Sourcegraph

暂时用systemd来管理Docker service。因为我们要用Nginx来做反代，所有端口都监听本地即可。

[Unit]
Description=Sourcegraph
Requires=docker.service
Conflicts=systemd-resolved.service,dnsdist.service

[Service]
ExecStart=/usr/bin/docker run --name=sourcegraph --publish 127.0.0.1:7080:7080 --publish 127.0.0.1:2633:2633 --rm --volume /etc/sourcegraph:/etc/sourcegraph --volume /var/lib/sourcegraph/data:/var/opt/sourcegraph sourcegraph/server:3.3.5
ExecStop=/usr/bin/docker stop sourcegraph
ExecReload=/usr/bin/docker restart sourcegraph
TimeoutStartSec=infinity

[Install]
WantedBy=multi-user.target

[Unit]

Description=Sourcegraph

Requires=docker.service

Conflicts=systemd-resolved.service,dnsdist.service

[Service]

ExecStart=/usr/bin/docker run --name=sourcegraph --publish 127.0.0.1:7080:7080 --publish 127.0.0.1:2633:2633 --rm --volume /etc/sourcegraph:/etc/sourcegraph --volume /var/lib/sourcegraph/data:/var/opt/sourcegraph sourcegraph/server:3.3.5

ExecStop=/usr/bin/docker stop sourcegraph

ExecReload=/usr/bin/docker restart sourcegraph

TimeoutStartSec=infinity

[Install]

WantedBy=multi-user.target

Nginx SSL卸载

证书签发的问题就不细讲了，以certbot自动签发为例。涉及的文件参见oh-my-nginx。

# 主站
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name sourcegraph.example.com;

    ssl_certificate     /etc/letsencrypt/live/sourcegraph.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/sourcegraph.example.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:7080;
        include conf.d/templates/proxy-default.conf;
        include conf.d/templates/transparent-proxy.conf;
    }

    include conf.d/templates/ssl.conf;
    include conf.d/templates/performance.conf;
    include conf.d/templates/security.conf;
}

# 管理控制台
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name sourcegraph-mgmt-console.example.com;

    ssl_certificate     /etc/letsencrypt/live/sourcegraph-mgmt-console.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/sourcegraph-mgmt-console.example.com/privkey.pem;
    
    location / {
        proxy_pass https://127.0.0.1:2633;
        include conf.d/templates/proxy-default.conf;
        include conf.d/templates/transparent-proxy.conf;
    }

    include conf.d/templates/ssl.conf;
    include conf.d/templates/performance.conf;
    include conf.d/templates/security.conf;
}

# 主站

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name sourcegraph.example.com;

ssl_certificate /etc/letsencrypt/live/sourcegraph.example.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/sourcegraph.example.com/privkey.pem;

location / {

proxy_pass http://127.0.0.1:7080;

include conf.d/templates/proxy-default.conf;

include conf.d/templates/transparent-proxy.conf;

}

include conf.d/templates/ssl.conf;

include conf.d/templates/performance.conf;

include conf.d/templates/security.conf;

}

# 管理控制台

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name sourcegraph-mgmt-console.example.com;

ssl_certificate /etc/letsencrypt/live/sourcegraph-mgmt-console.example.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/sourcegraph-mgmt-console.example.com/privkey.pem;

location / {

proxy_pass https://127.0.0.1:2633;

include conf.d/templates/proxy-default.conf;

include conf.d/templates/transparent-proxy.conf;

}

include conf.d/templates/ssl.conf;

include conf.d/templates/performance.conf;

include conf.d/templates/security.conf;

}

创建管理员

打开sourcegraph.example.com，创建一个管理员账号。如果你之后想合并这个账号和Azure AD账号，可以使用你的sAMAccountName作为用户名，并且添加一个userPrincipleName作为邮箱地址。

设置Azure AD登录

那这里我们还是用OpenID Connect登录流程。首先去Azure AD创建新应用程序，callback URL填写：

https://sourcegraph.example.com/.auth/callback

拿到：

tenant ID
client ID
client secret

然后打开Sourcegraph的管理控制台（用户名随便填，密码在第一次启动的时候log会打出来），填入：

{
  "externalURL": "https://sourcegraph.example.com",
  "auth.providers": [
    {
      "type": "builtin",
      "allowSignup": false
    },
    {
      "type": "openidconnect",
      "displayName": "Azure AD",
      "issuer": "https://login.microsoftonline.com/{tenant_id}/v2.0",
      "clientID": "{client_id}",
      "clientSecret": "{client_secret}"
    }
  ],
}

{

"externalURL": "https://sourcegraph.example.com",

"auth.providers": [

{

"type": "builtin",

"allowSignup": false

{

"type": "openidconnect",

"displayName": "Azure AD",

"issuer": "https://login.microsoftonline.com/{tenant_id}/v2.0",

"clientID": "{client_id}",

"clientSecret": "{client_secret}"

}

这里需要注意的是externalURL要准确填写。完成以后重启一下Sourcegraph以使externalURL生效。

添加Azure DevOps的Git repo

在External Services里面添加一个Single Git repositories，填入：

{
  "url": "https://{org_name}:{your_access_token}@dev.azure.com/{org_name}/",
  "repos": [
    "{project_name}/_git/{repo_name}"
  ]
}

{

"url": "https://{org_name}:{your_access_token}@dev.azure.com/{org_name}/",

"repos": [

"{project_name}/_git/{repo_name}"

]

}

注意Sourcegraph目前不支持project name中出现空格，详见sourcegraph/issues/2867。

Drown in Codes

I was sixteen with an open heart…

分类目录归档：Information techonology

在Microsoft Word 2016/2019中保留页面顶部段落的段前间距

设置Windows Autopilot和Hybrid AD Join

Active Directory Certificate Services基础设定

一台家用多用途服务器的设计和配置

需求

Sourcegraph Docker安装和配置Azure AD登录

Sourcegraph

Nginx SSL卸载

创建管理员

设置Azure AD登录

添加Azure DevOps的Git repo

需求

Sourcegraph

Nginx SSL 卸载

创建管理员

设置 Azure AD 登录

添加 Azure DevOps 的 Git repo

Nginx SSL卸载

设置Azure AD登录

添加Azure DevOps的Git repo