Capistrano是否可以通过反向SSH隧道进行结帐？ [英] Is it possible to do have Capistrano do a checkout over a reverse SSH tunnel?

问题描述

我正在开发一个驻留在公共主机上的应用程序，但它的源码必须保留在企业防火墙后面的Git存储库中。我非常厌倦了通过 scp （复制整个存储库并通过SSH在每个部署上发货）部署的缓慢，并希望让远程主机简单地做一个 git pull 来更新。问题是防火墙禁止传入的SSH连接。

I am developing an application that resides on a public host but whose source I must keep in a Git repository behind a corporate firewall. I'm getting very tired of the slowness of deploying via scp (copying the whole repository and shipping it over SSH on each deploy) and would like to have the remote host simply do a git pull to update. The problem is that the firewall prohibits incoming SSH connections.

我可以从我的计算机到部署计算机设置一个SSH隧道，并使用我的存储库来源为 git pull ？毕竟，分发了 git ，所以我的副本与中央版本一样有效。如果可能的话，隧道命令和Capistrano配置是什么？

Would it be possible for me to set up an SSH tunnel from my computer to the deployment computer and use my repository as the source for the git pull? After all, git is distributed, so my copy is just as valid a repository as the central one. If this is possible, what would the tunnel command and the Capistrano configuration be?

我认为这个隧道看起来像

I think the tunnel will look something like

ssh -R something:deployserver.com:something deploybot@deployserver.com

推荐答案

Net :: SSH 实现远程转发。我查看了所有Capistrano的源代码，在当前版本中看不到任何引用。在使用Capistrano部署之前，这并不妨碍您建立远程转发。

Net::SSH implements remote forwarding. I have looked over all Capistrano's source code and couldn't see any references to it in the current release. None the less, that doesn't stop you from establishing remote forwarding before you deploy with Capistrano.

您要做的是设置：local_repository 和：repository 个别路径。 ：local_repository 被本地引用，以确定在连接启动之前哪些提交将用于部署。这将使远程服务器从连接启动后拉出：repository 。这是您可以指定防火墙后面的存储库的路径。

What you'll want to do is set the :local_repository and :repository paths individually. :local_repository is referenced locally to determine which commit will be used for the deployment before the connection is initiated. That leaves :repository for the remote server to pull from after the connection has been initiated. This is where you can specify the path to the repository behind the firewall.

# deploy.rb
set :local_repository, "ssh://git@serverbehindfirewall/path/to/project.git"
set :repository,  "ssh://git@localhost:9000/path/to/project.git"

部署之前，请确保建立遥控器。您将需要对您部署的每个服务器重复此操作。

Before you deploy, be sure to establish the remote forward. You'll need to repeat this for each server you deploy to.

$ ssh -R 9000:serverbehindfirewall:22 deploybot@deployserver.com
# CTRL + C + A (Screen) or ⌘ + T (Terminal.app) to open new tab
$ cap HOSTFILTER=deployserver.com deploy # HOSTFILTER reduces set to specified host. Only useful if you have multiple servers.

使用Net :: SSH可以很容易地变成一个任务，部署到多个服务器时的灵活性。

Using Net::SSH this could easily be turned into a task which is executed before anything else providing greater flexibility when deploying to multiple servers.

最后，考虑到您一直在使用scp，您可能需要设置 deploy_via，remote_cache 在远程服务器上保留存储库的副本。这大大减少了您的部署时间，减少了腐败的机会。

Lastly, given you've been using scp, you might want to set deploy_via, :remote_cache which keeps a copy of the repository on the remote server. This greatly decreases your deployment time reduces the chance of corruption.

这篇关于Capistrano是否可以通过反向SSH隧道进行结帐？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！