Title: GitBlit and Jenkins on Gentoo
Subject: Setup GitBlit and Jenkins in Tomcat with proxy though port 80.
REF: http://gitblit.com/
REF: http://mirrors.jenkins-ci.org
REF: http://tomcat.apache.org/
REF: http://apache.org
#----------------------------------------------------
# Summery:
#----------------------------------------------------
First we need a serlvet container (I chose Tomcat)
Next we deploy gitblit
Next we install Jenkins
#----------------------------------------------------
# Setup Tomcat
#----------------------------------------------------
#
# Show tomcat servlet container available in portage
#
eix www-servers/tomcat
* www-servers/tomcat
Available versions:
(6) 6.0.44-r0^t ~6.0.44-r2
(7) 7.0.59-r2^t ~7.0.64^t
(8) 8.0.23-r2^t ~8.0.26^t
{doc extra-webapps source test websockets ELIBC="FreeBSD"}
Homepage: http://tomcat.apache.org/
Description: Tomcat Servlet-3.1/JSP-2.3 Container
#
# Install tomcat documentation
#
echo 'www-servers/tomcat doc' >> /etc/portage/package.use
#
# Install tomcat documentation
#
emerge www-servers/tomcat
>>> Installing (6 of 6) www-servers/tomcat-8.0.23-r2::gentoo
* New ebuilds of Tomcat support running multiple instances. If you used prior version
* of Tomcat (<7.0.32), you have to migrate your existing instance to work with new Tomcat.
* You can find more information at https://wiki.gentoo.org/wiki/Apache_Tomcat
* To manage Tomcat instances, run:
* /usr/share/tomcat-8/gentoo/tomcat-instance-manager.bash --help
* tomcat-dbcp.jar is not built at this time. Please fetch jar
* from upstream binary if you need it. Gentoo Bug # 144276
#
# Show tomcat servlet container is installed
#
eix tomcat
[I] dev-java/tomcat-servlet-api
Available versions:
(2.2) 3
(2.3) 4.1.36
(2.4) 5.5.27-r1 ~5.5.34
(2.5) 6.0.44 ~6.0.44-r1
(3.0) 7.0.59 ~7.0.63 ~7.0.64
(3.1) 8.0.23 ~8.0.24 ~8.0.26
{doc source ELIBC="FreeBSD"}
Installed versions: 4.1.36(2.3)(11:42:19 AM 07/09/2014)(-doc -source ELIBC="-FreeBSD") 8.0.23(3.1)(04:02:02 PM 09/15/2015)(-source ELIBC="-FreeBSD")
Homepage: http://tomcat.apache.org/
Description: Tomcat's Servlet API 3.1/JSP API 2.3 implementation
[I] www-servers/tomcat
Available versions:
(6) 6.0.44-r0^t ~6.0.44-r2
(7) 7.0.59-r2^t ~7.0.64^t
(8) 8.0.23-r2^t ~8.0.26^t
{doc extra-webapps source test websockets ELIBC="FreeBSD"}
Installed versions: 8.0.23-r2(8)^t(04:06:19 PM 09/15/2015)(doc -extra-webapps -source -test ELIBC="-FreeBSD")
Homepage: http://tomcat.apache.org/
Description: Tomcat Servlet-3.1/JSP-2.3 Container
#
# Create Tomcat instance (our servlet container)
#
/usr/share/tomcat-8/gentoo/tomcat-instance-manager.bash \
--create --user tomcat --group tomcat
Successfully created instance 'tomcat-8'
It's strongly recommended for production systems to go carefully through the
configuration files at '/etc/tomcat-8'.
The generated initial configuration is close to upstreams default which
favours the demo aspect over hardening.
#
# Modify Tomcat config
#
ls -alF /etc/tomcat-8/
total 224
drwxr-x--- 3 tomcat tomcat 4096 Sep 15 16:19 ./
drwxr-xr-x 92 root root 4096 Sep 15 16:20 ../
drwxr-x--- 3 tomcat tomcat 4096 Sep 15 16:19 Catalina/
-rw-r----- 1 tomcat tomcat 12374 Sep 15 16:19 catalina.policy
-rw-r----- 1 tomcat tomcat 7086 Sep 15 16:19 catalina.properties
-rw-r----- 1 tomcat tomcat 1577 Sep 15 16:19 context.xml
-rw-r----- 1 tomcat tomcat 3371 Sep 15 16:19 logging.properties
-rw-r----- 1 tomcat tomcat 6478 Sep 15 16:19 server.xml
-rw-r----- 1 tomcat tomcat 1744 Sep 15 16:19 tomcat-users.xml
-rw-r----- 1 tomcat tomcat 1846 Sep 15 16:19 tomcat-users.xsd
-rw-r----- 1 tomcat tomcat 166582 Sep 15 16:19 web.xml
#
# Filesystem location where I deploy apps
#
/var/lib/tomcat-8/webapps
#
# Init script to start Tomcat
#
ls -tlr /etc/init.d/tomcat-8
-rwxr-xr-x 1 root root 2835 Jul 6 10:14 /etc/init.d/tomcat-8
#
# set Tomcat passwords
#
vi /etc/tomcat-8/tomcat-users.xml
#
# set Tomcat server config
#
vi /etc/tomcat-8/server.xml
#
# Start the Tomcat server
#
/etc/init.d/tomcat-8 start
* Caching service dependencies ...
* Starting tomcat-8 ...
#
# Show that it is running
#
lsof -i tcp -nP |grep 8080
java 17248 tomcat 47u IPv6 37080191 0t0 TCP *:8080 (LISTEN)
#
# Fix Tomcat authentication
#
/etc/tomcat-8/tomcat-users.xml
#----------------------------------------------------
# Setup GitBlit : an open-source, pure Java stack for managing, viewing, and serving Git repositories.
#----------------------------------------------------
#
# Install gitblit
#
pushd /var/lib/tomcat-8/
http://dl.bintray.com/gitblit/releases/gitblit-1.6.2.war
cp gitblit-1.6.2.war webapps/gitblit.war
Browse http://myhost.mydomain.com:8080/
#
# Configure
#
vi /var/lib/tomcat-8/webapps/gitblit/WEB-INF/web.xml
By default, Gitblit WAR stores all data (users, settings, repositories, etc)
in ${contextFolder}/WEB-INF/data.
Change 'baseFolder' path to '/home/git/data' (something outside webapps dir).
The base folder is used to specify the root location of your Gitblit data.
baseFolder
java.lang.String
/home/git/data
#
# Add users and set passwords
#
Brows to http://myhost.mydomain.com:8080/gitblit/
User/pass: admin / admin
Change password
In Admin interface:
Add users
Set permissions for the user account
------------------
DIRECTIONS TO USER
-------------------
I need you to add your ssh keys to gitblit
Brows to http://myhost.mydomain.com:8080/gitblit/
In upper right corner, click the "person" icon.
Select 'change password'
change your password
In upper right corner, click the "person" icon.
Select 'my profile'
Click 'SSH Keys'
In the form 'Add SSH Key'
paste the contents of your id_dsa.pub, id_rsa.pub, or identity.pub
Click 'Add' at the bottom.
Along the top header, next to "my dashboard", Click 'repositories'
Click the repository
Next to "repository url" you will see the url to clone:
If your ssh keys are setup correctly you will have a clone.
From this point on you only need the web interface to manage ssh keys.
------------------
END DIRECTIONS TO USER
-------------------
#
# Configure email notification
#
Download from http://gitblit.com/setup_hooks.html
vi /home/git/data/gitblit.properties
web.headerLogo = ${baseFolder}/logo.png
git.packedGitLimit = 128m
git.deltaBaseCacheLimit = 20m
groovy.postReceiveScripts = sendmail_html
git.checkReferencedObjectsAreReachable = true
web.forwardSlashCharacter = !
mail.server = mail.mydomain.com
mail.fromAddress =
mail.adminAddresses = user1@foo.com user2@foo.com
#----------------------------------------------------
# Setup Jenkins
#----------------------------------------------------
vi /etc/conf.d/tomcat-8
CATALINA_OPTS="-DJENKINS_HOME=/home/jenkins_home/ -Xmx512m"
mkdir -p /home/jenkins_home
chown -R tomcat:tomcat /home/jenkins_home
export TOMCAT_HOME=/var/lib/tomcat-8
vi $TOMCAT_HOME/conf/tomcat-users.xml
vi $TOMCAT_HOME/conf/server.xml
pushd /var/lib/tomcat-8/webapps
wget http://mirrors.jenkins-ci.org/war/latest/jenkins.war
In the end I had to add this to the /etc/init.d/tomcat-8
JENKINS_HOME=/home/jenkins_home
click "Manage Jenkins"
click "Setup Security"
checkbox Enable Security
jenkins owned user database
Logged-in users can do anything
Save
#----------------------------------------------------
# Setup APACHE (ssl and proxy 80 to 8080 for git and jenkins
#----------------------------------------------------
#======
# SSL:
#======
# Generate a self signed certificate
cd /root/
openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 0
# Copy to directory:
mv key.pem cert.pem /etc/ssl/apache2/
# Configure apache to use the key and cert
vi /etc/apache2/vhosts.d/00_default_ssl_vhost.conf
SSLCertificateFile /etc/ssl/apache2/cert.pem
SSLCertificateKeyFile /etc/ssl/apache2/key.pem
# Reload config
/etc/init.d/apache2 restart
#======
# Proxy
#======
# Build apache with proxy support
vi /etc/make.conf
APACHE2_MODULES="access authz_host auth auth_basic authn_file authz_default authz_groupfile authz_user auth_dbm auth_anon auth_digest alias file-cache echo charset-lite cache disk-cache mem-cache ext-filter case_filter case-filter-in filter deflate mime-magic cern-meta expires headers usertrack unique-id proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy-connect proxy-ftp proxy-http info include cgi cgid dav dav-fs vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions unique_id userdir so"
emerge apache
# Create apache configs that will use proxy for gitblit
mkdir /etc/apache2/conf.d
cat >> /etc/apache2/conf.d/gitblit <<'EOF'
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
AddDefaultCharset off
Order deny,allow
Allow from all
ProxyPass /gitblit http://localhost:8080/gitblit
ProxyPassreverse /gitblit http://localhost:8080/gitblit
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
RequestHeader set X-Forwarded-Context /
EOF
# Create apache config for jenkins
cp /etc/apache2/conf.d/gitblit /etc/apache2/conf.d/jenkins
sed -i 's|gitblit|jenkins|g' /etc/apache2/conf.d/jenkins
# Add Includes to config files
vi /etc/apache2/vhosts.d/default_vhost.include
Include /etc/apache2/conf.d/gitblit
Include /etc/apache2/conf.d/jenkins
# restart apache
/etc/init.d/apache restart
# Test:
http://myhost.mydomain.com/gitblit/
https://myhost.mydomain.com/gitblit/
http://myhost.mydomain.com/jenkins/
https://myhost.mydomain.com/jenkins/