Git Server 安裝 (New)

Posted on 2014 年 10 月 23 日 by cowman.chiang

OS: Ubuntu 14.04 Server x64

安裝Gitlab + MySQL + Nginx

  1. 系統更新
apt-get update
apt-get upgrade -y
apt-get dist-upgrade
  1. 安裝基本需求
# 記得要先裝vim
update-alternatives --set editor /usr/bin/vim.basic
sudo apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate cmake
  1. 安裝python
sudo apt-get install -y python
python --version
python2 --version
# 確認 python版本,如果版本是3.x以上,則需額外安裝2.x版
# sudo apt-get install -y python2.7
# python --version # Python 2.7.3

# python2 --version # 命令執行會採用 python2, 所以需要確認 python2 的版本
# python2 不存在的話, 需要把 python 2.7 版 的 ln 過去.
# sudo ln -s /usr/bin/python /usr/bin/python2

apt-get install -y python-docutils
  1. 安裝Git
# 檢查Git目前可apt安裝的版本
apt-cache showpkg git-core

# 如果版本大於1.7.10,則可以直接使用~否則建議手動安裝新版本
# 直接安裝 => apt-get install -y git-core
# 如果原本就安裝舊有版本,移除 => apt-get remove git-core

# 手動安裝Git
apt-get install -y libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev build-essential
cd /tmp
curl --progress https://git-core.googlecode.com/files/git-1.9.0.tar.gz | tar xz
cd git-1.9.0/
make prefix=/usr/local all
make prefix=/usr/local install
  1. 安裝Ruby
# 如果裝有1.8版,先行移除
# apt-get remove ruby1.8

mkdir /tmp/ruby && cd /tmp/ruby
curl --progress ftp://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p481.tar.gz | tar xz
cd ruby-2.0.0-p481/
./configure --disable-install-rdoc
# 下面這行可以用 make 就好
make -j  `cat /proc/cpuinfo | grep 'cpu cores' | awk '{if ($4=1) print $4; else print $4-1}'`

make install
gem install bundler --no-ri --no-rdoc
  1. 新增Gitlab系統帳號
adduser --disabled-login --gecos 'GitLab' git
  1. 安裝GitLab Shell
cd /home/git
sudo -u git -H git clone https://github.com/gitlabhq/gitlab-shell.git
cd gitlab-shell

# 查看最新版本為何
# 或是使用 sudo -u git -H git checkout `sudo -u git -H git describe --abbrev=0 --tags` 自動判斷安裝最新版
sudo -u git -H git tag 
sudo -u git -H git checkout v2.1.0

sudo -u git -H cp config.yml.example config.yml

#修改gitlab_url,改成要使用的domain
sudo -u git -H editor config.yml

sudo -u git -H ./bin/install
  1. 安裝MySQL Database
apt-get install -y mysql-server mysql-client libmysqlclient-dev
mysql -u root -p
#修改密碼
> CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'GITLAB_PASSWORD';
> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
>GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'gitlab'@'localhost';

# 使用gitlab帳號測試MySQL
sudo -u git -H mysql -u gitlab -p -D gitlabhq_production
  1. 安裝GitLab
cd /home/git
sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
cd /home/git/gitlab

# 檢查版本,找stable的
# 或是使用下面自動判斷最新且stable的版本進行安裝
# sudo -u git -H git checkout `sudo -u git -H git branch -a | grep 'stable' | awk 'E
ND{print}' | awk 'split($1, version, "/") {print version[3]}'`
sudo -u git -H git branch -a
sudo -u git -H git checkout 7-0-stable
  1. 設定GitLab
cd /home/git/gitlab
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml

# 所有 localhost 改成要使用的domain. 
# /usr/bin/git 改成 /usr/local/bin/git
sudo -u git -H editor config/gitlab.yml

#調整檔案權限
chown -R git log/
chown -R git tmp/
chmod -R u+rwX  log/
chmod -R u+rwX  tmp/
sudo -u git -H mkdir /home/git/gitlab-satellites
sudo -u git -H mkdir tmp/pids/
sudo -u git -H mkdir tmp/sockets/
chmod -R u+rwX  tmp/pids/
chmod -R u+rwX  tmp/sockets/
sudo -u git -H mkdir public/uploads
chmod -R u+rwX  public/uploads
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
chmod -R u+rwX  public/uploads
sudo -u git -H mkdir public/uploads

#如果硬體記憶體規格超過2G,可將worker_processes改成3
#sudo -u git -H editor config/unicorn.rb

sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
sudo -u git -H git config --global user.name "GitLab"
sudo -u git -H git config --global user.email "gitlab@localhost"
sudo -u git -H git config --global core.autocrlf input
  1. GitLab DB設計
sudo -u git cp config/database.yml.mysql config/database.yml

# 將production區塊的secure password值改成MySQL gitlab帳號設定的帳號、密碼
sudo -u git -H editor config/database.yml

sudo -u git -H chmod o-rwx config/database.yml
  1. 安裝Gems
cd /home/git/gitlab
sudo -u git -H bundle install --deployment --without development test postgres aws
  1. 初始化 Database
# 問啥就輸入yes以便建立Database
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
# 取得系統預設帳號、密碼 (所有新安裝都一樣,務必要更改)
Administrator account created:
    login.........admin@local.host
    password......5iveL!fe
  1. 設定開機自動啟動
cp lib/support/init.d/gitlab /etc/init.d/gitlab
chmod +x /etc/init.d/gitlab
update-rc.d gitlab defaults 21
  1. 設定Logtotate
cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
  1. 檢查GitLab應用程式設定狀態
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
  1. 啟動GitLab
service gitlab start

19.安裝、設定apache2

apt-get install nginx -y
cd /home/git/gitlab
cp lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

# 修改ServerName => 使用的Domain
vim /etc/nginx/sites-available/gitlab

# 如果沒有domain name,也一樣使用localhost,請記得刪除 /etc/nginx/sites-enabled/default
  1. 重新啟動 nginx
service nginx restart
  1. 進行初始化,避免發生可愛的502錯誤…..這邊會需要一點點的時間,請等待….
cd /home/git/gitlab
sudo -u git -H RAILS_ENV=production bundle exec rake assets:precompile
  1. 用網頁連線到http://使用的domain以上面取得的帳號密碼進行測試
    第一次讀取網頁可能會需要多一點時間,也有可能因為第20步驟所以這邊不會等太久
Posted in Git, Nginx, Ubuntu | Leave a comment

更換 apt-get 來源

Posted on 2014 年 10 月 23 日 by cowman.chiang 
root@ubuntu:~# vim /etc/apt/sources.list

:%s/us.archive.ubuntu.com/tw.archive.ubuntu.com/g

或是

root@ubuntu:~# sed -i 's/us.archive.ubuntu.com/tw.archive.ubuntu.com/g' /etc/sources.list

記得要在apt-get update一下..

基本上國網 free.nchc.org 應該也可以
但是不知道為什麼一直出錯
如果想要用國網的點,就把tw.archive.ubuntu.com改成free.nchc.org

Posted in Ubuntu | Leave a comment

Shell Script Dialog

Posted on 2014 年 10 月 22 日 by cowman.chiang

  1. Dialog 預設設定通常在個人Home目錄下的檔案”.dialogrc”
    可使用指令 “dialog –create-rc ~/.dialogrc” 產生

  2. 因為預設底色是青色,結束後會有色塊殘留,所以建議將screen_color調整為黑色
    也可在 dialog 指令執行前先指定使用哪一個設定檔案進行dialog
    “export DIALOGRC=${path}/dialog.installer”
    記得離開前把DIALOGRC清空就好

  3. 下面是將常用的dialogrc寫成function

dialog_msgbox() {
  #$1 => msgbox的類別{no clear, clear, clear & exit}, $2 => 前視窗的文字說明, $3 => 顯示的資訊文字
  case $1 in
    0) 
      dialog --backtitle "${backtitle}" --title "$2" --msgbox "n${3}" 9 50;;
    1)
      dialog --backtitle "${backtitle}" --title "$2" --clear --msgbox "n${3}" 9 50;;
    2)
      dialog --backtitle "${backtitle}" --title "$2" --clear --msgbox "n${3}" 9 50
      export DIALOGRC=
      exit 1;;
  esac
}

dialog_infobox() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字
  dialog --backtitle "${backtitle}" --title "${1}" --infobox "${2}" 5 50
  sleep 1
}

dialog_inputbox() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字, $3 => 預設值
  exec 3>&1
  inputtext=$(dialog --backtitle "${backtitle}" --title "${1}" --inputbox "${2}" 10 60 ${3} 2>&1 1>&3)
  exec 3>&-
}

dialog_yesno() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字
  dialog --backtitle "${backtitle}" --title "${1}" --yesno "${2}" 7 60
  return $?
}

dialog_passwdbox() {
  #$1 => 前視窗的文字說明, $2 => 顯示的資訊文字
  exec 3>&1
  inputtext=$(dialog --backtitle "${backtitle}" --title "${1}" --insecure --clear --passwordbox "${2}" 10 60 2>&1 1>&3)
  exec 3>&-
}
Posted in Shell Script | Leave a comment

Eclipse 安裝 Python 模組

Posted on 2014 年 10 月 22 日 by cowman.chiang
  1. 下載 Python 進行安裝
    Python 下載連結

安裝過程中記得勾選加入環境變數

  1. 開啟 Eclipse => Help => Eclipse Marketplace

  2. 搜尋 Python => Go

  3. 安裝 PyDev – Python IDE for Eclipse

  4. 勾選 PyDev for Eclipse、Pydev Mylyn Integration => Next

  5. I accept the terms of the license agreements

  6. 勾選 Brainwy Software; PyDev; Brainwy => OK

  7. 重新啟動 Eclipse

  8. 開啟 Eclipse => Windows => preferences

  9. PyDev => Python Interpreters => Python Interpreter => New (右上角) => 尋找 Python 安裝的目錄,選擇 Python.exe

使用精靈創建 Python 專案,預設的註解會變成單引號,會造成錯誤 => 應該是雙引號

Posted in Eclipse, Python | Leave a comment

Eclipse 安裝 PHP 模組

Posted on 2014 年 10 月 22 日 by cowman.chiang

環境:Eclipse Version: Luna Service Release 1 (4.4.1)

  1. 開啟Eclipse => Help => Install New Software

  2. Work with 選擇 Luna – http://download.eclipse.org/releases/luna

  3. 展開 Web, XML, Java EE and OSGi Enterprise Development

  4. 勾選PHP Development Tools (PDT) => Next => 安裝

安裝完畢後重新啟動即可

Posted in Eclipse, PHP | Leave a comment

Eclipse 安裝

Posted on 2014 年 10 月 22 日 by cowman.chiang

  1. 安裝 jre or jdk
    Oracle 下載連結

  2. 下載Eclipse
    Eclipse 下載連結

  3. 解壓縮後執行

Posted in Eclipse | Leave a comment

Python 註解

Posted on 2014 年 10 月 22 日 by cowman.chiang 
# 這是註解~~~

"""
這也是註解
"""
Posted in Python | Leave a comment

Nginx SSL Enable

Posted on 2014 年 10 月 21 日 by cowman.chiang

環境: Ubuntu 14.04 x64

  1. 產生key
root@Wordpress:/tmp# openssl genrsa -des3 -out site.key 2048
Generating RSA private key, 2048 bit long modulus
..........................+++
....................................+++
e is 65537 (0x10001)
Enter pass phrase for site.key:
Verifying - Enter pass phrase for site.key:

2.產生 csr

root@Wordpress:/tmp# openssl req -new -key site.key -out site.csr
Enter pass phrase for site.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taipei City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Cowman
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:cowman.ip
Email Address []:cowman.chiang@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  1. cat csr,貼至申請處
root@Wordpress:/tmp# cat site.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAlRXMQ8wDQYDVQQIDAZUYWl3YW4xFDAS
BgNVBAcMC1RhaXBlaSBDaXR5MQ8wDQYDVQQKDAZDb3dtYW4xCzAJBgNVBAsMAklU
MRIwEAYDVQQDDAljb3dtYW4uaXAxJjAkBgkqhkiG9w0BCQEWF2Nvd21hbi5jaGlh
bmdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oNl
FGzEzzpVSvFkwrYegC1VxoznmsPp2UrImb+w2M4ZLLuqdAqjhLs1atnPaQZsQlOF
wfbnbGvcdwULuIzU8o1o1v7KS7TmWfi7P3oYG5GBRq/j3QuOQEwQ1s0QFAnulso9
rAHCt4i1rFg8wNF6mEF1Ghd2DzzD8P7Ew+LCYq+C4G8yq44RD+WJ8DccA4OQfzou
mcstrRkXWmoYyrICepCE4eqxSdlNH3dyZbSmG4yKC1gQc60/Utm5o8lGynvS0pBh
PUx124eMsWz80wZ0xAkE6Ma24XgOHied3XuaiRfBi5/tql+wfEQBrIOZ0DJ1DAhN
J723zUMw9amQ8cF4zQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGeLtDAWlgh6
ag+PP8YqXrxGSAkkyL8EKdrPEntgYEPIkKt9to+h0tKBCZ5kCvG4bL6V5zRhtx4f
ViqTzh9itOI3MDfvE5o8vxhed4jzevIifpKDONt0bAOC73STpv9+HCR+CMNX0Erf
tmhD+zuLwHcBl5qoZqaPQobPF1VR1U2jsGBZ2HTTamtjGcr0mkso3MO5QxcV8JkP
DwAc/PGn06zzKUyPeGPY2PE2xAppcof8B/WOYLvRx202YeoG6Cp1hLT94GoN+ef/
aDwd7WgaFpC1sXTnjoOlzpsxoovHmaJMTskncYkUZIsg4ZvhJnF9trqu9XlUKBh7
vDAfX3ZNzCs=
-----END CERTIFICATE REQUEST-----

  1. 這裡一樣以namecheap的comodo ssl為例,會收到下面四個檔案
    伺服器類型選nginx
    AddTrustExternalCARoot.crt
    COMODORSAAddTrustCA.crt
    COMODORSADomainValidationSecureServerCA.crt
    cowman_ip.crt

  2. 產生 ssl-bundle.crt

cat cowman_ip.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt
  1. 移除需要輸入 phase 的機制
root@Wordpress:/tmp# openssl rsa -in site.key -out site-nopass.key
Enter pass phrase for site.key:
writing RSA key
  1. 修改 nginx 設定檔,位置在 /etc/nginx/sites-enabled/default,這裡把設定檔整併在server中
root@Wordpress:/tmp# vim /etc/nginx/sites-enabled/default

server {
        #listen 80 default_server;
        #listen [::]:80 default_server ipv6only=on;
        listen 80;
        listen 443 default ssl;

        ssl_certificate /opt/local/nginx/conf/certs/ssl-bundle.crt;
        ssl_certificate_key /opt/local/nginx/conf/certs/site_ip.key;

        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;
  1. 重新啟動 nginx
service nginx restart
Posted in Nginx, SSL, Ubuntu | Leave a comment

Apache SSL Enable

Posted on 2014 年 10 月 21 日 by cowman.chiang

環境 CentOS 5.x i386

  1. 產生 key
[root@Web test]# openssl genrsa -des3 -out site.key 2048
Generating RSA private key, 2048 bit long modulus
............+++
..................+++
e is 65537 (0x10001)
Enter pass phrase for site.key:
Verifying - Enter pass phrase for site.key:
  1. 產生 csr
[root@Web test]# openssl req -new -key site.key -out site.csr
Enter pass phrase for site.key: #輸入剛剛產生key時輸入的資訊
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei City
Organization Name (eg, company) [My Company Ltd]:Cowman
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:Cowman.ip
Email Address []:cowman.chiang@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: #可以直接按enter忽略
An optional company name []: #可以直接按enter忽略
  1. cat csr,將資料丟到憑證申請的網站輸入
[root@Web test]# cat site.csr 
#將以下的資料複製,貼至申請的網站
-----BEGIN CERTIFICATE REQUEST-----
MIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAlRXMQ8wDQYDVQQIEwZUYWl3YW4xFDAS
BgNVBAcTC1RhaXBlaSBDaXR5MQ8wDQYDVQQKEwZDb3dtYW4xCzAJBgNVBAsTAklU
MRIwEAYDVQQDEwlDb3dtYW4uaXAxJjAkBgkqhkiG9w0BCQEWF2Nvd21hbi5jaGlh
bmdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUwx
YtxHedYFykUgJuhtKGF0UuzPZ195QW9imVbFy0hT3Qt9YLKrmVESTFXxcdcLI6ty
uSB3kZbnsOBr7XgGezso/lsY3dEprUplyYOXkKZsYXl7n4l7KU7nf7siGW0QY6xS
oq1+7IIWa7Z9sKfdYUU9BsmH4c3YduuTa4WKdhOtn1RfSmqr5Gt+i35WZXc2/NUo
efTHqsTmICh26eLjCmqrjgLfnSK9FpSa5q7nKbvK9s5q9Qae3vpECgJRf1klP1cS
kBUTBoa6f46Wx+nWG/+QFpsW95w84RxxAIuUsTW2VcG6Ay6Q8TDEncj7iQ0TpJnh
M3BCaepcnRVB7pNmYQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBACmQWu30vr1v
UuFxszR6ZUC3e25EEwCNg5UNh8iG9abauiE2K7l9lVWPicYdoZ1GjWGT13zMslwC
4c8nxvBKZfh4QGw5ALJvb1SZhvO/OMjPGCfQjuWRza44nNaaKi+BtCVHtglqvxTP
EXpCODWd+E9x5NCzKyXLGXJpT3rDg4Ov1QaGNMtNByQLD+SgsoTR+yS+RcxwS11Y
Ul26LrxnrbUvkwMV0/OWvbNREKSv3RsfjMWVsAtVwmdkRKlUNAFXMIOvAwmSImd/
+0ya5gEv4M+JVWWYy6vEnUOV333eR9tR4eCw7YO862TFdic9+4OPhVFpKeWJLANz
wQ4uUOWkuPA=
-----END CERTIFICATE REQUEST-----

  1. 以namecheap的comodo憑證為例,選擇伺服器為 apache + mod_ssl,會回傳兩個檔案至mail中
    cowman_ip.ca-bundle
    cowman_ip.crt

  2. 安裝mod_ssl

yum install mod_ssl
  1. 取消需要輸入phase的機制
[root@Web test]# openssl rsa -in site.key -out site-nopass.key
Enter pass phrase for roamingcenter_tanet_edu_tw.key:
writing RSA key
  1. 編輯 apache 設定檔,範例是在 /etc/httpd/conf.d/ssl.conf
[root@Web test]# vim /etc/httpd/conf.d/ssl.conf


SSLEngine on
SSLCertificateFile /etc/httpd/certs/cowman_ip.crt
SSLCertificateKeyFile /etc/httpd/certs/site-nopass.key
SSLCertificateChainFile /etc/httpd/certs/cowman_ip.ca-bundle
  1. 將 http 轉至 https,修改 /etc/httpd/conf/httpd.conf
[root@Web test]# vim /etc/httpd/conf/httpd.conf

#加在最後面
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  1. 重新啟動 apache
service httpd restart

!! 記得檢查iptables防火牆設定

Posted in Apache, CentOS, SSL | Leave a comment

Splunk : 計算log檔案在Splunk所佔的大小

Posted on 2014 年 10 月 20 日 by cowman.chiang

  1. 計算檔案空間
    Splunk 語法:
    source="/home/splunk_input_data/imss/2014/log.imss.20141019.0002" | eval esize=len(_raw) | stats sum(esize) AS sum_esize, count | eval fsize=sum_esize + count | fields fsize
    Linux指令:
    grep -v -e "^s*$" /home/splunk_input_data/imss/2014/log.imss.20141019.0002 | wc -c

  2. 計算筆數
    Splunk 語法:
    source="/home/splunk_input_data/imss/2014/log.imss.20141019.0002" | stats sum(linecount)
    Linux指令:
    grep -v -e "^s*$" /home/splunk_input_data/imss/2014/log.imss.20141019.0002 | wc -l

Posted in Linux, Splunk | Leave a comment