Administrator Login == Control panel == Application Configuration Management == Mail Configuration == Send a test email
Gogs Periodic backup and restoration
Backup and restore:
(1) View backup parameters
./gogs backup -h
Copy the code(2) The default backup is performed in the current directory
./gogs backup
Copy the code(3) Parameterized backup –target output directory –database-only Backup only db
./gogs backup --target=./backupes --database-only --exclude-repos
Copy the code(4) Recovery. Before running this command, delete custom.bak
./gogs restore --from=gogs-backup-20200920062712.zip
Copy the code(5) Automatic backup scripts
\#! /bin/sh -e
gogs_home="/home/apps/svr/gogs/"
backup_dir="$gogs_home/backups"
cd `dirname $0`
Copy the code(6) Run the backup command
./gogs backup --target=$backup_dir
Copy the codeecho 'backup sucess'
day=7
Copy the code(7) Search for and delete the backup generated 7 days ago
find $backup_dir -name '*.zip' -mtime +7 -type f |xargs rm -f;
echo 'delete expire back data! '
Copy the code(8) Add a scheduled task to perform backup at 4:00 every day
Open the task editor
crontab -e
Copy the codeRun the following command: 00 04 * * * Run the do-backup.sh command at 4:00 a.m. every day and output a log file to #backup.log
00 04 * * * /home/apps/svr/gogs/do-backup.sh >> /home/apps/svr/gogs/backup.log 2>&1
Copy the codeConfigure and add a client public key
Git configuration
After Git is installed, you need to do the final configuration. Open git bash and execute the following two commands
Git config --global user.email git config --global user.emailCopy the codeGit automatically remembers user and password actions
git config --global credential.helper store
Copy the codeSSH Public Key Creation
Git bash
(2) Run the ssh-keygen -t rsa command to generate the public and private keys and press Enter 3
(3) Run the cat ~/.ssh/id_rsa.pub command to view the public key
(4) Copy id_rsa.pub to ~/.ssh/authorized_keys
Big welfare
WeChat search the ice technology WeChat 】 the public, focus on the depth of programmers, daily reading of hard dry nuclear technology, the public, reply within [PDF] have I prepared a line companies interview data and my original super hardcore PDF technology document, and I prepared for you more than your resume template (update), I hope everyone can find the right job, Learning is a way of unhappy, sometimes laugh, come on. If you’ve worked your way into the company of your choice, don’t slack off. Career growth is like learning new technology. If lucky, we meet again in the river’s lake!
In addition, I open source each PDF, I will continue to update and maintain, thank you for your long-term support to glacier!!
Write in the last
If you think glacier wrote good, please search and pay attention to “glacier Technology” wechat public number, learn with glacier high concurrency, distributed, micro services, big data, Internet and cloud native technology, “glacier technology” wechat public number updated a large number of technical topics, each technical article is full of dry goods! Many readers have read the articles on the wechat public account of “Glacier Technology” and succeeded in job-hopping to big factories. There are also many readers to achieve a technological leap, become the company’s technical backbone! If you also want to like them to improve their ability to achieve a leap in technical ability, into the big factory, promotion and salary, then pay attention to the “Glacier Technology” wechat public account, update the super core technology every day dry goods, so that you no longer confused about how to improve technical ability!
