centos7搭建个人的git pages

Git Pages是结合git服务操作的web网页托管平台。通过git提交再结合git hook脚本就能很好的将提交的文件上传到web服务虚拟目录里。但是Github、Netlify、Coding等已经提供了免费git pages服务,为什么还要自己在vps上折腾搭建git pages呢?因为这些服务商提供的git pages是有限制的,比如空间容量相对较小、对动态网页支持不完善或者没有、访问速度较慢等。那么自建的git pages的优势就显现出来了。下面就介绍怎么一步步搭建该服务。

1、安装Git

1
2
$ yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-devel
$ yum install git

接下来我们 创建一个git用户组和用户,用来运行git服务:

1
2
$ groupadd git
$ useradd git -g git

2、创建ssh证书登录

收集所有需要登录的用户的公钥,公钥位于id_rsa.pub文件中,把我们的公钥导入到/home/git/.ssh/authorized_keys文件里,一行一个。

如果没有该文件创建它:

1
2
3
4
$ mkdir -p  /home/git/.ssh
$ chmod 755 /home/git/.ssh
$ touch /home/git/.ssh/authorized_keys
$ chmod 644 /home/git/.ssh/authorized_keys

客户机

1
2
#copy客户端的秘钥到vps的/home/git/.ssh/authorized_keys
$ cat ~/.ssh/id_rsa.pub

3、搭建git仓库

1
2
3
4
5
6
7
$ mkdir -p /data/git
$ chown git:git /data/git
$ chgrp -R 755 /data/git
$ cd /data/git
$ git init --bare blog.git
$ chown -R git:git blog.git
$ vim /data/git/blog.git/hooks/post-receive
1
2
#!/bin/bash
git --work-tree=/data/blog --git-dir=/data/git/blog.git checkout -f
1
$ chmod +x /data/git/blog.git/hooks/post-receive

4、搭建web服务

需要安装好nginx,可以参考我的另一篇文章《nginx学习笔记》

1
2
3
$ mkdir -p /data/blog
$ chmod -R 777 /data/blog/
$ vim /etc/nginx/conf.d/blog.conf
1
2
3
4
5
6
7
8
server {
listen 80;
server_name qcmoke.top; #填写个人域名
location / {
root /data/blog; #配置web根目录
index index.html;
}
}
1
$ nginx -s reload

5、配置https服务

1
2
3
4
#下载certbot-auto
$ wget https://dl.eff.org/certbot-auto
#给予certbot-auto可执行权限
$ chmod a+x ./certbot-auto

交互式的配置过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

#### 这里给qcmoke.top和*.qcmoke.top都设置ssl证书,让qcmoke.top以及其所有子域名都能使用同一个证书,注意域名改为自己的域名
./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "*.qcmoke.top" -d "qcmoke.top" --manual --preferred-challenges dns-01 certonly

#### 出现如下 输入邮箱
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
#### 输入A同意
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:
#### 输入Y同意
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
#### 输入Y确认
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
#### 域名添加TXT解析 添加对应的域名和值 添加好后回车继续
# dns域名解析添加txt记录:如下主机记录为_acme-challenge 记录值为apQPzp-xxxxxxxxxx_BlOSOJTYAo
Please deploy a DNS TXT record under the name
_acme-challenge.qcmoke.top with the following value:
apQPzp-xxxxxxxxxx_BlOSOJTYAo
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
#### 出现如下即成功
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/qcmoke.top/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/qcmoke.top/privkey.pem
Your cert will expire on 2018-12-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

配置PFS秘钥(可选)

生成Perfect Forward Security(PFS)键值,这步其实不做也可以。

1
2
3
$ mkdir /etc/ssl/private/ -p
$ cd /etc/ssl/private/
$ openssl dhparam 2048 -out dhparam.pem

配置nginx web服务

1
$ vim /etc/nginx/conf.d/blog.conf

需求:http://qcmoke.tophttp://www.qcmoke.tophttps://qcmoke.top都重定向到https://www.qcmoke.top,并且图片都能压缩传输。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
server {
server_name www.qcmoke.top;
listen 80;
#rewrite ^ https://$server_name$request_uri? permanent;
#rewrite ^(.*)$ https://$server_name$1 permanent;
return 301 https://$server_name$request_uri;
}
server {
server_name qcmoke.top;
listen 80;
listen 443 ssl;

#如果qcmoke.top和www.qcmoke.top是同一个通配符证书,那么配相同的证书即可,否则此处用qcmoke.top自个对应的证书
#ssl_certificate /etc/letsencrypt/live/qcmoke.top/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/qcmoke.top/privkey.pem;
ssl_certificate /etc/letsencrypt/live/qcmoke.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qcmoke.top/privkey.pem;
rewrite ^(.*)$ https://www.$server_name$1 permanent;
}


server {
listen 443 ssl;
server_name www.qcmoke.top;
charset utf-8;
root /data/blog;
index index.html index.htm;


location ~ .*\.(jpg|png|gif)$ {
# root /data/blog/images;
#传输压缩,压缩本身比较耗费服务端性能,但给带宽带来更好的传输。恰当的使用会增强资源的访问效率。
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
#压缩的文件类型,一般按需选择,但这里为了未来方便添加文件类型多选一些。具体配置参考文件/etc/nginx/mime.types
gzip_types gzip_types text/plain application/json application/x-javascript application/css application/xml application/xml+rss text/javascript application/x-httpd-php image/jpeg image/gif image/png;
#设置静态资源文件在客户端的缓存时间,除非客户清楚缓存或者关闭缓存或者强制访问才会再访问。
expires 5h;
}

#access_log /var/log/nginx/demo.mydomain.com_access.log;
#error_log /var/log/nginx/demo.mydomain.com_error.log;

# letsencrypt生成的文件
#ssl_certificate /etc/letsencrypt/live/www.qcmoke.top/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/www.qcmoke.top/privkey.pem;
ssl_certificate /etc/letsencrypt/live/qcmoke.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qcmoke.top/privkey.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets on;

# Perfect Forward Security路径,如果上面没有生成PFS,这一行 可以不用
ssl_dhparam /etc/ssl/private/dhparam.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 一般推荐使用的ssl_ciphers值: https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
ssl_prefer_server_ciphers on;

}

重载配置

1
$ nginx -s reload

6、测试

客户机

1
2
3
4
5
6
$ git clone git@qcmoke.top:/data/git/blog.git
$ cd blog/
$ echo "<h1>Qcmoke Bolg</h1>" >> index.html
$ git add .
$ git commit -m "init my blog"
$ git push -u origin master

之后浏览器访问http://qcmoke.top就能访问到push到服务器的index.html页面了。



----------- 本文结束 -----------




如果你觉得我的文章对你有帮助,你可以打赏我哦~
0%