Previous Article Next Article 使用 plesk ssh chrooted 遇到 git clone https SSL 問題
Posted in Linux

使用 plesk ssh chrooted 遇到 git clone https SSL 問題

使用 plesk ssh chrooted 遇到 git clone https SSL 問題 Posted on 2016 年 06 月 21 日Leave a comment

我透過 ssh 登入了一台主機,它環境是 chrooted 的 (plesk架的)

當 git clone 時,遇到

error: while accessing https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git/info/refs

fatal: HTTP request failed

後來查可以 GIT_CURL_VERBOSE=1 看細節

bash-4.1$ GIT_CURL_VERBOSE=1 git clone https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git
Initialized empty Git repository in /wow6/.git/
* Couldn't find host 192.168.10.178 in the .netrc file; using defaults
* About to connect() to 192.168.10.178 port 8883 (#0)
*   Trying 192.168.10.178... * connected
* Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* NSS error -5925
* Expire cleared
* Closing connection #0
* Couldn't find host 192.168.10.178 in the .netrc file; using defaults
* About to connect() to 192.168.10.178 port 8883 (#0)
*   Trying 192.168.10.178... * connected
* Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* NSS error -5925
* Expire cleared
* Closing connection #0
error:  while accessing https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git/info/refs

fatal: HTTP request failed

git 是搭配 curl 使用,所以有可能是 curl 有問題嗎 ?

curl -I -vvv https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git
* About to connect() to 192.168.10.178 port 8883 (#0)
* Trying 192.168.10.178... connected
* Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* NSS error -5925
* Closing connection #0
* Problem with the SSL CA cert (path? access rights?)
curl: (77) Problem with the SSL CA cert (path? access rights?)

仍無法解決以上的訊息為何 !

所以我試著重編 git + curl

編譯 curl

yum install -y openssl-devel libssh2-devel
wget https://curl.haxx.se/download/curl-7.49.1.tar.gz
tar zxvf curl-7.49.1.tar.gz
cd curl-7.49.1
./configure --prefix=/usr/local/curl --with-ssl --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt --with-libssh2 --with-ca-path=/usr/share/pki/ca-trust-source
make
make install

編譯 git

yum install -y asciidoc xmlto docbook2x
ln -s /usr/bin/db2x_docbook2texi /usr/bin/docbook2x-texi
wget https://www.kernel.org/pub/software/scm/git/git-2.8.3.tar.gz
tar zxvf git-2.8.3.tar.gz
cd git-2.8.3
make configure
./configure --prefix=/usr/local/git --with-openssl --with-curl=/usr/local/curl
make all doc info
make install install-doc install-html install-info

但仍是 Problem with the SSL CA cert (path? access rights?)

我複製 /etc/pki 到 chrooted 裡,然後,沒有用

GIT_SSL_NO_VERIFY=true GIT_SSL_CAINFO=/etc/pki/tls/certs/ca-bundle.crt GIT_CURL_VERBOSE=1 git clone https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git

那用 git@ 這個 (ssh 方式)呢 ?

git clone git@192.168.10.178:Office/wow6.git

前提要把 ssh 加入 chrooted 裡

產生 key

ssh-keygen -t rsa -C "ssorc1@192.168.10.179"
cat ~/.ssh/id_rsa.pub

如果遇到

Host key verification failed.
fatal: The remote end hung up unexpectedly

ssh-keyscan -t rsa 192.168.10.178 >> ~/.ssh/known_hosts

再 git clone git@192.168.10.178:Office/wow6.git 就 ok

所以我放棄了,改使用 http:// ,而不用 https://

回到 gitlab 的設定,因為 8888 一定會導到 8883 ,在 gitlab.rb 找不到如何設定,所以我直接設定 nginx 開個 port 8881 與 8883 共用,但 8881 不是 ssl。

vi /var/opt/gitlab/nginx/conf/gitlab-http.conf

server {
  listen *:8881 default backlog=2048;
  # 上面加入 8881
  listen *:8883 ssl http2;
  # 註解 ssl on;
  #ssl on;
}

這邊只要 restart nginx ,不然 reconfigure 是會覆蓋的

gitlab-ctl restart nginx

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *