mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
Browse Source

Update to Jetty 9, drop AJP

tags/v1.5.0
James Moger 10 years ago
parent
cff7ccfc20
commit
9ef027a8c7
9 changed files with 78 additions and 209 deletions
Split View Show Diff Stats
  1. 2
    3
      .classpath
  2. 3
    4
      build.moxie
  3. 6
    17
      gitblit.iml
  4. 5
    1
      releases.moxie
  5. 57
    153
      src/main/java/com/gitblit/GitBlitServer.java
  6. 1
    21
      src/main/java/com/gitblit/GitblitSslContextFactory.java
  7. 0
    1
      src/site/features.mkd
  8. 2
    2
      src/site/setup_go.mkd
  9. 2
    7
      src/site/setup_proxy.mkd

+ 2
- 3
.classpath View File

@@ -14,9 +14,8 @@
<classpathentry kind="lib" path="ext/slf4j-api-1.6.6.jar" sourcepath="ext/src/slf4j-api-1.6.6.jar" />
<classpathentry kind="lib" path="ext/slf4j-log4j12-1.6.6.jar" sourcepath="ext/src/slf4j-log4j12-1.6.6.jar" />
<classpathentry kind="lib" path="ext/mail-1.4.3.jar" sourcepath="ext/src/mail-1.4.3.jar" />
<classpathentry kind="lib" path="ext/javax.servlet-api-3.0.1.jar" sourcepath="ext/src/javax.servlet-api-3.0.1.jar" />
<classpathentry kind="lib" path="ext/jetty-webapp-8.1.13.v20130916.jar" sourcepath="ext/src/jetty-webapp-8.1.13.v20130916.jar" />
<classpathentry kind="lib" path="ext/jetty-ajp-8.1.13.v20130916.jar" sourcepath="ext/src/jetty-ajp-8.1.13.v20130916.jar" />
<classpathentry kind="lib" path="ext/javax.servlet-api-3.1.0.jar" sourcepath="ext/src/javax.servlet-api-3.1.0.jar" />
<classpathentry kind="lib" path="ext/jetty-all-9.1.4.v20140401.jar" sourcepath="ext/src/jetty-all-9.1.4.v20140401.jar" />
<classpathentry kind="lib" path="ext/wicket-1.4.21.jar" sourcepath="ext/src/wicket-1.4.21.jar" />
<classpathentry kind="lib" path="ext/wicket-auth-roles-1.4.21.jar" sourcepath="ext/src/wicket-auth-roles-1.4.21.jar" />
<classpathentry kind="lib" path="ext/wicket-extensions-1.4.21.jar" sourcepath="ext/src/wicket-extensions-1.4.21.jar" />

+ 3
- 4
build.moxie View File

@@ -101,7 +101,7 @@ repositories: central, eclipse-snapshots, eclipse

# Convenience properties for dependencies
properties: {
jetty.version : 8.1.13.v20130916
jetty.version : 9.1.4.v20140401
wicket.version : 1.4.21
lucene.version : 4.6.0
jgit.version : 3.3.1.201403241930-r
@@ -134,9 +134,8 @@ dependencies:
- compile 'org.slf4j:slf4j-api:1.6.6' :war :fedclient :authority
- compile 'org.slf4j:slf4j-log4j12:1.6.6' :war :fedclient :authority
- compile 'javax.mail:mail:1.4.3' :war :authority
- compile 'javax.servlet:javax.servlet-api:3.0.1' :fedclient
- compile 'org.eclipse.jetty.aggregate:jetty-webapp:${jetty.version}' @jar
- compile 'org.eclipse.jetty:jetty-ajp:${jetty.version}' @jar
- compile 'javax.servlet:javax.servlet-api:3.1.0' :fedclient
- compile 'org.eclipse.jetty.aggregate:jetty-all:${jetty.version}' @jar
- compile 'org.apache.wicket:wicket:${wicket.version}' :war !org.mockito
- compile 'org.apache.wicket:wicket-auth-roles:${wicket.version}' :war !org.mockito
- compile 'org.apache.wicket:wicket-extensions:${wicket.version}' :war !org.mockito

+ 6
- 17
gitblit.iml View File

@@ -113,35 +113,24 @@
</library>
</orderEntry>
<orderEntry type="module-library">
<library name="javax.servlet-api-3.0.1.jar">
<library name="javax.servlet-api-3.1.0.jar">
<CLASSES>
<root url="jar://$MODULE_DIR$/ext/javax.servlet-api-3.0.1.jar!/" />
<root url="jar://$MODULE_DIR$/ext/javax.servlet-api-3.1.0.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
<root url="jar://$MODULE_DIR$/ext/src/javax.servlet-api-3.0.1.jar!/" />
<root url="jar://$MODULE_DIR$/ext/src/javax.servlet-api-3.1.0.jar!/" />
</SOURCES>
</library>
</orderEntry>
<orderEntry type="module-library">
<library name="jetty-webapp-8.1.13.v20130916.jar">
<library name="jetty-all-9.1.4.v20140401.jar">
<CLASSES>
<root url="jar://$MODULE_DIR$/ext/jetty-webapp-8.1.13.v20130916.jar!/" />
<root url="jar://$MODULE_DIR$/ext/jetty-all-9.1.4.v20140401.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
<root url="jar://$MODULE_DIR$/ext/src/jetty-webapp-8.1.13.v20130916.jar!/" />
</SOURCES>
</library>
</orderEntry>
<orderEntry type="module-library">
<library name="jetty-ajp-8.1.13.v20130916.jar">
<CLASSES>
<root url="jar://$MODULE_DIR$/ext/jetty-ajp-8.1.13.v20130916.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
<root url="jar://$MODULE_DIR$/ext/src/jetty-ajp-8.1.13.v20130916.jar!/" />
<root url="jar://$MODULE_DIR$/ext/src/jetty-all-9.1.4.v20140401.jar!/" />
</SOURCES>
</library>
</orderEntry>

+ 5
- 1
releases.moxie View File

@@ -24,7 +24,10 @@ r22: {
- Option to allow LDAP users to directly authenticate without performing LDAP searches (pr-162)
- Replace JCommander with args4j to be consistent with other tools (ticket-28)
- Sort repository urls by descending permissions and by transport security within equal permissions
- Move to Java 7
- Move to Java 7 & updated to Jetty 9.1.4
- dropped AJP support because it has been removed from upstream Jetty
- dropped settings: server.useNio, server.ajpPort, server.ajpBindInterface
- dropped GO parameters: --ajpPort, --useNio
additions:
- Added an SSH daemon with public key authentication (issue-369, ticket-6)
- Added beginnings of a plugin framework for extending Gitblit (issue-381, ticket-23)
@@ -32,6 +35,7 @@ r22: {
- Added a setting to control what transports may be used for pushes
dependencyChanges:
- Java 7
- Jetty 9.1.4
- args4j 2.0.26
- JGit 3.3.1
- Mina SSHD 0.10.1

+ 57
- 153
src/main/java/com/gitblit/GitBlitServer.java View File

@@ -38,17 +38,13 @@ import java.util.Properties;
import java.util.Scanner;

import org.apache.log4j.PropertyConfigurator;
import org.eclipse.jetty.ajp.Ajp13SocketConnector;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.bio.SocketConnector;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.session.HashSessionManager;
import org.eclipse.jetty.server.ssl.SslConnector;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
import org.eclipse.jetty.server.ssl.SslSocketConnector;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.WebAppContext;
@@ -233,31 +229,15 @@ public class GitBlitServer {
String osversion = System.getProperty("os.version");
logger.info("Running on " + osname + " (" + osversion + ")");

List<Connector> connectors = new ArrayList<Connector>();

// conditionally configure the http connector
if (params.port > 0) {
Connector httpConnector = createConnector(params.useNIO, params.port, settings.getInteger(Keys.server.threadPoolSize, 50));
String bindInterface = settings.getString(Keys.server.httpBindInterface, null);
if (!StringUtils.isEmpty(bindInterface)) {
logger.warn(MessageFormat.format("Binding connector on port {0,number,0} to {1}",
params.port, bindInterface));
httpConnector.setHost(bindInterface);
}
if (params.port < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
}
if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
// redirect HTTP requests to HTTPS
if (httpConnector instanceof SelectChannelConnector) {
((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort);
} else {
((SocketConnector) httpConnector).setConfidentialPort(params.securePort);
}
}
connectors.add(httpConnector);
QueuedThreadPool threadPool = new QueuedThreadPool();
int maxThreads = settings.getInteger(Keys.server.threadPoolSize, 50);
if (maxThreads > 0) {
threadPool.setMaxThreads(maxThreads);
}

Server server = new Server(threadPool);
server.setStopAtShutdown(true);

// conditionally configure the https connector
if (params.securePort > 0) {
File certificatesConf = new File(baseFolder, X509Utils.CA_CONFIG);
@@ -303,38 +283,70 @@ public class GitBlitServer {
});

if (serverKeyStore.exists()) {
Connector secureConnector = createSSLConnector(params.alias, serverKeyStore, serverTrustStore, params.storePassword,
caRevocationList, params.useNIO, params.securePort, settings.getInteger(Keys.server.threadPoolSize, 50), params.requireClientCertificates);
/*
* HTTPS
*/
logger.info("Setting up HTTPS transport on port " + params.securePort);
GitblitSslContextFactory factory = new GitblitSslContextFactory(params.alias,
serverKeyStore, serverTrustStore, params.storePassword, caRevocationList);
if (params.requireClientCertificates) {
factory.setNeedClientAuth(true);
} else {
factory.setWantClientAuth(true);
}

ServerConnector connector = new ServerConnector(server, factory);
connector.setSoLingerTime(-1);
connector.setIdleTimeout(30000);
connector.setPort(params.securePort);
String bindInterface = settings.getString(Keys.server.httpsBindInterface, null);
if (!StringUtils.isEmpty(bindInterface)) {
logger.warn(MessageFormat.format(
"Binding ssl connector on port {0,number,0} to {1}", params.securePort,
"Binding HTTPS transport on port {0,number,0} to {1}", params.securePort,
bindInterface));
secureConnector.setHost(bindInterface);
connector.setHost(bindInterface);
}
if (params.securePort < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
}
connectors.add(secureConnector);

server.addConnector(connector);
} else {
logger.warn("Failed to find or load Keystore?");
logger.warn("SSL connector DISABLED.");
logger.warn("HTTPS transport DISABLED.");
}
}

// conditionally configure the ajp connector
if (params.ajpPort > 0) {
Connector ajpConnector = createAJPConnector(params.ajpPort);
String bindInterface = settings.getString(Keys.server.ajpBindInterface, null);
// conditionally configure the http transport
if (params.port > 0) {
/*
* HTTP
*/
logger.info("Setting up HTTP transport on port " + params.port);

HttpConfiguration httpConfig = new HttpConfiguration();
if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
httpConfig.setSecureScheme("https");
httpConfig.setSecurePort(params.securePort);
}
httpConfig.setSendServerVersion(false);
httpConfig.setSendDateHeader(false);

ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
connector.setSoLingerTime(-1);
connector.setIdleTimeout(30000);
connector.setPort(params.port);
String bindInterface = settings.getString(Keys.server.httpBindInterface, null);
if (!StringUtils.isEmpty(bindInterface)) {
logger.warn(MessageFormat.format("Binding connector on port {0,number,0} to {1}",
params.ajpPort, bindInterface));
ajpConnector.setHost(bindInterface);
logger.warn(MessageFormat.format("Binding HTTP transport on port {0,number,0} to {1}",
params.port, bindInterface));
connector.setHost(bindInterface);
}
if (params.ajpPort < 1024 && !isWindows()) {
if (params.port < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
}
connectors.add(ajpConnector);

server.addConnector(connector);
}

// tempDir is where the embedded Gitblit web application is expanded and
@@ -351,10 +363,6 @@ public class GitBlitServer {
logger.warn("Failed to create temp dir " + tempDir.getAbsolutePath());
}

Server server = new Server();
server.setStopAtShutdown(true);
server.setConnectors(connectors.toArray(new Connector[connectors.size()]));

// Get the execution path of this class
// We use this to set the WAR path.
ProtectionDomain protectionDomain = GitBlitServer.class.getProtectionDomain();
@@ -465,104 +473,6 @@ public class GitBlitServer {
return new GitblitContext(settings, baseFolder);
}

/**
* Creates an http connector.
*
* @param useNIO
* @param port
* @param threadPoolSize
* @return an http connector
*/
private Connector createConnector(boolean useNIO, int port, int threadPoolSize) {
Connector connector;
if (useNIO) {
logger.info("Setting up NIO SelectChannelConnector on port " + port);
SelectChannelConnector nioconn = new SelectChannelConnector();
nioconn.setSoLingerTime(-1);
if (threadPoolSize > 0) {
nioconn.setThreadPool(new QueuedThreadPool(threadPoolSize));
}
connector = nioconn;
} else {
logger.info("Setting up SocketConnector on port " + port);
SocketConnector sockconn = new SocketConnector();
if (threadPoolSize > 0) {
sockconn.setThreadPool(new QueuedThreadPool(threadPoolSize));
}
connector = sockconn;
}

connector.setPort(port);
connector.setMaxIdleTime(30000);
return connector;
}

/**
* Creates an https connector.
*
* SSL renegotiation will be enabled if the JVM is 1.6.0_22 or later.
* oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
*
* @param certAlias
* @param keyStore
* @param clientTrustStore
* @param storePassword
* @param caRevocationList
* @param useNIO
* @param port
* @param threadPoolSize
* @param requireClientCertificates
* @return an https connector
*/
private Connector createSSLConnector(String certAlias, File keyStore, File clientTrustStore,
String storePassword, File caRevocationList, boolean useNIO, int port, int threadPoolSize,
boolean requireClientCertificates) {
GitblitSslContextFactory factory = new GitblitSslContextFactory(certAlias,
keyStore, clientTrustStore, storePassword, caRevocationList);
SslConnector connector;
if (useNIO) {
logger.info("Setting up NIO SslSelectChannelConnector on port " + port);
SslSelectChannelConnector ssl = new SslSelectChannelConnector(factory);
ssl.setSoLingerTime(-1);
if (requireClientCertificates) {
factory.setNeedClientAuth(true);
} else {
factory.setWantClientAuth(true);
}
if (threadPoolSize > 0) {
ssl.setThreadPool(new QueuedThreadPool(threadPoolSize));
}
connector = ssl;
} else {
logger.info("Setting up NIO SslSocketConnector on port " + port);
SslSocketConnector ssl = new SslSocketConnector(factory);
if (threadPoolSize > 0) {
ssl.setThreadPool(new QueuedThreadPool(threadPoolSize));
}
connector = ssl;
}
connector.setPort(port);
connector.setMaxIdleTime(30000);

return connector;
}

/**
* Creates an ajp connector.
*
* @param port
* @return an ajp connector
*/
private Connector createAJPConnector(int port) {
logger.info("Setting up AJP Connector on port " + port);
Ajp13SocketConnector ajp = new Ajp13SocketConnector();
ajp.setPort(port);
if (port < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
}
return ajp;
}

/**
* Tests to see if the operating system is Windows.
*
@@ -664,18 +574,12 @@ public class GitBlitServer {
/*
* JETTY Parameters
*/
@Option(name = "--useNio", usage = "Use NIO Connector else use Socket Connector.")
public Boolean useNIO = FILESETTINGS.getBoolean(Keys.server.useNio, true);

@Option(name = "--httpPort", usage = "HTTP port for to serve. (port <= 0 will disable this connector)", metaVar="PORT")
public Integer port = FILESETTINGS.getInteger(Keys.server.httpPort, 0);

@Option(name = "--httpsPort", usage = "HTTPS port to serve. (port <= 0 will disable this connector)", metaVar="PORT")
public Integer securePort = FILESETTINGS.getInteger(Keys.server.httpsPort, 8443);

@Option(name = "--ajpPort", usage = "AJP port to serve. (port <= 0 will disable this connector)", metaVar="PORT")
public Integer ajpPort = FILESETTINGS.getInteger(Keys.server.ajpPort, 0);

@Option(name = "--gitPort", usage = "Git Daemon port to serve. (port <= 0 will disable this connector)", metaVar="PORT")
public Integer gitPort = FILESETTINGS.getInteger(Keys.git.daemonPort, 9418);


+ 1
- 21
src/main/java/com/gitblit/GitblitSslContextFactory.java View File

@@ -47,32 +47,12 @@ public class GitblitSslContextFactory extends SslContextFactory {
this.caRevocationList = caRevocationList;
// disable renegotiation unless this is a patched JVM
boolean allowRenegotiation = false;
String v = System.getProperty("java.version");
if (v.startsWith("1.7")) {
allowRenegotiation = true;
} else if (v.startsWith("1.6")) {
// 1.6.0_22 was first release with RFC-5746 implemented fix.
if (v.indexOf('_') > -1) {
String b = v.substring(v.indexOf('_') + 1);
if (Integer.parseInt(b) >= 22) {
allowRenegotiation = true;
}
}
}
if (allowRenegotiation) {
logger.info(" allowing SSL renegotiation on Java " + v);
setAllowRenegotiate(allowRenegotiation);
}
if (!StringUtils.isEmpty(certAlias)) {
logger.info(" certificate alias = " + certAlias);
setCertAlias(certAlias);
}
setKeyStorePassword(storePassword);
setTrustStore(clientTrustStore.getAbsolutePath());
setTrustStorePath(clientTrustStore.getAbsolutePath());
setTrustStorePassword(storePassword);
logger.info(" keyStorePath = " + keyStore.getAbsolutePath());

+ 0
- 1
src/site/features.mkd View File

@@ -76,7 +76,6 @@
- Integrated GUI tool to facilitate x509 PKI including ssl and client certificate generation, client certificate revocation, and client certificate distribution
- Single text file for configuring server and gitblit
- A Windows service installation script and configuration tool
- Built-in AJP connector for Apache httpd
## Limitations
- Built-in access controls are not branch-based, they are repository-based.

+ 2
- 2
src/site/setup_go.mkd View File

@@ -117,10 +117,10 @@ Command-Line parameters override the values in `gitblit.properties` at runtime.
--baseFolder The default base folder for all relative file reference settings
--repositoriesFolder Git Repositories Folder
--userService Authentication and Authorization Service (filename or fully qualified classname)
--useNio Use NIO Connector else use Socket Connector.
--httpPort HTTP port for to serve. (port <= 0 will disable this connector)
--httpsPort HTTPS port to serve. (port <= 0 will disable this connector)
--ajpPort AJP port to serve. (port <= 0 will disable this connector)
--sshPort SSH Daemon port to serve. (port <= 0 will disable this daemon)
--gitPort Git Daemon port to serve. (port <= 0 will disable this daemon)
--alias Alias in keystore of SSL cert to use for https serving
--storePassword Password for SSL (https) keystore.
--shutdownPort Port for Shutdown Monitor to listen on. (port <= 0 will disable this monitor)

+ 2
- 7
src/site/setup_proxy.mkd View File

@@ -1,6 +1,6 @@
## Running Gitblit behind Apache
Gitblit runs fine behind Apache. You may use either *mod_proxy* (GO or WAR) or *mod_proxy_ajp* (GO).
Gitblit runs fine behind Apache.
Each Linux distribution may vary on the exact configuration of Apache 2.2.
Here is a sample configuration that works on Debian 7.0 (Wheezy), your distribution may be different.
@@ -13,7 +13,6 @@ cd /etc/apache2/mods-enabled
ln -s ../mods-available/proxy.load proxy.load
ln -s ../mods-available/proxy_balancer.load proxy_balancer.load
ln -s ../mods-available/proxy_http.load proxy_http.load
ln -s ../mods-available/proxy_ajp.load proxy_ajp.load
```
### Configuring Apache to use the proxy modules
@@ -57,16 +56,12 @@ ProxyPreserveHost On
# context path for your repository url.
# If you are not using subdomain proxying, then ignore this setting.
#RequestHeader set X-Forwarded-Context /
#ProxyPass /gitblit ajp://localhost:8009/gitblit
```
**Please** make sure to:
1. Review the security of these settings as appropriate for your deployment
2. Uncomment the *ProxyPass* setting for whichever connection you prefer (http/ajp)
2. Uncomment the *ProxyPass* setting
3. Correctly set the ports and context paths both in the *ProxyPass* definition and your Gitblit installation
If you are using Gitblit GO you can easily configure the AJP connector by specifying a non-zero AJP port.
Please remember that on Linux/UNIX, ports < 1024 require root permissions to open.
4. Set *web.mountParameters=false* in `gitblit.properties` or `web.xml` this will use parameterized URLs.
Alternatively, you can respecify *web.forwardSlashCharacter*.

Write Preview
Loading…
Cancel
Save