XiZi's Blog

apache + gerrit + gitweb on windows 的配置

折腾了几天终于比较完整的搞定了。

电脑运行Windows Server 2008R2 with SP1,Java 1.6.0_45 x86版。

1、需要的软件

msysgit(1.8.3),gerrit(2.8.4),apache(2.4.9),gerrit_service(git commit 29aa688d2312feeca1130ac96eed9a3810088e03)

括号内为当前使用的版本。

2、安装msysgit,apache,获取gerrit,及gerrit_service的源代码。

   这里仅给出gerrit_service的git repo:https://github.com/asankah/gerrit_service.git

3、Apache 配置

这里我们使用VirtualHost并开启SSL加密,配置二级域名gerrit.fengtech.com提供review服务。配置本地客户端使用用户名密码/证书进行认证,internet客户端必须使用客户端证书进行认证。

#重定向普通端口的访问到SSl端口
<VirtualHost *:80>
    ServerName gerrit.fengtech.com
    Redirect / https://gerrit.fengtech.com/   
</VirtualHost>
#在开启了SSL的443端口配置虚拟主机
<VirtualHost *:443>
    ServerAdmin xifeng.ren@gmail.com
    ServerName gerrit.fengtech.com
        ErrorLog "logs/error_log_ssl"
        TransferLog "logs/access_log_ssl"

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
        SSLCertificateFile "D:/path/to/conf/ssl/keys/.fengtech.com.crt"
        SSLCertificateKeyFile "D:/path/to/conf/ssl/keys/.fengtech.com.key"
		
	SSLVerifyClient      none
        #配置客户端验证ca
	SSLCACertificateFile "D:/path/to/conf/ssl/keys/ca.crt"
        #配置客户端验证ca的吊销列表
	SSLCARevocationFile  "D:/path/to/conf/ssl/keys/ca.crl"
	SSLCARevocationCheck chain
	
        #配置代理把连接转向gerrit服务器	
	ProxyRequests Off
	ProxyVia Off
	ProxyPreserveHost On

        <Proxy *>
	      Order deny,allow
	      Allow from all
        </Proxy>
            #这里我们配置/login/需要认证,我们也可以设置所有的连接都需要真正,把"/login/"换成"/"即可,不包含引号.
	    <Location /login/>
		   
		    SSLVerifyClient      optional
		    SSLOptions           +FakeBasicAuth
		    SSLOptions           +StrictRequire			    
		    
		    #   Force clients from the Internet to use HTTPS
		    #RewriteEngine        on
		    #RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
		    #RewriteCond          %{HTTPS} !=on
		    #RewriteRule          . - [F]
    
		    #   Allow Network Access and/or Basic Auth
		    <requireall>
		    #   Network Access Control
		    Require              ip ::1 127 10 219.217.159.76
		    #   HTTP Basic Authentication
		    AuthType             basic
		    AuthName             "Gerrit Code Review"
		    AuthBasicProvider    file
		    AuthUserFile         D:/path/to/htpasswd
		    Require              valid-user
		    </requireall>
		    <requireall>
		    SSLVerifyDepth       5		        
		    SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128 									
                    AuthBasicFake        %{SSL_CLIENT_S_DN_CN} %{sha1:passphrase-%{SSL_CLIENT_S_DN_CN}}
		    Require              ssl-verify-client
		    </requireall>		    
	    </Location>
				
	    AllowEncodedSlashes On
            #这里我们使用127.0.0.1:8081是我们后面要配置的gerrit服务监听的地址和端口。
	    ProxyPass / http://127.0.0.1:8081/ nocanon		
            ProxyPassReverse / http://127.0.0.1:8081/
            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory "D:/path/to/WebRoot/cgi-bin">
                SSLOptions +StdEnvVars
            </Directory>

            BrowserMatch "MSIE [2-5]" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
            CustomLog "logs/ssl_request_log_gerrit" \
                  "%t %h %u %{SSL_CLIENT_S_DN_CN}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>  

好了接下来配置gerrit。

4、gerrit的配置与安装。

   gerrit需要java环境,x86或者x86_64均可,要求1.6以上版本。这里使用的是sun java1.6.0_45 x64的版本。

   所有gerrit,去google下载war包,我下载的是gerrit-2.8.4.war。

   配置gerrit目录

D:\Developer\WebRoot>java -jar gerrit-2.8.4.war init -d gerrit_git

*** Gerrit Code Review 2.8.4
***

Create 'D:\Developer\WebRoot\gerrit_git' [Y/n]?y


*** Git Repositories
***

Location of Git repositories   [git]:git


*** SQL Database
***

Database server type           [h2]:h2

*** User Authentication
*** 这里改为http的认证方式,使用我们刚才配置的apache认证。

Authentication method          [OPENID/?]: http
Get username from custom HTTP header [y/N]?
SSO logout URL                 :

*** Email Delivery  这里我们先采用默认设置稍后再更改邮件发送服务器设置。
***

SMTP server hostname           [localhost]:
SMTP server port               [(default)]:
SMTP encryption                [NONE/?]:
SMTP username                  [Administrator]:
Administrator's password       :
              confirm password :


*** Container Process
***

Run as                         [Administrator]:
Java runtime                   [D:\Program Files\Java\jdk1.6.0_45\jre]:
Copy gerrit-2.8.4.war to D:\Developer\WebRoot\gerrit_git\bin\gerrit.war [Y/n]? 


*** SSH Daemon 
*** 监听地址*,方便可以远程使用ssh协议clone和push代码,否则可以改为127.0.0.1,近监听本地端口。

Listen on address              [*]:
Listen on port                 [29418]:



Gerrit Code Review is not shipped with Bouncy Castle Crypto v144
  If available, Gerrit can take advantage of features
  in the library, but will also function without it.
Download and install it now [Y/n]? y
Generating SSH host key ... rsa(simple)... done


*** HTTP Daemon
*** 这里我们仅监听127.0.0.1这个地址即可,供给本机apache使用,当然如果使用不同的服务器,需要配置合适的监听地址。端口采用8081与apache里面的配置相对应。canonical url 使用我们的二级域名gerrit.fengtech.com

Behind reverse proxy           [y/N]? y
Proxy uses SSL (https://)      [y/N]? y
Subdirectory on proxy server   [/]:
Listen on address              [*]: 127.0.0.1
Listen on port                 [8081]: 8081
Canonical URL                  [https://127.0.0.1/]: https://gerrit.fengtech.com
/

*** Plugins
*** 以下的plugin可以选择N,即默认。

Install plugin download-commands version v2.8.4 [y/N]? y
Install plugin reviewnotes version v2.8.4 [y/N]? y
Install plugin replication version v2.8.4 [y/N]? y
Install plugin commit-message-length-validator version v2.8.4 [y/N]? y

*** 提示配置完成,但没有自动启动,我们需要用gerrit_service配置启动gerrit Server。
Initialized D:\Developer\WebRoot\gerrit_git
Automatic startup not supported on Win32.

接下来贴一下配置的结果,配置文件再gerrit目录的etc文件夹里面

[gerrit]
	basePath = git
	canonicalWebUrl = https://gerrit.fengtech.com/
[database]
	type = h2
	database = db/ReviewDB
[auth]
	type = HTTP
[sendemail]
	smtpServer = smtp.gmail.com
	smtpServerPort = 465
	smtpEncryption = ssl
	smtpUser = username@gmail.com
	smtpPass = password
	sslVerify = false
	from = Code Review <username@gmail.com>
[container]
	user = Administrator
	javaHome = D:\\Program Files\\Java\\jdk1.6.0_45\\jre
[sshd]
	listenAddress = *:29418
[httpd]
	listenUrl = proxy-https://127.0.0.1:8081/
[cache]
	directory = cache
[gitweb]
        ;这个文件是我们一会儿要创建的对perlcgi的一个wrap,要么在windows下运行不了gitweb.
        cgi = /D:/path/to/Git/share/gitweb/gitweb.bat

gitweb.bat

@echo off
rem 这里一定要使用git提供的perl.
@"D:\Developer\Git\bin\perl.exe" "D:\Developer\Git\share\gitweb\gitweb.cgi" %*

gitweb.cgi

修改gitweb.cgi的变量

our $GIT = "D:/Developer/Git/bin/git"; 指定git

our $projectroot = "/path/to/GitRepos"; git respons 的目录

 

5、安装和配置gerrit_service服务。

获取源代码:git clone https://github.com/asankah/gerrit_service.git

具体是的使用参见clone得到的文档,这里仅给出用到的命令。

编译  cl /EHsc gerrit_service.cpp

安装  拷贝gerrit_service.exe 到 gerrit\bin目录

添加服务 gerrit_service.exe -j "d:\path\to\javahome" -d "d:\path\to\gerrit" -i -a apacheuser -p apachepassword

PS:注意这里一定到使用一个账户,不能用"本地系统账户",否者在配置使用cgi即gitweb的时候,打开gitweb页面非常慢,甚至停止反应。推荐新建apacheuser账户,把apache Server和 gerrit_service 都使用这个账户。

 

 

apache2配置SSL客户端认证

这里主要参考官方连接即可:

注意版本的区别:

 apache2.2.x

        http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html

 apache2.4.x 

        http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Gallery3 On Windows with Apache Server.

1.We need to patch some files to make gallery3 run on windows with apache web server. This is the path, but it's not stronge. you can not use this patch when you use linux etc. 

2.This patch mainly fixed errors when you use none utf8 encode system. it convert the utf8 encoded filenames to locale encoded ones.

diff --git a/index.php b/index.php
index e6636cf..70aeb3d 100644
--- a/index.php
+++ b/index.php
@@ -26,7 +26,8 @@ version_compare(PHP_VERSION, "5.2.3", "<") and
 
 // Gallery is not supported on Windows.
 if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
-  exit("Gallery is not supported on Windows (PHP reports that you're using: " . PHP_OS . ")");
+define("WIN",true);
+//  exit("Gallery is not supported on Windows (PHP reports that you're using: " . PHP_OS . ")");
 }
 
 // PHP 5.4 requires a timezone - if one isn't set date functions aren't going to work properly.
diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php
index f0879d6..2c34d11 100644
--- a/modules/gallery/helpers/system.php
+++ b/modules/gallery/helpers/system.php
@@ -48,7 +48,11 @@ class system_Core {
 
     foreach ($paths as $path) {
       $path = rtrim($path, "/");
-      $candidate = "$path/$binary";
+	  if (!preg_match("/^win/i", PHP_OS)) {
+        $candidate = "$path/$binary";
+	  }else{
+	    $candidate = "$path/$binary.exe";
+	  }
       // @suppress errors below to avoid open_basedir issues
       if (@file_exists($candidate)) {
         if (!@is_executable($candidate) &&
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index c446eea..cfc75f8 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -167,7 +167,7 @@ class Item_Model_Core extends ORM_MPTT {
    *   movie: /usr/home/www/gallery3/var/albums/Bobs Wedding/First-Dance.mp4
    */
   public function file_path() {
-    return VARPATH . "albums/" . urldecode($this->relative_path());
+    return VARPATH . "albums/" . iconv("UTF-8","GBK",urldecode($this->relative_path()));
   }
 
   /**
@@ -194,7 +194,7 @@ class Item_Model_Core extends ORM_MPTT {
    *   movie: /usr/home/www/gallery3/var/thumbs/Bobs Wedding/First-Dance.jpg
    */
   public function thumb_path() {
-    $base = VARPATH . "thumbs/" . urldecode($this->relative_path());
+    $base = VARPATH . "thumbs/" . iconv("UTF-8","GBK",urldecode($this->relative_path()));
     if ($this->is_photo()) {
       return $base;
     } else if ($this->is_album()) {
@@ -245,7 +245,7 @@ class Item_Model_Core extends ORM_MPTT {
    * (*) Since only photos have resizes, album and movie paths are fictitious.
    */
   public function resize_path() {
-    return VARPATH . "resizes/" . urldecode($this->relative_path()) .
+    return VARPATH . "resizes/" . iconv("UTF-8","GBK",urldecode($this->relative_path())) .
       ($this->is_album() ? "/.album.jpg" : "");
   }
 
diff --git a/modules/gallery/views/admin_block_platform.html.php b/modules/gallery/views/admin_block_platform.html.php
index 9a594fa..76fb0a2 100644
--- a/modules/gallery/views/admin_block_platform.html.php
+++ b/modules/gallery/views/admin_block_platform.html.php
@@ -15,9 +15,11 @@
   <li>
     <?= t("MySQL: %mysql_version", array("mysql_version" => Database::instance()->query("SELECT version() as v")->current()->v)) ?>
   </li>
+  <?php if (function_exists("sys_getloadavg")): ?>
   <li>
     <?= t("Server load: %load_average", array("load_average" => join(" ", sys_getloadavg()))) ?>
   </li>
+  <?php endif; ?>
   <li>
     <?= t("Graphics toolkit: %toolkit", array("toolkit" => module::get_var("gallery", "graphics_toolkit"))) ?>
   </li>




Host by is-Programmer.com | Power by Chito 1.3.3 beta | © 2007 LinuxGem | Design by Matthew "Agent Spork" McGee