Sourcegraph
暂时用systemd来管理Docker service。因为我们要用Nginx来做反代,所有端口都监听本地即可。
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[Unit] Description=Sourcegraph Requires=docker.service Conflicts=systemd-resolved.service,dnsdist.service [Service] ExecStart=/usr/bin/docker run --name=sourcegraph --publish 127.0.0.1:7080:7080 --publish 127.0.0.1:2633:2633 --rm --volume /etc/sourcegraph:/etc/sourcegraph --volume /var/lib/sourcegraph/data:/var/opt/sourcegraph sourcegraph/server:3.3.5 ExecStop=/usr/bin/docker stop sourcegraph ExecReload=/usr/bin/docker restart sourcegraph TimeoutStartSec=infinity [Install] WantedBy=multi-user.target |
Nginx SSL卸载
证书签发的问题就不细讲了,以certbot自动签发为例。涉及的文件参见oh-my-nginx。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# 主站 server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name sourcegraph.example.com; ssl_certificate /etc/letsencrypt/live/sourcegraph.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sourcegraph.example.com/privkey.pem; location / { proxy_pass http://127.0.0.1:7080; include conf.d/templates/proxy-default.conf; include conf.d/templates/transparent-proxy.conf; } include conf.d/templates/ssl.conf; include conf.d/templates/performance.conf; include conf.d/templates/security.conf; } # 管理控制台 server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name sourcegraph-mgmt-console.example.com; ssl_certificate /etc/letsencrypt/live/sourcegraph-mgmt-console.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sourcegraph-mgmt-console.example.com/privkey.pem; location / { proxy_pass https://127.0.0.1:2633; include conf.d/templates/proxy-default.conf; include conf.d/templates/transparent-proxy.conf; } include conf.d/templates/ssl.conf; include conf.d/templates/performance.conf; include conf.d/templates/security.conf; } |
创建管理员
打开sourcegraph.example.com,创建一个管理员账号。如果你之后想合并这个账号和Azure AD账号,可以使用你的sAMAccountName作为用户名,并且添加一个userPrincipleName作为邮箱地址。
设置Azure AD登录
那这里我们还是用OpenID Connect登录流程。首先去Azure AD创建新应用程序,callback URL填写:
https://sourcegraph.example.com/.auth/callback
拿到:
- tenant ID
- client ID
- client secret
然后打开Sourcegraph的管理控制台(用户名随便填,密码在第一次启动的时候log会打出来),填入:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
{ "externalURL": "https://sourcegraph.example.com", "auth.providers": [ { "type": "builtin", "allowSignup": false }, { "type": "openidconnect", "displayName": "Azure AD", "issuer": "https://login.microsoftonline.com/{tenant_id}/v2.0", "clientID": "{client_id}", "clientSecret": "{client_secret}" } ], } |
这里需要注意的是externalURL要准确填写。完成以后重启一下Sourcegraph以使externalURL生效。
添加Azure DevOps的Git repo
在External Services里面添加一个Single Git repositories,填入:
1 2 3 4 5 6 |
{ "url": "https://{org_name}:{your_access_token}@dev.azure.com/{org_name}/", "repos": [ "{project_name}/_git/{repo_name}" ] } |
注意Sourcegraph目前不支持project name中出现空格,详见sourcegraph/issues/2867。