Title: GitBlit and Jenkins on Gentoo Subject: Setup GitBlit and Jenkins in Tomcat with proxy though port 80. REF: http://gitblit.com/ REF: http://mirrors.jenkins-ci.org REF: http://tomcat.apache.org/ REF: http://apache.org #---------------------------------------------------- # Summery: #---------------------------------------------------- First we need a serlvet container (I chose Tomcat) Next we deploy gitblit Next we install Jenkins #---------------------------------------------------- # Setup Tomcat #---------------------------------------------------- # # Show tomcat servlet container available in portage # eix www-servers/tomcat * www-servers/tomcat Available versions: (6) 6.0.44-r0^t ~6.0.44-r2 (7) 7.0.59-r2^t ~7.0.64^t (8) 8.0.23-r2^t ~8.0.26^t {doc extra-webapps source test websockets ELIBC="FreeBSD"} Homepage: http://tomcat.apache.org/ Description: Tomcat Servlet-3.1/JSP-2.3 Container # # Install tomcat documentation # echo 'www-servers/tomcat doc' >> /etc/portage/package.use # # Install tomcat documentation # emerge www-servers/tomcat >>> Installing (6 of 6) www-servers/tomcat-8.0.23-r2::gentoo * New ebuilds of Tomcat support running multiple instances. If you used prior version * of Tomcat (<7.0.32), you have to migrate your existing instance to work with new Tomcat. * You can find more information at https://wiki.gentoo.org/wiki/Apache_Tomcat * To manage Tomcat instances, run: * /usr/share/tomcat-8/gentoo/tomcat-instance-manager.bash --help * tomcat-dbcp.jar is not built at this time. Please fetch jar * from upstream binary if you need it. Gentoo Bug # 144276 # # Show tomcat servlet container is installed # eix tomcat [I] dev-java/tomcat-servlet-api Available versions: (2.2) 3 (2.3) 4.1.36 (2.4) 5.5.27-r1 ~5.5.34 (2.5) 6.0.44 ~6.0.44-r1 (3.0) 7.0.59 ~7.0.63 ~7.0.64 (3.1) 8.0.23 ~8.0.24 ~8.0.26 {doc source ELIBC="FreeBSD"} Installed versions: 4.1.36(2.3)(11:42:19 AM 07/09/2014)(-doc -source ELIBC="-FreeBSD") 8.0.23(3.1)(04:02:02 PM 09/15/2015)(-source ELIBC="-FreeBSD") Homepage: http://tomcat.apache.org/ Description: Tomcat's Servlet API 3.1/JSP API 2.3 implementation [I] www-servers/tomcat Available versions: (6) 6.0.44-r0^t ~6.0.44-r2 (7) 7.0.59-r2^t ~7.0.64^t (8) 8.0.23-r2^t ~8.0.26^t {doc extra-webapps source test websockets ELIBC="FreeBSD"} Installed versions: 8.0.23-r2(8)^t(04:06:19 PM 09/15/2015)(doc -extra-webapps -source -test ELIBC="-FreeBSD") Homepage: http://tomcat.apache.org/ Description: Tomcat Servlet-3.1/JSP-2.3 Container # # Create Tomcat instance (our servlet container) # /usr/share/tomcat-8/gentoo/tomcat-instance-manager.bash \ --create --user tomcat --group tomcat Successfully created instance 'tomcat-8' It's strongly recommended for production systems to go carefully through the configuration files at '/etc/tomcat-8'. The generated initial configuration is close to upstreams default which favours the demo aspect over hardening. # # Modify Tomcat config # ls -alF /etc/tomcat-8/ total 224 drwxr-x--- 3 tomcat tomcat 4096 Sep 15 16:19 ./ drwxr-xr-x 92 root root 4096 Sep 15 16:20 ../ drwxr-x--- 3 tomcat tomcat 4096 Sep 15 16:19 Catalina/ -rw-r----- 1 tomcat tomcat 12374 Sep 15 16:19 catalina.policy -rw-r----- 1 tomcat tomcat 7086 Sep 15 16:19 catalina.properties -rw-r----- 1 tomcat tomcat 1577 Sep 15 16:19 context.xml -rw-r----- 1 tomcat tomcat 3371 Sep 15 16:19 logging.properties -rw-r----- 1 tomcat tomcat 6478 Sep 15 16:19 server.xml -rw-r----- 1 tomcat tomcat 1744 Sep 15 16:19 tomcat-users.xml -rw-r----- 1 tomcat tomcat 1846 Sep 15 16:19 tomcat-users.xsd -rw-r----- 1 tomcat tomcat 166582 Sep 15 16:19 web.xml # # Filesystem location where I deploy apps # /var/lib/tomcat-8/webapps # # Init script to start Tomcat # ls -tlr /etc/init.d/tomcat-8 -rwxr-xr-x 1 root root 2835 Jul 6 10:14 /etc/init.d/tomcat-8 # # set Tomcat passwords # vi /etc/tomcat-8/tomcat-users.xml # # set Tomcat server config # vi /etc/tomcat-8/server.xml # # Start the Tomcat server # /etc/init.d/tomcat-8 start * Caching service dependencies ... * Starting tomcat-8 ... # # Show that it is running # lsof -i tcp -nP |grep 8080 java 17248 tomcat 47u IPv6 37080191 0t0 TCP *:8080 (LISTEN) # # Fix Tomcat authentication # /etc/tomcat-8/tomcat-users.xml #---------------------------------------------------- # Setup GitBlit : an open-source, pure Java stack for managing, viewing, and serving Git repositories. #---------------------------------------------------- # # Install gitblit # pushd /var/lib/tomcat-8/ http://dl.bintray.com/gitblit/releases/gitblit-1.6.2.war cp gitblit-1.6.2.war webapps/gitblit.war Browse http://myhost.mydomain.com:8080/ # # Configure # vi /var/lib/tomcat-8/webapps/gitblit/WEB-INF/web.xml By default, Gitblit WAR stores all data (users, settings, repositories, etc) in ${contextFolder}/WEB-INF/data. Change 'baseFolder' path to '/home/git/data' (something outside webapps dir). The base folder is used to specify the root location of your Gitblit data. baseFolder java.lang.String /home/git/data # # Add users and set passwords # Brows to http://myhost.mydomain.com:8080/gitblit/ User/pass: admin / admin Change password In Admin interface: Add users Set permissions for the user account ------------------ DIRECTIONS TO USER ------------------- I need you to add your ssh keys to gitblit Brows to http://myhost.mydomain.com:8080/gitblit/ In upper right corner, click the "person" icon. Select 'change password' change your password In upper right corner, click the "person" icon. Select 'my profile' Click 'SSH Keys' In the form 'Add SSH Key' paste the contents of your id_dsa.pub, id_rsa.pub, or identity.pub Click 'Add' at the bottom. Along the top header, next to "my dashboard", Click 'repositories' Click the repository Next to "repository url" you will see the url to clone: If your ssh keys are setup correctly you will have a clone. From this point on you only need the web interface to manage ssh keys. ------------------ END DIRECTIONS TO USER ------------------- # # Configure email notification # Download from http://gitblit.com/setup_hooks.html vi /home/git/data/gitblit.properties web.headerLogo = ${baseFolder}/logo.png git.packedGitLimit = 128m git.deltaBaseCacheLimit = 20m groovy.postReceiveScripts = sendmail_html git.checkReferencedObjectsAreReachable = true web.forwardSlashCharacter = ! mail.server = mail.mydomain.com mail.fromAddress = mail.adminAddresses = user1@foo.com user2@foo.com #---------------------------------------------------- # Setup Jenkins #---------------------------------------------------- vi /etc/conf.d/tomcat-8 CATALINA_OPTS="-DJENKINS_HOME=/home/jenkins_home/ -Xmx512m" mkdir -p /home/jenkins_home chown -R tomcat:tomcat /home/jenkins_home export TOMCAT_HOME=/var/lib/tomcat-8 vi $TOMCAT_HOME/conf/tomcat-users.xml vi $TOMCAT_HOME/conf/server.xml pushd /var/lib/tomcat-8/webapps wget http://mirrors.jenkins-ci.org/war/latest/jenkins.war In the end I had to add this to the /etc/init.d/tomcat-8 JENKINS_HOME=/home/jenkins_home click "Manage Jenkins" click "Setup Security" checkbox Enable Security jenkins owned user database Logged-in users can do anything Save #---------------------------------------------------- # Setup APACHE (ssl and proxy 80 to 8080 for git and jenkins #---------------------------------------------------- #====== # SSL: #====== # Generate a self signed certificate cd /root/ openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 0 # Copy to directory: mv key.pem cert.pem /etc/ssl/apache2/ # Configure apache to use the key and cert vi /etc/apache2/vhosts.d/00_default_ssl_vhost.conf SSLCertificateFile /etc/ssl/apache2/cert.pem SSLCertificateKeyFile /etc/ssl/apache2/key.pem # Reload config /etc/init.d/apache2 restart #====== # Proxy #====== # Build apache with proxy support vi /etc/make.conf APACHE2_MODULES="access authz_host auth auth_basic authn_file authz_default authz_groupfile authz_user auth_dbm auth_anon auth_digest alias file-cache echo charset-lite cache disk-cache mem-cache ext-filter case_filter case-filter-in filter deflate mime-magic cern-meta expires headers usertrack unique-id proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy-connect proxy-ftp proxy-http info include cgi cgid dav dav-fs vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions unique_id userdir so" emerge apache # Create apache configs that will use proxy for gitblit mkdir /etc/apache2/conf.d cat >> /etc/apache2/conf.d/gitblit <<'EOF' ProxyRequests Off ProxyVia Off ProxyPreserveHost On AllowEncodedSlashes NoDecode AddDefaultCharset off Order deny,allow Allow from all ProxyPass /gitblit http://localhost:8080/gitblit ProxyPassreverse /gitblit http://localhost:8080/gitblit RequestHeader set X-Forwarded-Proto https RequestHeader set X-Forwarded-Port 443 RequestHeader set X-Forwarded-Context / EOF # Create apache config for jenkins cp /etc/apache2/conf.d/gitblit /etc/apache2/conf.d/jenkins sed -i 's|gitblit|jenkins|g' /etc/apache2/conf.d/jenkins # Add Includes to config files vi /etc/apache2/vhosts.d/default_vhost.include Include /etc/apache2/conf.d/gitblit Include /etc/apache2/conf.d/jenkins # restart apache /etc/init.d/apache restart # Test: http://myhost.mydomain.com/gitblit/ https://myhost.mydomain.com/gitblit/ http://myhost.mydomain.com/jenkins/ https://myhost.mydomain.com/jenkins/