Gitea的搭建
SSH穿透(git@git.n8y.cn:linson/china-distpicker.git可以访问)
groupadd -g 1234 git
adduser -u 1234 -g 1234 git
su git
ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
使用docker-compose来运行
docker-compose.yml
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1234
- USER_GID=1234
restart: always
networks:
- gitea
volumes:
- /var/lib/gitea:/data
- /home/git/.ssh/:/data/git/.ssh/
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "127.0.0.1:10022:22"
/app/gitea/gitea
#!/bin/sh
ssh -p 10022 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
chomd +x gitea
生成authorized_keys
cp /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys
运行容器
docker-composer up -d
nginx代理
git.conf
server{
listen 80;
server_name git.n8y.cn;
# root /usr/share/nginx/html/xmyunce/public;
# index index.html index.htm index.php;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name git.n8y.cn;
#root /usr/share/nginx/html/git;
#index index.html index.htm index.php;
#ssl on;
ssl_certificate /usr/local/nginx/ssl/git.n8y.cn/4130065_git.n8y.cn.pem;
ssl_certificate_key /usr/local/nginx/ssl/git.n8y.cn/4130065_git.n8y.cn.key;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
proxy_pass http://localhost:3000;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location /.well-known {
allow all;
default_type text/plain;
}
}
配置git
- 打开https://git.n8y.cn
- 把localhost:3000改成https://git.n8y.cn
- 把ssh改成git.n8y.cn
搭建Composer库
docker-compose.yml
version: '3'
services:
postgres:
hostname: postgres
container_name: pgsql-pkg
image: postgres:9.6
volumes:
- .docker/db:/var/lib/postgresql/data
environment:
POSTGRES_DB: packagist
POSTGRES_PASSWORD: 123456
expose:
- "5432"
packagist:
image: okvpn/packeton:latest
container_name: packagist
restart: unless-stopped
hostname: packagist
volumes:
- .docker/redis:/var/lib/redis # Redis data
- .docker/zipball:/var/www/packagist/app/zipball # Zipped archive cache for "dist" downloads
- .docker/composer:/var/www/.composer # Composer cache
- .docker/ssh:/var/www/.ssh # Share here your ssh keys
environment:
PRIVATE_REPO_DOMAIN_LIST: bitbucket.org gitlab.com github.com
PACKAGIST_DIST_HOST: https://packages.xmyunce.com # Dist url to download the zip package.
DATABASE_HOST: postgres
DATABASE_PORT: 5432
DATABASE_DRIVER: pdo_pgsql
DATABASE_USER: postgres
DATABASE_NAME: packagist
DATABASE_PASSWORD: 123456
ADMIN_USER: admin
ADMIN_PASSWORD: composer
ADMIN_EMAIL: admin@example.com
GITHUB_NO_API: 'true'
ports:
- 127.0.0.1:9090:80
nginx代理
server {
listen *:443 ssl http2;
server_name packages.xmyunce.com;
ssl_certificate /usr/local/nginx/ssl/packages.xmyunce.com/4676168_packages.xmyunce.com.pem;
ssl_certificate_key /usr/local/nginx/ssl/packages.xmyunce.com/4676168_packages.xmyunce.com.key;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
access_log off;
error_log /var/log/nginx/pkg_error.log;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 16k;
gzip_http_version 1.1;
gzip_min_length 2048;
gzip_types text/css image/svg+xml application/octet-stream application/javascript text/javascript application/json;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS "on";
proxy_pass http://127.0.0.1:9090/;
}
}
server {
if ($host = pkg.okvpn.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
return 301 https://$host$request_uri;
server_name packages.xmyunce.com;
}
运行容器
docker-compose up -d
配置
- http://packages.xmyunce.com
- 用户名:admin,密码:composer(默认密码)
- https://packages.xmyunce.com/users/sshkey 添加ssh,在git里需添加SSH密钥(https://git.n8y.cn/user/settings/keys) 通过
ssh-keygen -t rsa -b 4096 来生成一对密钥,把公钥*.pub上传到git,私钥上传到packages.xmyunce.com
- git上添加一个库
- https://packages.xmyunce.com/packages/submit SSH选择刚添加的SSH,Repository URL git@git.n8y.cn:linson/china-distpicker.git
- submit
- 设置一个组,将可用的库纳入该组。
- 为了安全,packages.xmyunce.com使用admin用户创建一个user,设置密码,有效期。选择一个组。
composer自动更新
- git库添加“管理Web钩子”,Url: http://webhook-packages.xmyunce.com/api/webhook/packages, 自定义事件:
- 注意密钥文本与webhook-packages.xmyunce.com后台设置一致(nwor4jwpoi789)
客户端使用私有库
- composer.json里添加:
"repositories": [
{
"type": "composer",
"url": "https://packages.xmyunce.com/"
}
- 用你的用户登陆https://packages.xmyunce.com, 获取API Token.
composer config --global --auth http-basic.packages.xmyunce.com linson xxyy
-
composer require linson/china-distpicker