通过 Nginx 代理为 Gitlab 服务器克隆的 Git 不起作用 [英] Git clone through Nginx proxy for Gitlab server is not working

问题描述

我的 Nginx 服务器充当 Gitlab 服务器的代理，问题是当我尝试**git clone git@gitlab.example.com:username/project.git**"我无法克隆项目[它不是从 Nginx 服务器到 Gitlab 服务器的隧道]

My Nginx Server is acting as a proxy for a Gitlab Server, the problem is when I try "**git clone git@gitlab.example.com:username/project.git**" I'm unable to clone the project [it is not tunneling from Nginx server to Gitlab server]

当我使用 Gitlab 服务器的 IP 地址更新本地系统的/etc/hosts 文件时，它无需密码即可正常克隆 [我已使用 Gitlab 上的 SSH 公钥更新了我的个人资料].

When I update my local system's /etc/hosts file with IP Address of Gitlab Server then it clones fine without password [I've updated my profile with SSH Public Key on Gitlab].

所以我得出的结论是，我必须使用可以通过 Nginx 服务器将 SSH 通信从任何客户端系统隧道传输到 Gitlab 服务器的规则来更新我的 Nginx 配置.

So I came to the conclusion that I've to update my Nginx Configuration with rules that can tunnel the SSH communication from any client system to Gitlab Server through Nginx Server.

通过如下更改尝试了此 Link 上的代码:

Tried the code on this Link by making changes as followed:

upstream gitlab {
server 192.168.61.102:22;
}

server {
listen 22;
server_name gitlab.example.com;

location / {
proxy_set_header  X-Real-IP  $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;

proxy_pass http://gitlab;
}
}

但它不起作用.如果有人帮助我调整规则以使其发挥作用，那就太好了.

but it is not working. It would be great if someone helps me in tweaking the rules to make it work.

注意:上面代码中192.168.61.102是我的gitlab服务器的IP地址，我的Nginx服务器是192.168.61.101

Note: In the above code 192.168.61.102 is the IP Address of my gitlab server, my Nginx server is at 192.168.61.101

推荐答案

首先，你需要停止让 Nginx 监听 22 端口.Nginx 不处理 SSH 转发，你的防火墙会.

First, you need to stop having Nginx listen on port 22. Nginx doesn't handle SSH forwarding, your firewall does.

如果您使用 iptables，那么这些规则会将所有请求通过您的 Nginx 主机转发到您的 Gitlab 主机.

If you're using iptables, then these rules will forward all requests through your Nginx host to your Gitlab host.

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination [GITLAB-IP]:22
sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 22 -j SNAT --to-source [NGINX-IP]

您可能需要更改这些命令中的 eth0 以适应您的服务器设置.

You may need to change eth0 in those commands to fit your server setup.

然后您需要通过编辑 /etc/sysctl.conf 文件并取消注释此行来启用数据包转发:

Then you need to enable packet forwarding by editing the /etc/sysctl.conf file and uncommenting this line:

net.ipv4.ip_forward=1

然后用这个命令重新加载你刚刚更改的配置:

Then reload the configuration you just changed with this command:

sudo sysctl -p

<小时>

最后，这些 iptables 规则默认情况下不是持久的，并且会在您重新启动服务器时被删除.使它们持久化的最简单方法是使用 iptables-persistent 包.你像这样安装那个包:

---

Finally, those iptables rule are not persistent by default and will be erased when you reboot the server. The easiest way to make them persistent is to use the iptables-persistent package. You install that package like this:

sudo apt-get install iptables-persistent

安装后，您可以随时使用以下命令保存/恢复 iptables 规则:

And after it's installed you can save/restore the iptables rules anytime with these commands:

sudo invoke-rc.d iptables-persistent save
sudo invoke-rc.d iptables-persistent reload

如果您使用的是 Ubuntu 16.04 或更高版本，那么这些命令是

If you're on Ubuntu 16.04 or later, then those commands are

sudo netfilter-persistent save
sudo netfilter-persistent reload

您需要在规则生效并测试它们之后运行保存命令.然后，当您的服务器重新启动时，您保存的规则将自动加载.

You'll want to run the save command after you get the rules working and you've tested them. Then, when your server reboots the rules you saved will be loaded automatically.

这篇关于通过 Nginx 代理为 Gitlab 服务器克隆的 Git 不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！