要做一个通过踏板机的ip进行git代码的上传与下载，所以思路不是踏板机上安装nginx反向代理，并且linux服务器也需要提供http方式的访问git，ssh方向不知道怎么进行反向代理。linux服务器也需要使用nginx进行http的设置，使用httpd设置的不好使。

一在服务器上安装git

安装git及相关依赖

yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-devel
yum install git

创建用户git

adduser git       #添加用户git
passwd git        #更改git的密码

为安全考虑需要禁止该用户shell登陆

vi /etc/passwd         
#找到git的行，将/bin/bash更换为/usr/bin/git-shell
#git:x:1000:1000::/home/git:/bin/bash
git:x:1000:1000::/home/git:/usr/bin/git-shell#查找git-shell目录
[root@localhost bin]# find / -name git-shell
/usr/bin/git-shell
/usr/libexec/git-core/git-shell

用户证书登录

cd /home/git/
mkdir .ssh
chmod 755 .ssh
touch .ssh/authorized_keys
chmod 644 .ssh/authorized_keys

然后将所有登陆用户的公钥保存在 authorized_keys 中。
就是通过ssh_gen 生成自己的密钥COPY到authorized_keys 中一行一个。

初始化仓库 /home/git/test.git

cd /home/git
git init --bare test.git             #初始化仓库
chown -R git:git test.git        #更改所属用户

Client端获取仓库

git clone git@ip地址:/home/git/test.git

至此可以通过ssh的方式下载代码库了。

HTTP方式设置

一、配置 EPEL源

sudo yum install -y epel-release
sudo yum -y update

二、安装Nginx

sudo yum install -y nginx

安装成功后，默认的网站目录为： /usr/share/nginx/html

默认的配置文件为：/etc/nginx/nginx.conf

自定义配置文件目录为: /etc/nginx/conf.d/

三、开启端口80和443

如果你的服务器打开了防火墙，你需要运行下面的命令，打开80和443端口。

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

四、安装fcgiwrap

git clone https://github.com/gnosek/fcgiwrap.gityum install fcgi-devel autoconf automake libtoolcd fcgiwrap && autoreconf -i && ./configure && make && make installvim /etc/init.d/fcgiwrap#! /bin/sh
# chkconfig: 2345 55 25
DESC="fcgiwrap daemon"
DEAMON=/usr/bin/spawn-fcgi
PIDFILE=/var/run/spawn-fcgi.pid
FCGI_SOCKET=/var/run/fcgiwrap.socket
FCGI_PROGRAM=/usr/local/sbin/fcgiwrap
FCGI_USER=git
FCGI_GROUP=git
FCGI_EXTRA_OPTIONS="-M 0770"
OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P $PIDFILE -- $FCGI_PROGRAM"
do_start() {$DEAMON $OPTIONS || echo -n "$DESC already running"
}
do_stop() {kill -INT `cat $PIDFILE` || echo -n "$DESC not running"
}
case "$1" instart)echo -n "Starting $DESC: $NAME"do_startecho ".";;stop)echo -n "Stopping $DESC: $NAME"do_stopecho ".";;restart)echo -n "Restarting $DESC: $NAME"do_stopdo_startecho ".";;*)echo "Usage: $SCRIPTNAME {start|stop|restart}" >&2exit 3;;
esac
exit 0chmod +x /etc/init.d/fcgiwrap
chkconfig fcgiwrap on

添加 git server 的 nginx 配置

vim /etc/nginx/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;events {worker_connections 1024;
}http {log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log  /var/log/nginx/access.log  main;sendfile            on;tcp_nopush          on;tcp_nodelay         on;keepalive_timeout   65;types_hash_max_size 4096;include             /etc/nginx/mime.types;default_type        application/octet-stream;# Load modular configuration files from the /etc/nginx/conf.d directory.# See http://nginx.org/en/docs/ngx_core_module.html#include# for more information.include /etc/nginx/conf.d/*.conf;server {listen       80;listen       [::]:80;server_name  localhost;access_log /var/log/nginx/dev.access.log;error_log /var/log/nginx/dev.error.log;#root         /usr/share/nginx/html;location /{root /home/git/;}auth_basic "git";auth_basic_user_file /usr/local/nginx/conf/pass.db;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;error_page 404 /404.html;location = /404.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}location ~ /git(/.*) {gzip off;root /usr/lib/git-core;fastcgi_pass  unix:/var/run/fcgiwrap.socket;include fastcgi_params;fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;fastcgi_param DOCUMENT_ROOT /usr/libexec/git-core/;fastcgi_param SCRIPT_NAME git-http-backend;fastcgi_param GIT_HTTP_EXPORT_ALL "";fastcgi_param GIT_PROJECT_ROOT /home/git/;fastcgi_param PATH_INFO $1;#fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;}}# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }}

systemctl start nginx
systemctl status nginx.service

五，安装spawn-fcgi

yum install spawn-fcgi
/etc/init.d/fcgiwrap start

六、receivepack

cd /home/git/test.git/
git config http.receivepack truevim /etc/selinux/configselinux=disabled#重启系统
reboot

七，设置密码

yum -y install httpd-tools
mkdir /usr/local/nginx/conf/
cd /usr/local/nginx/conf/
htpasswd -c pass.db git#输入密码

八，设置iptables

iptables -P INPUT ACCEPT
iptables -F
service iptables saveiptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 127.0.0.1 -j ACCEPT
iptables -P INPUT DROP
service iptables save

九，下载代码

在安装有nginx的windows踏板机上下载代码

git clone http://localhost/git/test.git

以上方式在阿里云和虚拟机上都测试通过。

十，windows nginx配置

#user  nobody;
worker_processes  1;#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {worker_connections  1024;
}http {include       mime.types;default_type  application/octet-stream;#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '#                  '$status $body_bytes_sent "$http_referer" '#                  '"$http_user_agent" "$http_x_forwarded_for"';#access_log  logs/access.log  main;sendfile        on;#tcp_nopush     on;#keepalive_timeout  0;keepalive_timeout  65;#gzip  on;upstream github {server linux_server_ip;keepalive 16;}server {listen       80;server_name  localhost;charset utf-8;#access_log  logs/host.access.log  main;#location / {#   root   html;#      index  index.html index.htm;#   }#error_page  404              /404.html;# redirect server error pages to the static page /50x.html#error_page   500 502 503 504  /50x.html;location = /50x.html {root   html;}location /{client_max_body_size 1024m;proxy_set_header Host linux_server_ip;#proxy_set_header X-Real-IP $remote_addr;#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_hide_header Strict-Transport-Security;proxy_pass http://github;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {#    proxy_pass   http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000##location ~ \.php$ {#    root           html;#    fastcgi_pass   127.0.0.1:9000;#    fastcgi_index  index.php;#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;#    include        fastcgi_params;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {#    deny  all;#}}# another virtual host using mix of IP-, name-, and port-based configuration##server {#    listen       8000;#    listen       somename:8080;#    server_name  somename  alias  another.alias;#    location / {#        root   html;#        index  index.html index.htm;#    }#}# HTTPS server##server {#    listen       443 ssl;#    server_name  localhost;#    ssl_certificate      cert.pem;#    ssl_certificate_key  cert.key;#    ssl_session_cache    shared:SSL:1m;#    ssl_session_timeout  5m;#    ssl_ciphers  HIGH:!aNULL:!MD5;#    ssl_prefer_server_ciphers  on;#    location / {#        root   html;#        index  index.html index.htm;#    }#}}