為了能在小小的實驗室有一個 git 託管服務,經過一分思索最後決定使用 GitBucket。
安裝紀錄
必要 package
sudo apt -y install fontconfig fonts-dejavu-core
安裝 JRE
curl -s https://api.github.com/repos/adoptium/temurin17-binaries/releases/latest | grep browser_download_url|grep jre_x64_linux| grep tar.gz\" | cut -d '"' -f 4 | wget -i -
mkdir -p /usr/local/lib/jvm
sudo tar -zxf OpenJDK17U-jre_x64_linux_hotspot_17.0.16_8.tar.gz -C /usr/local/lib/jvm/
sudo ln -s /usr/local/lib/jvm/jdk-17.0.16+8-jre /usr/local/lib/jvm/java17-latest
安裝tomcat
sudo useradd -M -s /sbin/nologin webapp
sudo useradd --system -s /sbin/nologin tomcat
sudo usermod -a -G webapp tomcat
export APACHE_TOMCAT_9_VERSION=9.0.106
wget -O /tmp/apache-tomcat-${APACHE_TOMCAT_9_VERSION}.tar.gz https://archive.apache.org/dist/tomcat/tomcat-9/v${APACHE_TOMCAT_9_VERSION}/bin/apache-tomcat-${APACHE_TOMCAT_9_VERSION}.tar.gz
sudo tar -zxf /tmp/apache-tomcat-${APACHE_TOMCAT_9_VERSION}.tar.gz -C /usr/local/apache-tomcat
sudo rm -rf /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_9_VERSION}/webapps/*
sudo chown tomcat: /usr/local/apache-tomcat
sudo chown -R tomcat: /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_9_VERSION}
sudo chown -R root: /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_9_VERSION}/logs
sudo rm -rf /usr/local/apache-tomcat/apache-tomcat-9-latest
sudo ln -s /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_9_VERSION} /usr/local/apache-tomcat/apache-tomcat-9-latest
export APACHE_TOMCAT_10_VERSION=10.1.43
mkdir - p /usr/local/apache-tomcat
wget -O /tmp/apache-tomcat-${APACHE_TOMCAT_10_VERSION}.tar.gz https://archive.apache.org/dist/tomcat/tomcat-10/v${APACHE_TOMCAT_10_VERSION}/bin/apache-tomcat-${APACHE_TOMCAT_10_VERSION}.tar.gz
sudo tar -zxf /tmp/apache-tomcat-${APACHE_TOMCAT_10_VERSION}.tar.gz -C /usr/local/apache-tomcat
sudo rm -rf /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_10_VERSION}/webapps/*
sudo chown tomcat: /usr/local/apache-tomcat
sudo chown -R tomcat: /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_10_VERSION}
sudo chown -R root: /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_10_VERSION}/logs
sudo rm -rf /usr/local/apache-tomcat/apache-tomcat-10-latest
sudo ln -s /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_10_VERSION} /usr/local/apache-tomcat/apache-tomcat-10-latest
curl -s https://api.github.com/repos/prometheus/jmx_exporter/releases/latest | grep browser_download_url | grep 'jmx_prometheus_javaagent-.*\.jar' | grep -v '\.asc\|\.sha256' | cut -d '"' -f 4 | wget -i -
rm -f /usr/local/apache-tomcat/jmx_prometheus_javaagent-*.jar
rm -f /usr/local/apache-tomcat/jmx_prometheus_javaagent.jar
mv jmx_prometheus_javaagent-*.jar /usr/local/apache-tomcat/
ln -s /usr/local/apache-tomcat/jmx_prometheus_javaagent-*.jar /usr/local/apache-tomcat/jmx_prometheus_javaagent.jar
- /usr/local/apache-tomcat/jmx-exporter.yml
# https://grafana.com/grafana/dashboards/8704-tomcat-dashboard/
---
whitelistObjectNames: ["java.lang:type=OperatingSystem", "Catalina:*"]
rules:
- pattern: 'Catalina<type=Server><>serverInfo: (.+)'
name: tomcat_serverinfo
value: 1
labels:
serverInfo: "$1"
type: COUNTER
- pattern: 'Catalina<type=GlobalRequestProcessor, name=\"(\w+-\w+)-(\d+)\"><>(\w+):'
name: tomcat_$3_total
labels:
port: "$2"
protocol: "$1"
help: Tomcat global $3
type: COUNTER
- pattern: 'Catalina<j2eeType=Servlet, WebModule=//([-a-zA-Z0-9+&@#/%?=~_|!:.,;]*[-a-zA-Z0-9+&@#/%=~_|]), name=([-a-zA-Z0-9+/$%~_-|!.]*), J2EEApplication=none, J2EEServer=none><>(requestCount|processingTime|errorCount):'
name: tomcat_servlet_$3_total
labels:
module: "$1"
servlet: "$2"
help: Tomcat servlet $3 total
type: COUNTER
- pattern: 'Catalina<type=ThreadPool, name="(\w+-\w+)-(\d+)"><>(currentThreadCount|currentThreadsBusy|keepAliveCount|connectionCount|acceptCount|acceptorThreadCount|pollerThreadCount|maxThreads|minSpareThreads):'
name: tomcat_threadpool_$3
labels:
port: "$2"
protocol: "$1"
help: Tomcat threadpool $3
type: GAUGE
- pattern: 'Catalina<type=Manager, host=([-a-zA-Z0-9+&@#/%?=~_|!:.,;]*[-a-zA-Z0-9+&@#/%=~_|]), context=([-a-zA-Z0-9+/$%~_-|!.]*)><>(processingTime|sessionCounter|rejectedSessions|expiredSessions):'
name: tomcat_session_$3_total
labels:
context: "$2"
host: "$1"
help: Tomcat session $3 total
type: COUNTER
- pattern: '.*'
chown tomcat:tomcat /usr/local/apache-tomcat/jmx_prometheus_javaagent-*.jar /usr/local/apache-tomcat/jmx-exporter.yml
設定資料庫
gitbucket 預設資料庫是 H2,正式環境建議使用 Postgresql
CREATE DATABASE gitbucket;
CREATE USER gitBucket WITH PASSWORD '<EnterPWD>';
GRANT CONNECT ON DATABASE gitBucket TO gitbucket;
ALTER DATABASE gitBucket OWNER TO gitBucket;
\c gitbucket
GRANT ALL PRIVILEGES ON DATABASE gitBucket TO gitBucket;
GRANT ALL ON SCHEMA public TO gitBucket;
安裝 gitbucket
curl -s https://api.github.com/repos/gitbucket/gitbucket/releases/latest | grep browser_download_url | grep war | cut -d '"' -f 4 | wget -qi -
# 檢查檔案有損毀
echo "$(cat gitbucket.war.md5) gitbucket.war" | md5sum -c
echo "$(cat gitbucket.war.sha1) gitbucket.war" | sha1sum -c
echo "$(cat gitbucket.war.sha256) gitbucket.war" | sha256sum -c
sudo useradd --system -s /sbin/nologin gitbucket
sudo usermod -a -G tomcat gitbucket
sudo usermod -a -G webapp gitbucket
sudo usermod -d /usr/local/gitbucket -m gitbucket
mkdir -p /usr/local/gitbucket/dump /var/log/gitbucket /usr/local/gitbucket/data
mkdir -p /usr/local/gitbucket/catalina/{temp,webapps,work}
cp -r /usr/local/apache-tomcat/apache-tomcat-${APACHE_TOMCAT_10_VERSION}/conf /usr/local/gitbucket/catalina/
chown -R gitbucket:gitbucket /usr/local/gitbucket /var/log/gitbucket /usr/local/gitbucket/data
ln -s /var/log/gitbucket /usr/local/gitbucket/catalina/logs
mkdir -p /usr/local/gitbucket/catalina/webapps/gitbucket
sudo -u gitbucket unzip -q gitbucket.war -d /usr/local/gitbucket/catalina/webapps/gitbucket
chown -R webapp:webapp /usr/local/gitbucket/catalina/webapps
- /usr/local/gitbucket/catalina/conf/server.xml
<?xml version='1.0' encoding='utf-8'?>
<Server port="-1" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector
port="10090"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
maxParameterCount="1000"
connectionTimeout="20000"
URIEncoding="UTF-8"
minSpareThreads="20"
maxThreads="1000"
acceptCount="200"
disableUploadTimeout="true"
enableLookups="false"
server="application server"
xpoweredBy=false
maxPartCount="-1"
/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="/usr/local/gitbucket/catalina/webapps"
unpackWARs="false" autoDeploy="false" reloadable="false"
>
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies=".*"
remoteIpHeader="x-forwarded-for" proxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto"
httpsServerPort="443"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
- /usr/local/gitbucket/catalina/conf/context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<Resources cachingAllowed="false" />
</Context>
- /etc/tmpfiles.d/gitbucket.conf
d /run/gitbucket 0755 gitbucket gitbucket -
f /run/gitbucket/gitbucket.pid 0664 gitbucket gitbucket -
- /etc/systemd/system/gitbucket.service
CREATE USER gitBucket WITH PASSWORD ‘’; GRANT CONNECT ON DATABASE gitBucket TO gitBucket;
# Systemd unit file for tomcat
# vserion: 1.1
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/local/lib/jvm/java17-latest
Environment=CATALINA_HOME=/usr/local/apache-tomcat/apache-tomcat-10-latest
Environment=CATALINA_PID=/run/gitbucket/gitbucket.pid
Environment=CATALINA_BASE=/usr/local/gitbucket/catalina
Environment=GITBUCKET_HOME=/usr/local/gitbucket/data
Environment=GITBUCKET_DB_URL=jdbc:postgresql://pg.pollohome.local/gitbucket
Environment=GITBUCKET_DB_USER=gitbucket
Environment=GITBUCKET_DB_PASSWORD=<EnterPWD>
#CATALINA_OPTS
Environment='CATALINA_OPTS=-server -Xshare:off -Xms1g -Xmx1g -Djava.net.preferIPv4Stack=true -XX:+EliminateLocks -XX:+UseBiasedLocking -XX:MaxJavaStackTraceDepth=100 -XX:+UseG1GC -XX:MaxGCPauseMillis=95'
#JAVA_OPTS
Environment='JAVA_OPTS=-Duser.language=zh -Duser.region=TW -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/usr/local/gitbucket/dump -javaagent:/usr/local/apache-tomcat/jmx_prometheus_javaagent.jar=10099:/usr/local/apache-tomcat/jmx-exporter.yml'
ExecStart=/usr/local/apache-tomcat/apache-tomcat-10-latest/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=gitbucket
Group=gitbucket
UMask=0027
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable --now gitbucket
sudo systemctl status gitbucket
# 檢查 jmx export
curl -i http://127.0.0.1:10019/metrics
- 設定文件: /etc/logrotate.d/gitbucket
/var/log/gitbucket/catalina.out {
daily
dateext
dateformat -%Y-%m-%d
missingok
rotate 7
copytruncate
compress
delaycompress
notifempty
size 10M
maxsize 50M
su root root
}
設定: 排程
- 指令:
crontab -u gitbucket -e
# 刪除過期的連線紀錄
0 6 * * * /usr/bin/find /var/log/gitbucket/*.txt -type f -mtime +180 -exec rm -f {} \;
# 刪除過期的程式日誌
0 6 * * * /usr/bin/find /var/log/gitbucket/*.log -type f -mtime +7 -exec rm -f {} \;
# 刪除過期的程式暫存檔
0 6 * * * /usr/bin/find /usr/local/gitbucket/catalina/temp/ -type f -mtime +7 -exec rm -f {} \;
# 刪除過期的程式dump
0 6 * * * /usr/bin/find /usr/local/gitbucket/dump/* -type f -mtime +14 -exec rm -f {} \;
預設帳密: root/root
設定: 防火牆設定
要對負載平衡開放 port
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="[AP_IP 請自己改]" port protocol="tcp" port="10090" accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="[AP_IP 請自己改]" port protocol="tcp" port="10099" accept'
git server 22 port
- 本機的 openssh server 要釋放 22 port
- 設定 Enable SSH access to git repository
- 注意 SSH bind port 不可以使用 22 port,要使用防火牆跳轉
- 設定防火牆
sudo firewall-cmd --zone=public --add-forward-port=port=22:proto=tcp:toport=10010 --permanent