我透過 ssh 登入了一台主機,它環境是 chrooted 的 (plesk架的)
當 git clone 時,遇到
error: while accessing https://gitlab-ci-token:[email protected]:8883/Office/wow6.git/info/refs fatal: HTTP request failed
後來查可以 GIT_CURL_VERBOSE=1 看細節
bash-4.1$ GIT_CURL_VERBOSE=1 git clone https://gitlab-ci-token:[email protected]:8883/Office/wow6.git Initialized empty Git repository in /wow6/.git/ * Couldn't find host 192.168.10.178 in the .netrc file; using defaults * About to connect() to 192.168.10.178 port 8883 (#0) * Trying 192.168.10.178... * connected * Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * Unable to initialize NSS database * Initializing NSS with certpath: none * Unable to initialize NSS * NSS error -5925 * Expire cleared * Closing connection #0 * Couldn't find host 192.168.10.178 in the .netrc file; using defaults * About to connect() to 192.168.10.178 port 8883 (#0) * Trying 192.168.10.178... * connected * Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * Unable to initialize NSS database * Initializing NSS with certpath: none * Unable to initialize NSS * NSS error -5925 * Expire cleared * Closing connection #0 error: while accessing https://gitlab-ci-token:[email protected]:8883/Office/wow6.git/info/refs fatal: HTTP request failed
git 是搭配 curl 使用,所以有可能是 curl 有問題嗎 ?
curl -I -vvv https://gitlab-ci-token:[email protected]:8883/Office/wow6.git * About to connect() to 192.168.10.178 port 8883 (#0) * Trying 192.168.10.178... connected * Connected to 192.168.10.178 (192.168.10.178) port 8883 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * Unable to initialize NSS database * Initializing NSS with certpath: none * Unable to initialize NSS * NSS error -5925 * Closing connection #0 * Problem with the SSL CA cert (path? access rights?) curl: (77) Problem with the SSL CA cert (path? access rights?)
仍無法解決以上的訊息為何 !
所以我試著重編 git + curl
編譯 curl
yum install -y openssl-devel libssh2-devel wget https://curl.haxx.se/download/curl-7.49.1.tar.gz tar zxvf curl-7.49.1.tar.gz cd curl-7.49.1 ./configure --prefix=/usr/local/curl --with-ssl --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt --with-libssh2 --with-ca-path=/usr/share/pki/ca-trust-source make make install
編譯 git
yum install -y asciidoc xmlto docbook2x ln -s /usr/bin/db2x_docbook2texi /usr/bin/docbook2x-texi wget https://www.kernel.org/pub/software/scm/git/git-2.8.3.tar.gz tar zxvf git-2.8.3.tar.gz cd git-2.8.3 make configure ./configure --prefix=/usr/local/git --with-openssl --with-curl=/usr/local/curl make all doc info make install install-doc install-html install-info
但仍是 Problem with the SSL CA cert (path? access rights?)
我複製 /etc/pki 到 chrooted 裡,然後,沒有用
GIT_SSL_NO_VERIFY=true GIT_SSL_CAINFO=/etc/pki/tls/certs/ca-bundle.crt GIT_CURL_VERBOSE=1 git clone https://gitlab-ci-token:[email protected]:8883/Office/wow6.git
那用 git@ 這個 (ssh 方式)呢 ?
git clone [email protected]:Office/wow6.git
前提要把 ssh 加入 chrooted 裡
產生 key
ssh-keygen -t rsa -C "[email protected]" cat ~/.ssh/id_rsa.pub
如果遇到
Host key verification failed. fatal: The remote end hung up unexpectedly
就
ssh-keyscan -t rsa 192.168.10.178 >> ~/.ssh/known_hosts
再 git clone [email protected]:Office/wow6.git 就 ok
所以我放棄了,改使用 http:// ,而不用 https://
回到 gitlab 的設定,因為 8888 一定會導到 8883 ,在 gitlab.rb 找不到如何設定,所以我直接設定 nginx 開個 port 8881 與 8883 共用,但 8881 不是 ssl。
vi /var/opt/gitlab/nginx/conf/gitlab-http.conf
server {
listen *:8881 default backlog=2048;
# 上面加入 8881
listen *:8883 ssl http2;
# 註解 ssl on;
#ssl on;
}
這邊只要 restart nginx ,不然 reconfigure 是會覆蓋的
gitlab-ctl restart nginx
留言