通过用于Gitlab服务器的Nginx代理的Git克隆不起作用 [英] Git clone through Nginx proxy for Gitlab server is not working
问题描述
我的Nginx服务器正在充当Gitlab服务器的代理,问题是当我尝试"**git clone git@gitlab.example.com:username/project.git**"时,我无法克隆项目[它没有从Nginx服务器隧道传输到Gitlab服务器]
My Nginx Server is acting as a proxy for a Gitlab Server, the problem is when I try "**git clone git@gitlab.example.com:username/project.git**" I'm unable to clone the project [it is not tunneling from Nginx server to Gitlab server]
当我使用Gitlab服务器的IP地址更新本地系统的/etc/hosts文件时,它无需密码即可正常复制[我已经在Gitlab上使用SSH公钥更新了我的配置文件].
When I update my local system's /etc/hosts file with IP Address of Gitlab Server then it clones fine without password [I've updated my profile with SSH Public Key on Gitlab].
因此我得出的结论是,我必须使用可以通过Nginx服务器将SSH通信从任何客户端系统传输到Gitlab服务器的规则来更新Nginx配置.
So I came to the conclusion that I've to update my Nginx Configuration with rules that can tunnel the SSH communication from any client system to Gitlab Server through Nginx Server.
通过进行以下更改来尝试链接上的代码:
Tried the code on this Link by making changes as followed:
upstream gitlab {
server 192.168.61.102:22;
}
server {
listen 22;
server_name gitlab.example.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://gitlab;
}
}
,但是它不起作用.如果有人帮助我调整规则使其有效,那就太好了.
but it is not working. It would be great if someone helps me in tweaking the rules to make it work.
注意:在上面的代码中192.168.61.102是我的gitlab服务器的IP地址,我的Nginx服务器在192.168.61.101
Note: In the above code 192.168.61.102 is the IP Address of my gitlab server, my Nginx server is at 192.168.61.101
推荐答案
首先,您需要停止让Nginx监听端口22.Nginx不能处理SSH转发,防火墙可以.
First, you need to stop having Nginx listen on port 22. Nginx doesn't handle SSH forwarding, your firewall does.
如果您使用的是iptables,则这些规则会将所有请求通过Nginx主机转发到Gitlab主机.
If you're using iptables, then these rules will forward all requests through your Nginx host to your Gitlab host.
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination [GITLAB-IP]:22
sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 22 -j SNAT --to-source [NGINX-IP]
您可能需要在这些命令中更改eth0以适合您的服务器设置.
You may need to change eth0 in those commands to fit your server setup.
然后,您需要通过编辑/etc/sysctl.conf文件并取消注释此行来启用数据包转发:
Then you need to enable packet forwarding by editing the /etc/sysctl.conf file and uncommenting this line:
net.ipv4.ip_forward=1
然后使用以下命令重新加载刚刚更改的配置:
Then reload the configuration you just changed with this command:
sudo sysctl -p
最后,这些iptables规则默认情况下不是持久性的,并且在重新引导服务器时将被删除.使它们持久的最简单方法是使用iptables-persistent包.您可以像这样安装该软件包:
Finally, those iptables rule are not persistent by default and will be erased when you reboot the server. The easiest way to make them persistent is to use the iptables-persistent package. You install that package like this:
sudo apt-get install iptables-persistent
安装后,您可以随时使用以下命令保存/恢复iptables规则:
And after it's installed you can save/restore the iptables rules anytime with these commands:
sudo invoke-rc.d iptables-persistent save
sudo invoke-rc.d iptables-persistent reload
如果您使用的是Ubuntu 16.04或更高版本,则这些命令为
If you're on Ubuntu 16.04 or later, then those commands are
sudo netfilter-persistent save
sudo netfilter-persistent reload
在规则生效并测试了它们之后,您将要运行save命令.然后,当服务器重新启动时,您保存的规则将自动加载.
You'll want to run the save command after you get the rules working and you've tested them. Then, when your server reboots the rules you saved will be loaded automatically.
这篇关于通过用于Gitlab服务器的Nginx代理的Git克隆不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
