XiZi's Blog
apache + gerrit + gitweb on windows 的配置
折腾了几天终于比较完整的搞定了。
电脑运行Windows Server 2008R2 with SP1,Java 1.6.0_45 x86版。
1、需要的软件
msysgit(1.8.3),gerrit(2.8.4),apache(2.4.9),gerrit_service(git commit 29aa688d2312feeca1130ac96eed9a3810088e03)
括号内为当前使用的版本。
2、安装msysgit,apache,获取gerrit,及gerrit_service的源代码。
这里仅给出gerrit_service的git repo:https://github.com/asankah/gerrit_service.git
3、Apache 配置
这里我们使用VirtualHost并开启SSL加密,配置二级域名gerrit.fengtech.com提供review服务。配置本地客户端使用用户名密码/证书进行认证,internet客户端必须使用客户端证书进行认证。
#重定向普通端口的访问到SSl端口 <VirtualHost *:80> ServerName gerrit.fengtech.com Redirect / https://gerrit.fengtech.com/ </VirtualHost>
#在开启了SSL的443端口配置虚拟主机 <VirtualHost *:443> ServerAdmin xifeng.ren@gmail.com ServerName gerrit.fengtech.com ErrorLog "logs/error_log_ssl" TransferLog "logs/access_log_ssl" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile "D:/path/to/conf/ssl/keys/.fengtech.com.crt" SSLCertificateKeyFile "D:/path/to/conf/ssl/keys/.fengtech.com.key" SSLVerifyClient none #配置客户端验证ca SSLCACertificateFile "D:/path/to/conf/ssl/keys/ca.crt" #配置客户端验证ca的吊销列表 SSLCARevocationFile "D:/path/to/conf/ssl/keys/ca.crl" SSLCARevocationCheck chain #配置代理把连接转向gerrit服务器 ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> #这里我们配置/login/需要认证,我们也可以设置所有的连接都需要真正,把"/login/"换成"/"即可,不包含引号. <Location /login/> SSLVerifyClient optional SSLOptions +FakeBasicAuth SSLOptions +StrictRequire # Force clients from the Internet to use HTTPS #RewriteEngine on #RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ #RewriteCond %{HTTPS} !=on #RewriteRule . - [F] # Allow Network Access and/or Basic Auth <requireall> # Network Access Control Require ip ::1 127 10 219.217.159.76 # HTTP Basic Authentication AuthType basic AuthName "Gerrit Code Review" AuthBasicProvider file AuthUserFile D:/path/to/htpasswd Require valid-user </requireall> <requireall> SSLVerifyDepth 5 SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 AuthBasicFake %{SSL_CLIENT_S_DN_CN} %{sha1:passphrase-%{SSL_CLIENT_S_DN_CN}} Require ssl-verify-client </requireall> </Location> AllowEncodedSlashes On #这里我们使用127.0.0.1:8081是我们后面要配置的gerrit服务监听的地址和端口。 ProxyPass / http://127.0.0.1:8081/ nocanon ProxyPassReverse / http://127.0.0.1:8081/ <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/path/to/WebRoot/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "logs/ssl_request_log_gerrit" \ "%t %h %u %{SSL_CLIENT_S_DN_CN}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
好了接下来配置gerrit。
4、gerrit的配置与安装。
gerrit需要java环境,x86或者x86_64均可,要求1.6以上版本。这里使用的是sun java1.6.0_45 x64的版本。
所有gerrit,去google下载war包,我下载的是gerrit-2.8.4.war。
配置gerrit目录
D:\Developer\WebRoot>java -jar gerrit-2.8.4.war init -d gerrit_git *** Gerrit Code Review 2.8.4 *** Create 'D:\Developer\WebRoot\gerrit_git' [Y/n]?y *** Git Repositories *** Location of Git repositories [git]:git *** SQL Database *** Database server type [h2]:h2 *** User Authentication *** 这里改为http的认证方式,使用我们刚才配置的apache认证。 Authentication method [OPENID/?]: http Get username from custom HTTP header [y/N]? SSO logout URL : *** Email Delivery 这里我们先采用默认设置稍后再更改邮件发送服务器设置。 *** SMTP server hostname [localhost]: SMTP server port [(default)]: SMTP encryption [NONE/?]: SMTP username [Administrator]: Administrator's password : confirm password : *** Container Process *** Run as [Administrator]: Java runtime [D:\Program Files\Java\jdk1.6.0_45\jre]: Copy gerrit-2.8.4.war to D:\Developer\WebRoot\gerrit_git\bin\gerrit.war [Y/n]? *** SSH Daemon *** 监听地址*,方便可以远程使用ssh协议clone和push代码,否则可以改为127.0.0.1,近监听本地端口。 Listen on address [*]: Listen on port [29418]: Gerrit Code Review is not shipped with Bouncy Castle Crypto v144 If available, Gerrit can take advantage of features in the library, but will also function without it. Download and install it now [Y/n]? y Generating SSH host key ... rsa(simple)... done *** HTTP Daemon *** 这里我们仅监听127.0.0.1这个地址即可,供给本机apache使用,当然如果使用不同的服务器,需要配置合适的监听地址。端口采用8081与apache里面的配置相对应。canonical url 使用我们的二级域名gerrit.fengtech.com Behind reverse proxy [y/N]? y Proxy uses SSL (https://) [y/N]? y Subdirectory on proxy server [/]: Listen on address [*]: 127.0.0.1 Listen on port [8081]: 8081 Canonical URL [https://127.0.0.1/]: https://gerrit.fengtech.com / *** Plugins *** 以下的plugin可以选择N,即默认。 Install plugin download-commands version v2.8.4 [y/N]? y Install plugin reviewnotes version v2.8.4 [y/N]? y Install plugin replication version v2.8.4 [y/N]? y Install plugin commit-message-length-validator version v2.8.4 [y/N]? y *** 提示配置完成,但没有自动启动,我们需要用gerrit_service配置启动gerrit Server。 Initialized D:\Developer\WebRoot\gerrit_git Automatic startup not supported on Win32.
接下来贴一下配置的结果,配置文件再gerrit目录的etc文件夹里面
[gerrit] basePath = git canonicalWebUrl = https://gerrit.fengtech.com/ [database] type = h2 database = db/ReviewDB [auth] type = HTTP [sendemail] smtpServer = smtp.gmail.com smtpServerPort = 465 smtpEncryption = ssl smtpUser = username@gmail.com smtpPass = password sslVerify = false from = Code Review <username@gmail.com> [container] user = Administrator javaHome = D:\\Program Files\\Java\\jdk1.6.0_45\\jre [sshd] listenAddress = *:29418 [httpd] listenUrl = proxy-https://127.0.0.1:8081/ [cache] directory = cache [gitweb] ;这个文件是我们一会儿要创建的对perlcgi的一个wrap,要么在windows下运行不了gitweb. cgi = /D:/path/to/Git/share/gitweb/gitweb.bat
gitweb.bat
@echo off rem 这里一定要使用git提供的perl. @"D:\Developer\Git\bin\perl.exe" "D:\Developer\Git\share\gitweb\gitweb.cgi" %*
gitweb.cgi
修改gitweb.cgi的变量
our $GIT = "D:/Developer/Git/bin/git"; 指定git
our $projectroot = "/path/to/GitRepos"; git respons 的目录
5、安装和配置gerrit_service服务。
获取源代码:git clone https://github.com/asankah/gerrit_service.git
具体是的使用参见clone得到的文档,这里仅给出用到的命令。
编译 cl /EHsc gerrit_service.cpp
安装 拷贝gerrit_service.exe 到 gerrit\bin目录
添加服务 gerrit_service.exe -j "d:\path\to\javahome" -d "d:\path\to\gerrit" -i -a apacheuser -p apachepassword
PS:注意这里一定到使用一个账户,不能用"本地系统账户",否者在配置使用cgi即gitweb的时候,打开gitweb页面非常慢,甚至停止反应。推荐新建apacheuser账户,把apache Server和 gerrit_service 都使用这个账户。
apache2配置SSL客户端认证
Gallery3 On Windows with Apache Server.
1.We need to patch some files to make gallery3 run on windows with apache web server. This is the path, but it's not stronge. you can not use this patch when you use linux etc.
2.This patch mainly fixed errors when you use none utf8 encode system. it convert the utf8 encoded filenames to locale encoded ones.
diff --git a/index.php b/index.php index e6636cf..70aeb3d 100644 --- a/index.php +++ b/index.php @@ -26,7 +26,8 @@ version_compare(PHP_VERSION, "5.2.3", "<") and // Gallery is not supported on Windows. if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { - exit("Gallery is not supported on Windows (PHP reports that you're using: " . PHP_OS . ")"); +define("WIN",true); +// exit("Gallery is not supported on Windows (PHP reports that you're using: " . PHP_OS . ")"); } // PHP 5.4 requires a timezone - if one isn't set date functions aren't going to work properly. diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index f0879d6..2c34d11 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -48,7 +48,11 @@ class system_Core { foreach ($paths as $path) { $path = rtrim($path, "/"); - $candidate = "$path/$binary"; + if (!preg_match("/^win/i", PHP_OS)) { + $candidate = "$path/$binary"; + }else{ + $candidate = "$path/$binary.exe"; + } // @suppress errors below to avoid open_basedir issues if (@file_exists($candidate)) { if (!@is_executable($candidate) && diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index c446eea..cfc75f8 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -167,7 +167,7 @@ class Item_Model_Core extends ORM_MPTT { * movie: /usr/home/www/gallery3/var/albums/Bobs Wedding/First-Dance.mp4 */ public function file_path() { - return VARPATH . "albums/" . urldecode($this->relative_path()); + return VARPATH . "albums/" . iconv("UTF-8","GBK",urldecode($this->relative_path())); } /** @@ -194,7 +194,7 @@ class Item_Model_Core extends ORM_MPTT { * movie: /usr/home/www/gallery3/var/thumbs/Bobs Wedding/First-Dance.jpg */ public function thumb_path() { - $base = VARPATH . "thumbs/" . urldecode($this->relative_path()); + $base = VARPATH . "thumbs/" . iconv("UTF-8","GBK",urldecode($this->relative_path())); if ($this->is_photo()) { return $base; } else if ($this->is_album()) { @@ -245,7 +245,7 @@ class Item_Model_Core extends ORM_MPTT { * (*) Since only photos have resizes, album and movie paths are fictitious. */ public function resize_path() { - return VARPATH . "resizes/" . urldecode($this->relative_path()) . + return VARPATH . "resizes/" . iconv("UTF-8","GBK",urldecode($this->relative_path())) . ($this->is_album() ? "/.album.jpg" : ""); } diff --git a/modules/gallery/views/admin_block_platform.html.php b/modules/gallery/views/admin_block_platform.html.php index 9a594fa..76fb0a2 100644 --- a/modules/gallery/views/admin_block_platform.html.php +++ b/modules/gallery/views/admin_block_platform.html.php @@ -15,9 +15,11 @@ <li> <?= t("MySQL: %mysql_version", array("mysql_version" => Database::instance()->query("SELECT version() as v")->current()->v)) ?> </li> + <?php if (function_exists("sys_getloadavg")): ?> <li> <?= t("Server load: %load_average", array("load_average" => join(" ", sys_getloadavg()))) ?> </li> + <?php endif; ?> <li> <?= t("Graphics toolkit: %toolkit", array("toolkit" => module::get_var("gallery", "graphics_toolkit"))) ?> </li>