我透過 ssh 登入了一台主機,它環境是 chrooted 的 (plesk架的)

當 git clone 時,遇到

error: while accessing https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git/info/refs

fatal: HTTP request failed

後來查可以 GIT_CURL_VERBOSE=1 看細節

bash-4.1$ GIT_CURL_VERBOSE=1 git clone https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git
Initialized empty Git repository in /wow6/.git/
* Couldn't find host 192.168.10.178 in the .netrc file; using defaults
* About to connect() to 192.168.10.178 port 8883 (#0)
*   Trying 192.168.10.178... * connected
* Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* NSS error -5925
* Expire cleared
* Closing connection #0
* Couldn't find host 192.168.10.178 in the .netrc file; using defaults
* About to connect() to 192.168.10.178 port 8883 (#0)
*   Trying 192.168.10.178... * connected
* Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* NSS error -5925
* Expire cleared
* Closing connection #0
error:  while accessing https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git/info/refs

fatal: HTTP request failed

git 是搭配 curl 使用,所以有可能是 curl 有問題嗎 ?

curl -I -vvv https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git
* About to connect() to 192.168.10.178 port 8883 (#0)
* Trying 192.168.10.178... connected
* Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* NSS error -5925
* Closing connection #0
* Problem with the SSL CA cert (path? access rights?)
curl: (77) Problem with the SSL CA cert (path? access rights?)

仍無法解決以上的訊息為何 !

所以我試著重編 git + curl

編譯 curl

yum install -y openssl-devel libssh2-devel
wget https://curl.haxx.se/download/curl-7.49.1.tar.gz
tar zxvf curl-7.49.1.tar.gz
cd curl-7.49.1
./configure --prefix=/usr/local/curl --with-ssl --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt --with-libssh2 --with-ca-path=/usr/share/pki/ca-trust-source
make
make install

編譯 git

yum install -y asciidoc xmlto docbook2x
ln -s /usr/bin/db2x_docbook2texi /usr/bin/docbook2x-texi
wget https://www.kernel.org/pub/software/scm/git/git-2.8.3.tar.gz
tar zxvf git-2.8.3.tar.gz
cd git-2.8.3
make configure
./configure --prefix=/usr/local/git --with-openssl --with-curl=/usr/local/curl
make all doc info
make install install-doc install-html install-info

但仍是 Problem with the SSL CA cert (path? access rights?)

我複製 /etc/pki 到 chrooted 裡,然後,沒有用

GIT_SSL_NO_VERIFY=true GIT_SSL_CAINFO=/etc/pki/tls/certs/ca-bundle.crt GIT_CURL_VERBOSE=1 git clone https://gitlab-ci-token:m-KKZsCPNwxvh9ogjHyG@192.168.10.178:8883/Office/wow6.git

那用 git@ 這個 (ssh 方式)呢 ?

git clone git@192.168.10.178:Office/wow6.git

前提要把 ssh 加入 chrooted 裡

產生 key

ssh-keygen -t rsa -C "ssorc1@192.168.10.179"
cat ~/.ssh/id_rsa.pub

如果遇到

Host key verification failed.
fatal: The remote end hung up unexpectedly

ssh-keyscan -t rsa 192.168.10.178 >> ~/.ssh/known_hosts

再 git clone git@192.168.10.178:Office/wow6.git 就 ok

所以我放棄了,改使用 http:// ,而不用 https://

回到 gitlab 的設定,因為 8888 一定會導到 8883 ,在 gitlab.rb 找不到如何設定,所以我直接設定 nginx 開個 port 8881 與 8883 共用,但 8881 不是 ssl。

vi /var/opt/gitlab/nginx/conf/gitlab-http.conf

server {
  listen *:8881 default backlog=2048;
  # 上面加入 8881
  listen *:8883 ssl http2;
  # 註解 ssl on;
  #ssl on;
}

這邊只要 restart nginx ,不然 reconfigure 是會覆蓋的

gitlab-ctl restart nginx
Related posts 相關文章
httpx 探測爬網好用工具
More...
curl 迎來 25 年,也出到第 8 版了
More...
最近要小心 GitHub 上的 POC 庫,可能是惡意程式
More...
下載 GitHub 上某個目錄
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。