http的认证文件

  • 安装工具包

yum install -y httpd-tools

  • 创建用户、密码

cd /home/gerrit/gerrit_site/ 进入存放认证文件的目录

htpasswd -c htpasswd.conf admin在当前目录创建 htpasswd.conf 文件,并添加一个admin用户并设置密码

[gerrit@centos233 gerrit_site]$ htpasswd -c htpasswd.conf admin
New password: 
Re-type new password: 
Adding password for user admin
  • 新增用户、修改用户密码

htpasswd -m htpasswd.conf admin

[gerrit@centos233 gerrit_site]$ htpasswd -m htpasswd.conf userName
New password: 
Re-type new password: 
Adding password for user userName

脚本修改密码

#!/usr/bin/expect
set timeout 30
spawn htpasswd -m ./htpasswd.conf [lindex $argv 0]
expect "New password:"
send "[lrange $argv 1 1]\r"
expect "Re-type new password:"
send "[lrange $argv 1 1]\r"
interact
  • 验证用户密码并修改密码
#!/bin/bash
if [ $# -lt 3 ]
then
    echo "Error: param error!!
请输入:指令 username oldPwd newPwd"
exit
fi
salt=$(cat ./htpasswd.conf | grep ^$1: | cut -d$ -f3)
#echo "salt: $salt"
password=$(openssl passwd -apr1 -salt $salt $2)

grep -q $1:$password ./htpasswd.conf

if [ $? -eq 0 ]
then
    echo "password is valid"
    expect ./modify.exp $1 $3
else
    echo "password is invalid"
fi

Nginx代理设置

vim /usr/local/nginx/conf/vhost/gerrit.conf

server {
    listen *:8088; //监听的端口
    server_name gerrit.wenbin.com;
    allow   all;
    deny    all;

    auth_basic "Welcomme to Gerrit Code Review Site!";
    auth_basic_user_file /home/gerrit/gerrit_site/htpasswd.conf; //AuthUserFile路径,即http认证文件

    location / {
        proxy_pass  http://127.0.0.1:8081; //代理到本地的8081端口,对应于gerrit的监听端口
                                           //注意后面不能加"/",否则会出现“Code Review - Error The page you requested was not found....permission to view this page”的报错
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
    }

    error_page  404   /404.html;
    location = /404.html {

    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}

重启nginx服务

/usr/local/nginx/sbin/nginx -s reload

防火墙配置

vim /etc/firewalld/zones/public.xml

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <service name="http"/>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="8088"/>
  <port protocol="tcp" port="20"/>
  <port protocol="tcp" port="29418"/>
</zone>

放开29418和8088端口

results matching ""

    No results matching ""