setup http/https git server on nginx via git-http-backend

Precondition

sudo apt-get install nginx fcgiwrap git apache2-utils 

Set up https server

First, please setup your https server by your self.
You can refer to my guide

git-http-backend

git-http-backend is a Server side implementation of Git over HTTP.
/usr/lib/git-core/git-http-backend

Set Up Password Authentication file for your git server

We can get a password with MD5-based password algorithm, Apache variant via openssl passwd command.
You can add a username to the file using this command. We are using sammy as our username, but you can use whatever name you'd like:
sudo sh -c "echo -n 'sammy:' >> .gitpasswd" 
Next, add an encrypted password entry for the username by typing:
sudo sh -c "openssl passwd -apr1 >> .gitpasswd" 
You can repeat this process for additional usernames. You can see how the usernames and encrypted passwords are stored within the file by typing:
cat .gitpasswd 
Output
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1
Or We can use The htpasswd utility, found in the apache2-utils package, serves this function well.
Let's add a new user kimmy via htpasswd, below is command line.
htpasswd -c .gitpasswd kimmy 
cat .gitpasswd 
sammy:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1 
kimmy:$apr1$sBPFn6ek$L8Ta2LkiuXzi7bQZUqUlq0 

http/https nginx conf

cat /etc/nginx/sites-enabled/git.errong.win.conf
server {
    listen  80;
    listen [::]:80;
    server_name git.errong.win;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
    location ~ (/.*) {
        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
        include       fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /home/errong_leng/www/git;
        fastcgi_param REMOTE_USER         $remote_user;
        fastcgi_param PATH_INFO           $uri;
    }
}
cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;
    auth_basic "Restricted";
    auth_basic_user_file /home/errong_leng/.gitpasswd;
    location ~ (/.*) {
        fastcgi_pass  unix:/var/run/fcgiwrap.socket;
        include       fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /home/errong_leng/www/git;
        fastcgi_param REMOTE_USER         $remote_user;
        fastcgi_param PATH_INFO           $uri;
    }
}
OK, nginx server config is done, just reload it.(sudo nginx -s reload)
Now it is time to set up git repository under the root(/home/errong_leng/www/git)

Set up git repository

$ cd www/git/ 
$ mkdir helloworld.git 
$ cd helloworld.git/ 
$ git --bare init 
Initialized empty Git repository in /home/errong_leng/www/git/helloworld.git/ 
$ cp hooks/post-update.sample hooks/post-update 
$ chmod a+x hooks/post-update 
$ chmod a+w . -R 
Now, We can git clone and push to the respository on remote machine via http/https protocol.

git clone helloworld.git

git clone https://git.errong.win/helloworld.git
Cloning into 'helloworld'...
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

git push helloworld.git

git push origin master
Username for 'https://git.errong.win': lenger
Password for 'https://lenger@git.errong.win':
Counting objects: 3, done.
Writing objects: 100% (3/3), 205 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://git.errong.win/helloworld.git
  • [new branch] master -> master

setup https server via An ACME Shell script on nginx

I will give every detail steps when I setup https server for https://git.errong.win.
You can refer as a guide.

acme.sh

acme.sh is probably the easiest & smartest shell script toautomatically issue & renew the free certificates from Let's Encrypt.
Install the shell script via guide

http server nginx conf

First, let's setup a http server first via nginx.
After you installed nginx, the simple way to setup a http server is to add a conf file under /etc/nginx/sites-enabled/ folder.
cat /etc/nginx/sites-enabled/git.errong.com.conf
server {
    listen       80;
    listen       [::]:80;
    server_name  git.errong.com;

    location / {
        root   html;
        index  index.html index.htm;
    }
}
Reload nginx via sudo nginx -s reload

issue free certificates

sudo acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /home/errong_leng/www/git --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com
[Wed Jun 13 01:51:07 UTC 2018] Single domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting domain auth token for each domain
server {
[Wed Jun 13 01:51:07 UTC 2018] Getting webroot for domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting new-authz for domain='git.errong.win'
[Wed Jun 13 01:51:08 UTC 2018] The new-authz request is ok.
[Wed Jun 13 01:51:08 UTC 2018] Verifying:git.errong.win
[Wed Jun 13 01:51:11 UTC 2018] Success
[Wed Jun 13 01:51:11 UTC 2018] Verify finished, start to sign.
[Wed Jun 13 01:51:12 UTC 2018] Cert success.

[Wed Jun 13 01:51:12 UTC 2018] Your cert is in  /etc/letsencrypt/git.errong.win/git.errong.win.cer 
[Wed Jun 13 01:51:12 UTC 2018] Your cert key is in  /etc/letsencrypt/git.errong.win/git.errong.win.key 
[Wed Jun 13 01:51:12 UTC 2018] The intermediate CA cert is in  /etc/letsencrypt/git.errong.win/ca.cer 
[Wed Jun 13 01:51:12 UTC 2018] And the full chain certs is there:  /etc/letsencrypt/git.errong.win/fullchain.cer 
[Wed Jun 13 01:51:12 UTC 2018] Run reload cmd: nginx -s reload
[Wed Jun 13 01:51:12 UTC 2018] Reload success
Ok. We have ssl certificates now.
ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer; 
ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key; 

https server nginx conf

cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    location / {
        root   html;
        index  index.html index.htm;
    }
}
 
Now. everything is ready.
Just reload nginx server.
You will find http://git.errong.win and https://git.errong.win work welll now.
Remind :
please replace the server name "git.errong.win" to yours.

Samba add user for share

add user

sudo smbpasswd -a USER
sudo smbpasswd -e USER

set up share path

/etc/samba/smb.conf
[USER] 
       comment = USER home 
       path = /home/USER 
       writeable = yes 
       public=yes 
       browseable = yes 
       create mode = 776 
       force directory mode = 776 

restart samba service

sudo systemctl restart smbd.service
sudo systemctl restart nmbd.service

if still can't access, then check below config

/etc/samba/smb.conf
[global]    hosts allow = #add your IP here 
restart samba service again, it should work now.

Fix issue : grunt init failed with error Couldn't find match for "

Issue

PS D:\Ghost> grunt init
Running "update_submodules:pinned" (update_submodules) task

Running "subgrunt:init" (subgrunt) task
yarn install v1.7.0
[1/5] Validating package.json...
[2/5] Resolving packages...
[3/5] Fetching packages...
warning Pattern ["glob@latest"] is trying to unpack in the same destination "C:\\Users\\lenger\\AppData\\Local\\Yarn\\Ca
che\\v1\\npm-glob-7.1.2-c19c9df9a028702d678612384a6552404c636d15" as pattern ["glob@^7.0.5","glob@^7.0.5","glob@^7.1.0",
"glob@^7.0.4","glob@^7.1.2","glob@^7.0.3","glob@^7.0.3","glob@^7.0.0","glob@7.1.2","glob@^7.0.3"]. This could result in
non-deterministic behavior, skipping.
error Couldn't find match for "8dc6b689903c9363ade94e2e4d21c94813bbbe98" in "refs/heads/master,refs/heads/node-4-compat,
refs/tags/v0.0.1,refs/tags/v0.0.2,refs/tags/v0.0.3,refs/tags/v0.1.0,refs/tags/v0.1.1" for "https://github.com/kevinansfi
eld/eslint-plugin-sort-imports-es6-autofix.git".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
Warning: Failed installing node modules in "core/client". Use --force to continue.

Aborted due to warnings.

Solution

find -name "yarn.lock" | xargs rm -f 
then grunt init again
grunt init 

Transfer your ghost server between hosts

Assume you have a ghost server ran at a host machine.
Oneday the host machine maybe out of space or you find a new cheap host,
or you have a new host that have power memory and performance.
Then you may need to transfer your ghost server to another new host.

tar your ghost server to a *.tar.gz

//blog is my ghost server root directory
$cd www/blog
$tar -zcvf blog.tar.gz blog
copy the blog.tar.gz to the new host

preinstall on new host

nginx
sudo apt-get install nginx
node.js
https://nodejs.org/en/download/
extract and add node bin path to env
ghost
npm i -g ghost-cli 
acme.sh
https://github.com/Neilpang/acme.sh

configure on new host

tar cvf blog.tar.gz 

nginx conf

sudo ln -sf blog/system/files/blog.conf /etc/nginx/sites-available/blog.conf
sudo ln -sf /etc/nginx/sites-available/blog.conf /etc/nginx/sites-enabled/blog.conf

start http server

ghost start 
if you encounter systemd error, just follow the hint command(ghost linuxuser systemd) by ghost
and run ghost start again.
Before you start your ghost server, you should change the DNS record for your server. Since you changed host, the IP would changed.

enable https server via letsencrypt

sudo ln -sf blog/system/files/blog-ssl.conf /etc/nginx/sites-available/blog-ssl.conf
sudo ln -sf /etc/nginx/sites-available/blog-ssl.conf /etc/nginx/sites-enabled/blog-ssl.conf
acme.sh --issue --home /etc/letsencrypt --domain errong.win --webroot /home/errong_leng/www/blog/system/nginx-root --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com

http nginx conf

server {
    listen 80;
    listen [::]:80;

    server_name errong.win;
    root /home/errong_leng/www/blog/system/nginx-root;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:6666;
        
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

https nginx conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name errong.win;
    root /home/errong_leng/www/blog/system/nginx-root;

    ssl_certificate /etc/letsencrypt/errong.win/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/errong.win/errong.win.key;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:6666;
        
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

setup shadowsocks server on ubuntu 16.04

install

sudo apt-get install software-properties-common -y
sudo add-apt-repository ppa:max-c-lv/shadowsocks-libev -y
sudo apt-get update
sudo apt install shadowsocks-libev

configure

sudo vim /etc/shadowsocks-libev/config.json
{
    "server":"10.128.0.2",
    "server_port":8911,
    "local_port":1008,
    "password":"jesusislove",
    "timeout":60,
    "method":"chacha20-ietf-poly1305"
}

start server

sudo systemctl start shadowsocks-libev

google compute engine

If the server are running on a google compute engine,
You need to setup a firewall rules for the server port(8911, written in config.json).
shadowsocks
Apply to all
IP ranges: 0.0.0.0/0
tcp:8911, udp:8911
Allow

client configuration

iOS
Android
Shadowsocks for Android / iOS also accepts BASE64 encoded URI format configs:
ss://BASE64-ENCODED-STRING-WITHOUT-PADDING#TAG 
Where the plain URI should be:
ss://method:password@hostname:port 
Quick Guide

他的力量若不够

利未记五7、11

7「他的力量若不够献一只羊羔,就要因所犯的罪,把两只斑鸠或是两只雏鸽带到耶和华面前为赎愆祭:一只作赎罪祭,一只作燔祭。

11「他的力量若不够献两只斑鸠或是两只雏鸽,就要因所犯的罪带供物来,就是细面伊法十分之一为赎罪祭;不可加上油,也不可加上乳香,因为是赎罪祭。


Photo by Brooke Lark / Unsplash

fixed: embedded-redis: Unable to run on macOS Sonoma

Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.la...