1. 准备工作
1.1 搭建 ldap 服务
参考:https://www.cnblogs.com/lemon-le/p/6266921.html
1.2 下载gerrit-2.12.3.war包
地址:https://www.gerritcodereview.com/
1.3 配置好下载源
$ sudo apt-get update
$ sudo apt-get install default-jre daemon apache2-utils git apache2 mysql-server
1.4 创建数据库
Mysql> create database gerrit;
Mysql> grant all on gerrit.* to 'FxFT'@'localhost' identified by 'FoxitFT';
Mysql> flush privileges;
# 重启mysql
$ sudo /etc/init.d/mysql restart
2. 安装 Gerrit
/srv/gerrit/是安装目录路径, 步骤如下:
root@debian:~# java -jar gerrit-x.y.z.war init -d /srv/gerrit/
*** Gerrit Code Review x.y.z
*** Create '/srv/gerrit' [Y/n]? y
*** Git Repositories
*** Location of Git repositories [git]:
*** SQL Database
*** Database server type [h2]: mysql
Gerrit Code Review is not shipped with MySQL Connector/J 5.1.21
** This library is required for your configuration. **
Download and install it now [Y/n]? y
Downloading http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar ... OK
Checksum mysql-connector-java-5.1.21.jar OK
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [reviewdb]: gerrit
Database username [root]: FxFT
gerrituser's password :
confirm password :
*** User Authentication
***
Authentication method [OPENID/?]: http
Get username from custom HTTP header [y/N]? n
SSO logout URL :
*** Email Delivery
***
SMTP server hostname [localhost]: smtp.qq.com
SMTP server port [(default)]: 587
SMTP encryption [NONE/?]: tls
SMTP username [root]: 12345678@qq.com
12345678@qq.com's password :
confirm password :
*** Container Process
***
Run as [root]:
Java runtime [/usr/lib/jvm/java-7-openjdk-amd64/jre]:
Copy gerrit-x.y.war to /srv/gerrit/bin/gerrit.war [Y/n]? y
Copying gerrit-x.y.war to /srv/gerrit/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Gerrit Code Review is not shipped with Bouncy Castle Crypto v144
If available, Gerrit can take advantage of features
in the library, but will also function without it.
Download and install it now [Y/n]? y
Downloading http://www.bouncycastle.org/download/bcprov-jdk16-144.jar ... !! FAIL !!
error: http://www.bouncycastle.org/download/bcprov-jdk16-144.jar: 302 Found
Please download:
http://www.bouncycastle.org/download/bcprov-jdk16-144.jar
and save as:
/srv/gerrit/lib/bcprov-jdk16-144.jar
Press enter to continue
Continue without this library [Y/n]? y
Generating SSH host key ... rsa(simple)... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]? n
Subdirectory on proxy server [/]:
Listen on address [*]:
Listen on port [8081]: 8081
Canonical URL [http://debian.localhost/]:
*** Plugins
***
Install plugin reviewnotes version v2.8 [y/N]? y
Install plugin download-commands version v2.8 [y/N]? y
Install plugin replication version v2.8 [y/N]? y
Install plugin commit-message-length-validator version v2.8 [y/N]? y
Initialized /srv/gerrit
Executing /srv/gerrit/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on debian.localhost:80 ... OK
Opening http://debian.localhost/#/admin/projects/ ...FAILED
Open Gerrit with a JavaScript capable browser:
http://debian.localhost/#/admin/projects/
3. 设置 Gerrit 启动脚本
$ sudo cp /srv/gerrit/bin/gerrit.sh /etc/init.d/gerrit
$ sudo vim /etc/init.d/gerrit
# 大概在47行写入,GERRIT_SITE=跟路径
GERRIT_SITE=/srv/gerrit/
# 重启gerrit服务
$ sudo /etc/init.d/gerrit restart
4. Gerrit配置
$ sudo vi /srv/gerrit/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://10.104.128.161/r/
[database]
type = mysql
hostname = localhost
database = gerrit
username = FxFT
[index]
type = LUCENE
[auth]
type = LDAP
[ldap]
server = ldap://192.168.1.222:555 //这是搭建好ldap的ip地址
accountBase = dc=foxitsoftware,dc=com
accountFullName = ${cn}
groupBase = dc=foxitsoftware,dc=com
[sendemail]
smtpServer = smtp.qq.com
smtpServerPort = 587
smtpEncryption = TLS
smtpUser = 12345678@qq.com
[container]
#user = root
user = www-data //以www-data运行,不然Apache调用的时候会报权限问题
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/r/
listenUrl = proxy-https://*:8081/r/
requestLog = true
[cache]
directory = cache
[user]
anonymousCoward = Unregistered User
[change]
submitWholeTopic = true
[receive]
enableSignedPush = false
5. 设置主和组的权限
# chown -R www-data:www-data /srv/gerrit
6. 配置web
$ sudo vim /etc/apache2/sites-available/gerrit.conf
<VirtualHost *:80>
ServerName 192.168.222.111
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
ErrorLog /var/log/apache2/testlink_foxitsoftware_com_error.log
CustomLog /var/log/apache2/testlink_foxitsoftware_com_access.log combined
<Proxy *:80>
Order deny,allow
Allow from all
</Proxy>
<Location "/login/">
AuthType Basic
AuthName "Gerrit”
Require valid-user
AuthUserFile /srv/gerrit/etc/password
</Location>
AllowEncodedSlashes On
ProxyPass / http://127.0.0.1:8082/ nocanon
</VirtualHost>
7. 设置一个gerrit授权用户的账号和密码
$ sudo htpasswd -c /srv/gerrit/etc/password gerrit kevinstar
8. 配置默认网站路径index.html
$ sudo vim /var/www/index.html
<html>
<head>
<script type="text/javascript">
window.location.href='/r/';
</script>
</head>
<body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>
9. 加载proxy模块
$ sudo a2enmod proxy
# 软连接
$ sudo cd /etc/apache2/mods-enabled
$ sudo ln -s ../mods-available/proxy_http.load proxy_http.load
10. 重启apache2和gerrit服务
$ sudo /etc/init.d/gerrit restart
$ sudo /etc/init.d/apache2 restart
现在就可以登陆web界面做测试了
11. 启用443端口配置:
$ sudo apt-get install ssl-cert
$ sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/apache2.pem
$ sudo openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/apache2.pem -out /etc/ssl/private/apache2.pem -nodes -days 999
Generating a 1024 bit RSA private key
..............++++++
.........................++++++
writing new private key to '/etc/ssl/private/apache2.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ll
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:12345678@qq.com
#openssl genrsa 1024 >server.key
#openssl req -new -key server.key > server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:12345678@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:kevinstar
An optional company name []:foxit
12. 开启ssl模块
$ sudo a2enmod ssl
13. 配置Apache站点配置:
$ sudo vi /etc/apache2/sites-availble/gerrit.conf
<VirtualHost *:80>
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *:80>
Order deny,allow
Allow from all
</Proxy>
AllowEncodedSlashes On
ProxyPass /r/ http://127.0.0.1:8081/r/ nocanon
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *:443>
Order deny,allow
Allow from all
</Proxy>
<Location "/r/login/">
AuthType Basic
AuthName "Gerrit"
Require valid-user
AuthUserFile /etc/gerrit/etc/.password
</Location>
<Location "/p/">
AuthType Basic
AuthName "Gerrit Code Review"
</Location>
AllowEncodedSlashes On
ProxyPass /r/ http://127.0.0.1:8082/r/ nocanon
ProxyPass /p/ http://127.0.0.1:8082/p/ nocanon
</VirtualHost>
14. 修改gerrit配置:
$ sudo vi /etc/gerrit/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://10.104.128.161/r/
[database]
type = mysql
hostname = localhost
database = gerritdb
username = gerrituser
[auth]
type = LDAP
[ldap]
server = ldap://192.168.222.111:389
accountBase = dc=foxitsoftware,dc=com
accountFullName = ${cn}
groupBase = dc=ll,dc=com
[sendemail]
smtpServer = smtp.qq.com
smtpServerPort = 587
smtpEncryption = TLS
smtpUser = 12345678@qq.com
[container]
user = root
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/r/
listenUrl = proxy-https://*:8082/r/
requestLog = true
[cache]
directory = cache
[user]
anonymousCoward = Unregistered User
[change]
submitWholeTopic = true
[receive]
enableSignedPush = false
15. 重启Apache和gerrit:
$ sudo /etc/init.d/apache restart
$ sudo /etc/init.d/gerrit restart
网友评论