知识分享

分享、变通、创造、创新

apache git gogs https转发 HTTP 请求:匹配 /gogs 路径到后端 Gogs 服务

· 2026年2月22日

apache gogs https转发 HTTP 请求:匹配 /gogs 路径到后端 Gogs 服务

stevenroc@stevenroc:/opt/openAI $ sudo su – git
stevenroc@stevenroc:/etc/apache2/sites-available $ sudo rsync -av –chown=git:git /home/stevenroc/gogs/ssl/ /home/git/gogs/ssl/

sudo rsync -av –chown=git:git /home/stevenroc/gogs/ssl/ /home/git/gogs/

1、

# 1. 检查当前证书权限
ls -la /home/git/gogs/ssl/

# 2. 修复权限(关键步骤)
git@stevenroc:~/gogs $ sudo chown -R git:git /home/git/gogs/ssl/
git@stevenroc:~/gogs $ chmod 600 /home/git/gogs/ssl/client-key.pem
git@stevenroc:~/gogs $ chmod 644 /home/git/gogs/ssl/ca-cert.pem
git@stevenroc:~/gogs $ chmod 644 /home/git/gogs/ssl/client-cert.pem

git@stevenroc:~/gogs $ ls -la /home/git/gogs/ssl/
total 20
drwxr-xr-x 2 git git 4096 Feb 24 13:16 .
drwxr-xr-x 7 git git 4096 Feb 24 10:16 ..
-rw-r–r– 1 git git 1530 Feb 24 13:03 ca-cert.pem
-rw-r–r– 1 git git 1382 Feb 24 09:58 client-cert.pem
-rw-r–r– 1 git git 1702 Feb 24 09:58 client-key.pem

# 3. 验证修复后权限
ls -la /home/git/gogs/ssl/

# 4. 再次测试连接
mysql -u gogs -p -h 127.0.0.1 –ssl-ca=/home/git/gogs/ssl/ca-cert.pem –ssl-cert=/home/git/gogs/ssl/client-cert.pem –ssl-key=/home/git/gogs/ssl/client-key.pem -e “STATUS;” gogs

1、

git@stevenroc:~/gogs $ ls -la /home/git/gogs/ssl/
total 20
drwxr-xr-x 2 git git 4096 Feb 24 13:16 .
drwxr-xr-x 7 git git 4096 Feb 24 10:16 ..
-rw-r–r– 1 git git 1530 Feb 24 13:03 ca-cert.pem
-rw-r–r– 1 git git 1382 Feb 24 09:58 client-cert.pem
-rw-r–r– 1 git git 1702 Feb 24 09:58 client-key.pem

2、

stevenroc@stevenroc:~ $ mysql -u gogs -p -h 127.0.0.1 –ssl-ca=/home/git/gogs/ssl/ca-cert.pem –ssl-cert=/home/git/gogs/ssl/client-cert.pem –ssl-key=/home/git/gogs/ssl/client-key.pem -e “STATUS;” gogs
Enter password:
————–
mysql Ver 15.1 Distrib 10.11.14-MariaDB, for debian-linux-gnu (aarch64) using EditLine wrapper

Connection id: 189
Current database: gogs
Current user: gogs@localhost
SSL: Cipher in use is TLS_AES_256_GCM_SHA384
Current pager: stdout
Using outfile: ”
Using delimiter: ;
Server: MariaDB
Server version: 10.11.14-MariaDB-0+deb12u2 Debian 12
Protocol version: 10
Connection: 127.0.0.1 via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb3
Conn. characterset: utf8mb3
TCP port: 3306
Uptime: 2 hours 12 min 4 sec

Threads: 4 Questions: 993 Slow queries: 0 Opens: 44 Open tables: 37 Queries per second avg: 0.125
————–

3、

stevenroc@stevenroc:~ $ mysql -u gogs -p -h 127.0.0.1 -e “STATUS;” gogs
Enter password:
————–
mysql Ver 15.1 Distrib 10.11.14-MariaDB, for debian-linux-gnu (aarch64) using EditLine wrapper

Connection id: 183
Current database: gogs
Current user: gogs@localhost
SSL: Cipher in use is TLS_AES_256_GCM_SHA384
Current pager: stdout
Using outfile: ”
Using delimiter: ;
Server: MariaDB
Server version: 10.11.14-MariaDB-0+deb12u2 Debian 12
Protocol version: 10
Connection: 127.0.0.1 via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb3
Conn. characterset: utf8mb3
TCP port: 3306
Uptime: 1 hour 59 min 7 sec

Threads: 6 Questions: 989 Slow queries: 0 Opens: 44 Open tables: 37 Queries per second avg: 0.138
————–

一、apache配置

stevenroc@stevenroc: $ cd /etc/apache2/sites-available

apache配置一个域名两个SSL证书
zhonjin.com,chanking.zhonjin.com
apache配置一个域名一个SSL证书git.zhonjin.com

1、sudo nano default-ssl.conf

<VirtualHost *:443>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/html
ServerName zhonjin.com
ServerAlias chanking.zhonjin.com

SSLCertificateFile /etc/letsencrypt/archive/zhonjin.com/fullchain1.pem
SSLCertificateChainFile /etc/letsencrypt/archive/zhonjin.com/chain1.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/zhonjin.com/privkey1.pem

SSLCACertificatePath /etc/apache2/cert/
SSLCACertificateFile /etc/apache2/cert/ca-bundle.crt

# 其他配置…
</VirtualHost>

2、sudo nano git.zhonjin.com-ssl.conf

<VirtualHost *:443>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/html
ServerName git.zhonjin.com
SSLEngine on

# 反向代理配置
# 反向代理核心
ProxyPreserveHost on
# ProxyRequests off
# 转发 HTTP 请求:匹配 /gogs 路径到后端 Gogs 服务
# ProxyPass /gogs/ http://127.0.0.1:3000/ connectiontimeout=5 timeout=30
# ProxyPassReverse /gogs/ http://127.0.0.1:3000/

ProxyPass / http://127.0.0.1:3000/ connectiontimeout=5 timeout=30
ProxyPassReverse / http://127.0.0.1:3000/

SSLCertificateFile /etc/letsencrypt/archive/git.zhonjin.com/fullchain1.pem
SSLCertificateChainFile /etc/letsencrypt/archive/git.zhonjin.com/chain1.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/git.zhonjin.com/privkey1.pem

SSLCACertificatePath /etc/apache2/cert/
SSLCACertificateFile /etc/apache2/cert/ca-bundle.crt

</VirtualHost>

3、操作如下:

启用配置
sudo a2ensite default-ssl.conf
sudo a2ensite git.zhonjin.com-ssl.conf
修改文件名
sudo mv zhonjin.com-ssl.conf git.zhonjin.com-ssl.conf

禁用配置
sudo a2dissite zhonjin.com-ssl.conf

sudo systemctl restart apache2

 

sudo chown -R stevenroc:stevenroc /etc/letsencrypt/archive

复制ssl证书备用

ubuntu 复制目录文件夹下面所有子文件夹及文件到另一个位置,并都改为用户及用户组

sudo rsync -av –chown=stevenroc:stevenroc /etc/letsencrypt/archive/ /etc/letsencrypt/archiveex/

sudo rsync -av –chown=stevenroc:stevenroc /etc/apache2/sites-available/ /etc/apache2/sites-availableex/

详细配置文件参考附件:

sites-available.git.zhonjin.com_gogs.app.ini

========================================

二、gogs sqlite3转换为mariadb

1、

GRANT ALL PRIVILEGES ON gogs.* TO ‘gogs’@’localhost’ IDENTIFIED BY ‘xiaoGitBN-‘;

[database]
#TYPE = sqlite3
#HOST = 127.0.0.1:5432
#NAME = gogs
#SCHEMA = public
#USER = gogs
#PASSWORD =
#SSL_MODE = disable
#PATH = data/gogs.db

 

[database]
TYPE = mysql
HOST = 127.0.0.1:3306
NAME = gogs
SCHEMA = public
USER = gogs
PASSWD = xiaoGitBN-
SSL_MODE = disable
; 注释掉或删除 SQLite 配置
; PATH = data/gogs.db

 

# 执行恢复命令
./gogs restore –config custom/conf/app.ini –database-only –from=”gogs-backup-20260223222350.zip” -v

一、备份app.ini 

stevenroc@stevenroc:~ $ sudo rsync -av –chown=git:git /home/git/gogs/custom/conf/app.ini /home/git/gogs/custom/conf/app.git.ini

stevenroc@stevenroc:~ $ sudo cp /home/git/gogs/custom/conf/app.ini /home/git/gogs/custom/conf/app.20260222.ini

备份到普通目录

stevenroc@stevenroc:/opt/openAI/project/mqtt_c $ sudo rsync -av –chown=stevenroc:stevenroc /home/git/gogs/custom/conf/app.ini /home/stevenroc/app.git.ini
sending incremental file list
app.ini

sent 1,376 bytes received 35 bytes 2,822.00 bytes/sec
total size is 1,273 speedup is 0.90
stevenroc@stevenroc:/opt/openAI/project/mqtt_c $ sudo rsync -av –chown=stevenroc:stevenroc /home/git/gogs/custom/conf/ /home/stevenroc/gogs/
sending incremental file list
created directory /home/stevenroc/gogs
./
app.20260120.bak
app.20260222.ini
app.20260222.inj
app.git.ini
app.https.ini
app.ini

sent 7,962 bytes received 176 bytes 16,276.00 bytes/sec
total size is 7,490 speedup is 0.92

 

stevenroc@stevenroc: $ cd /etc/apache2/sites-available

2、加载zhonjin.com-ssl.conf  https://git.zhonjin.com:40717/ 转发内网 http://127.0.0.1:3000

stevenroc@stevenroc: $ sudo a2ensite zhonjin.com-ssl.conf

 

二、https://git.zhonjin.com:40717/

stevenroc@stevenroc: $ cd /etc/apache2/sites-available

stevenroc@stevenroc:/etc/apache2/sites-available $ sudo nano zhonjin.com-ssl.conf

ProxyPreserveHost on
#ProxyRequests off
# https转发 HTTP 请求:匹配 /gogs 路径到后端 Gogs 服务
#ProxyPass /gogs http://127.0.0.1:3000/ connectiontimeout=5 timeout=30
#ProxyPassReverse /gogs http://127.0.0.1:3000/
ProxyPass / http://127.0.0.1:3000/ connectiontimeout=5 timeout=30
ProxyPassReverse / http://127.0.0.1:3000/

三、修改https配置文件

http://chanking.zhonjin.com:3000/steven_roc/mqtt_c.git

修改为:

https://git.zhonjin.com:40717/steven_roc/mqtt_c.git
stevenroc@stevenroc:~ $ sudo systemctl restart gogs
stevenroc@stevenroc:~ $ sudo -i
root@stevenroc:~# sudo nano  /home/git/gogs/custom/conf/app.ini
注意:和web服务器转发一致 https://git.zhonjin.com:40717/
[server]
#DOMAIN = localhost
DOMAIN = git.zhonjin.com

#/gogs # 强制生成 HTTPS 链接
#ROOT_URL = https://chanking.zhonjin.com/gogs #/gogs # 强制生成 HTTPS 链接
ROOT_URL = https://git.zhonjin.com

#内部端口#PROTOCOL=https
PROTOCOL=http
HTTP_PORT = 3000
#20260223 EXTERNAL_URL = https://127.0.0.1:3000/
EXTERNAL_URL =https://git.zhonjin.com:40717/

DISABLE_SSH = false
SSH_PORT = 22
START_SSH_SERVER = false
OFFLINE_MODE = false

四、git clone 上传下载源码

 

stevenroc@stevenroc:/opt/openAI/project $ git clone https://git.zhonjin.com:40717/steven_roc/mqtt_c.git
Cloning into ‘mqtt_c’…
Username for ‘https://git.zhonjin.com:40717’: steven_roc
Password for ‘https://steven_roc@git.zhonjin.com:40717’:
remote: Enumerating objects: 60, done.
remote: Counting objects: 100% (60/60), done.
remote: Compressing objects: 100% (56/56), done.
remote: Total 60 (delta 18), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (60/60), 19.01 KiB | 748.00 KiB/s, done.

五、

 

标签:

您可能还喜欢...

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注