CentOS7.2
自己認証、標準のH2データベースではなくPostgreSQLで構築。
gitbucket、https、PostgreSQLと通しで説明されているページがなかなか無いのでやってみた。
gitlabってのもあったが、試した感じクソ重かったのでやめた。
####構築時、参考にしたページ
- http://blackssi.cocolog-nifty.com/blog/2016/06/centos7gitbucke.html
- http://qiita.com/YN0314/items/d205dfed2e968bf8f408
- http://qiita.com/clown0082/items/551d7c081ff6b41b1717
- http://takezoe.hatenablog.com/entry/2016/07/16/025154
###まずは、必要なパッケージをyumインストール
# yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
# yum install postgresql-server
# yum install httpd
# yum install tomcat
# yum install mod_ssl
###GitBucketダウンロード
# wget -P /var/lib/tomcat/webapps/ https://github.com/gitbucket/gitbucket/releases/download/4.4/gitbucket.war
###自己証明書作成
####秘密鍵(key)の作成
# openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
..................................................+++
....................................................+++
e is 65537 (0x10001)
Enter pass phrase:パスフレーズ
Verifying - Enter pass phrase:パスフレーズ
####公開鍵(csr)の作成
# openssl req -new -key server.key > server.csr
Enter pass phrase for server.key:パスフレーズ
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Arakawa-ku
Organization Name (eg, company) [Default Company Ltd]:e-mail: 会社名
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: example.com
Email Address []:+1: メールアドレス
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: パスワード
An optional company name []:company
####デジタル証明書(crt)の作成
# openssl x509 -in server.csr -days 365000 -req -signkey server.key > server.crt
Signature ok
subject=/C=JP/ST=Tokyo/L=Arakawa-ku/O=example corp
Getting Private key
Enter pass phrase for server.key:パスフレーズ
####秘密鍵とSSL証明書を適切な場所に移動し、パーミッション変更
# mv -i server.key /etc/pki/tls/private/
# mv -i server.crt /etc/pki/tls/certs/
# chmod 400 /etc/pki/tls/private/server.key
# chmod 400 /etc/pki/tls/certs/server.crt
# ls -l /etc/pki/tls/private/server.key
-r-------- 1 root root 1766 9月 26 21:11 /etc/pki/tls/private/server.key
# ls -l /etc/pki/tls/certs/server.crt
-r-------- 1 root root 1123 9月 26 21:39 /etc/pki/tls/certs/server.crt
####CSR削除
# rm server.csr
###Apacheとtomcat設定
####Apache設定
VirtualHostの箇所を編集
/etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/var/lib/tomcat/webapps/gitbucket"
ServerName 192.168.33.10:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /assets !
ProxyPass /gitbucket ajp://localhost:8009/gitbucket
ProxyPassReverse /gitbucket ajp://localhost:8009/gitbucket
ProxyPreserveHost on
####tomcat設定
Apacheと連携させるため、httpのコネクタポートは無効にし、ajpで連携
/etc/tomcat/server.xml
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
###一旦、http、tomcatを起動
gitbucketのwarが解凍されて起動&初期化される
# systemctl start httpd
# systemctl start tomcat
httpd、tomcat終了
# systemctl stop httpd
# systemctl stop tomcat
###postgresql設定
初期化&起動
# service postgresql initdb --encoding=UTF-8 --locale=ja_JP.UTF-8
# systemctl start postgresql
pg_hba.conf編集
/var/lib/pgsql/data/pg_hba.conf
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
gitbucket用のdatabase作成
# su - postgres
-bash-4.2$ psql
psql (9.2.15)
"help" でヘルプを表示します.
postgres=# create database gitbucket WITH template template0 encoding 'utf8' lc_collate 'ja_JP.UTF-8' lc_ctype 'ja_JP.UTF-8';
CREATE DATABASE
postgres=# ¥q
gitbucket用ユーザー作成
# su - postgres
-bash-4.2$ createuser -P gitbucket_user
新しいロールのためのパスワード: gitbucket_user
もう一度入力してください:gitbucket_user
-bash-4.2$ exit
###gitbucketのdatabase.conf編集
~tomcat/.gitbucket/database.conf
db {
url = "jdbc:h2:${DatabaseHome};MVCC=true"
user = "sa"
password = "sa"
}
↓
db {
url = "jdbc:postgresql://localhost/gitbucket"
user = "gitbucket_user"
password = "gitbucket_user"
}
###Firewalld設定
# systemctl start firewalld
# firewall-cmd --add-service=http --zone=public --permanent
# firewall-cmd --add-service=https --zone=public --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client http https ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
###各サービス再起動
# systemctl restart postgresql
# systemctl start httpd
# systemctl start tomcat
ブラウザでアクセスして画面が表示されるか確認
https://example.com/gitbucket
初期パスワード
Username:root
Password:root
###postgresqlにgitbucketのテーブルが作成されているか確認
# psql -U gitbucket_user -d gitbucket
ユーザ gitbucket_user のパスワード:
psql (9.2.15)
"help" でヘルプを表示します.
gitbucket=> select relname as TABLE_NAME from pg_stat_user_tables;
table_name
----------------------------------
milestone
commit_comment
web_hook
pull_request
issue
versions
issue_comment
collaborator
issue_id
label
access_token
activity
issue_label
plugin
ssh_key
repository
commit_status
protected_branch_require_context
web_hook_event
group_member
account
protected_branch
(22 行)
gitbucket=> ¥q
###各サービス自動起動設定
# systemctl enable postgresql
# systemctl enable httpd
# systemctl enable tomcat
# systemctl enable firewalld
自己認証だと、git clone等ができない。
クライアントのPCにて
git config --global http.sslVerify false
一通り完了