From 0e44acbb2fec928a1606dc60f427a148fff405c9 Mon Sep 17 00:00:00 2001
From: Mohamed Ragab <moragab@gmail.com>
Date: Wed, 02 May 2012 11:15:01 -0400
Subject: [PATCH] Added a script to facilitate setting the proxy host and port and no proxy hosts, and then it concatenates all the java system properties for setting the java proxy configurations and puts the resulting string in an environment variable JAVA_PROXY_CONFIG, modified the scirpts gitblit, gitblit-ubuntu, and gitblit-centos to source the java-proxy-config.sh script and then include the resulting java proxy configuration in the java command
---
src/com/gitblit/GitBlitServer.java | 150 +++++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 137 insertions(+), 13 deletions(-)
diff --git a/src/com/gitblit/GitBlitServer.java b/src/com/gitblit/GitBlitServer.java
index 92305fc..f0dce77 100644
--- a/src/com/gitblit/GitBlitServer.java
+++ b/src/com/gitblit/GitBlitServer.java
@@ -23,13 +23,16 @@
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
+import java.net.URI;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.ProtectionDomain;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.List;
+import java.util.Scanner;
+import org.eclipse.jetty.ajp.Ajp13SocketConnector;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.bio.SocketConnector;
@@ -49,6 +52,10 @@
import com.beust.jcommander.ParameterException;
import com.beust.jcommander.Parameters;
import com.gitblit.utils.StringUtils;
+import com.unboundid.ldap.listener.InMemoryDirectoryServer;
+import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
+import com.unboundid.ldap.listener.InMemoryListenerConfig;
+import com.unboundid.ldif.LDIFReader;
/**
* GitBlitServer is the embedded Jetty server for Gitblit GO. This class starts
@@ -65,7 +72,7 @@
private static Logger logger;
- public static void main(String[] args) {
+ public static void main(String... args) {
Params params = new Params();
JCommander jc = new JCommander(params);
try {
@@ -130,16 +137,36 @@
*/
private static void start(Params params) {
FileSettings settings = Params.FILESETTINGS;
+ if (!StringUtils.isEmpty(params.settingsfile)) {
+ if (new File(params.settingsfile).exists()) {
+ settings = new FileSettings(params.settingsfile);
+ }
+ }
logger = LoggerFactory.getLogger(GitBlitServer.class);
logger.info(Constants.BORDER);
- logger.info(Constants.getGitBlitVersion());
+ logger.info(" _____ _ _ _ _ _ _");
+ logger.info(" | __ \\(_)| | | | | |(_)| |");
+ logger.info(" | | \\/ _ | |_ | |__ | | _ | |_");
+ logger.info(" | | __ | || __|| '_ \\ | || || __|");
+ logger.info(" | |_\\ \\| || |_ | |_) || || || |_");
+ logger.info(" \\____/|_| \\__||_.__/ |_||_| \\__|");
+ int spacing = (Constants.BORDER.length() - Constants.getGitBlitVersion().length()) / 2;
+ StringBuilder sb = new StringBuilder();
+ while (spacing > 0) {
+ spacing--;
+ sb.append(' ');
+ }
+ logger.info(sb.toString() + Constants.getGitBlitVersion());
+ logger.info("");
logger.info(Constants.BORDER);
+
+ System.setProperty("java.awt.headless", "true");
String osname = System.getProperty("os.name");
String osversion = System.getProperty("os.version");
logger.info("Running on " + osname + " (" + osversion + ")");
-
+
List<Connector> connectors = new ArrayList<Connector>();
// conditionally configure the http connector
@@ -147,7 +174,7 @@
Connector httpConnector = createConnector(params.useNIO, params.port);
String bindInterface = settings.getString(Keys.server.httpBindInterface, null);
if (!StringUtils.isEmpty(bindInterface)) {
- logger.warn(MessageFormat.format("Binding connector on port {0} to {1}",
+ logger.warn(MessageFormat.format("Binding connector on port {0,number,0} to {1}",
params.port, bindInterface));
httpConnector.setHost(bindInterface);
}
@@ -170,18 +197,34 @@
params.useNIO, params.securePort);
String bindInterface = settings.getString(Keys.server.httpsBindInterface, null);
if (!StringUtils.isEmpty(bindInterface)) {
- logger.warn(MessageFormat.format("Binding ssl connector on port {0} to {1}",
- params.securePort, bindInterface));
+ logger.warn(MessageFormat.format(
+ "Binding ssl connector on port {0,number,0} to {1}", params.securePort,
+ bindInterface));
secureConnector.setHost(bindInterface);
}
if (params.securePort < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
- }
+ }
connectors.add(secureConnector);
} else {
logger.warn("Failed to find or load Keystore?");
logger.warn("SSL connector DISABLED.");
}
+ }
+
+ // conditionally configure the ajp connector
+ if (params.ajpPort > 0) {
+ Connector ajpConnector = createAJPConnector(params.ajpPort);
+ String bindInterface = settings.getString(Keys.server.ajpBindInterface, null);
+ if (!StringUtils.isEmpty(bindInterface)) {
+ logger.warn(MessageFormat.format("Binding connector on port {0,number,0} to {1}",
+ params.ajpPort, bindInterface));
+ ajpConnector.setHost(bindInterface);
+ }
+ if (params.ajpPort < 1024 && !isWindows()) {
+ logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
+ }
+ connectors.add(ajpConnector);
}
// tempDir is where the embedded Gitblit web application is expanded and
@@ -209,7 +252,7 @@
// Root WebApp Context
WebAppContext rootContext = new WebAppContext();
- rootContext.setContextPath("/");
+ rootContext.setContextPath(settings.getString(Keys.server.contextPath, "/"));
rootContext.setServer(server);
rootContext.setWar(location.toExternalForm());
rootContext.setTempDirectory(tempDir);
@@ -231,13 +274,46 @@
// Override settings from the command-line
settings.overrideSetting(Keys.realm.userService, params.userService);
settings.overrideSetting(Keys.git.repositoriesFolder, params.repositoriesFolder);
+
+ // Start up an in-memory LDAP server, if configured
+ try {
+ if (StringUtils.isEmpty(params.ldapLdifFile) == false) {
+ File ldifFile = new File(params.ldapLdifFile);
+ if (ldifFile != null && ldifFile.exists()) {
+ URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
+ String firstLine = new Scanner(ldifFile).nextLine();
+ String rootDN = firstLine.substring(4);
+ String bindUserName = settings.getString(Keys.realm.ldap.username, "");
+ String bindPassword = settings.getString(Keys.realm.ldap.password, "");
+
+ // Get the port
+ int port = ldapUrl.getPort();
+ if (port == -1)
+ port = 389;
+
+ InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(rootDN);
+ config.addAdditionalBindCredentials(bindUserName, bindPassword);
+ config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", port));
+ config.setSchema(null);
+
+ InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
+ ds.importFromLDIF(true, new LDIFReader(ldifFile));
+ ds.startListening();
+
+ logger.info("LDAP Server started at ldap://localhost:" + port);
+ }
+ }
+ } catch (Exception e) {
+ // Completely optional, just show a warning
+ logger.warn("Unable to start LDAP server", e);
+ }
// Set the server's contexts
server.setHandler(rootContext);
// Setup the GitBlit context
GitBlit gitblit = GitBlit.self();
- gitblit.configureContext(settings);
+ gitblit.configureContext(settings, true);
rootContext.addEventListener(gitblit);
try {
@@ -279,14 +355,14 @@
connector.setPort(port);
connector.setMaxIdleTime(30000);
- if (port < 1024 && !isWindows()) {
- logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
- }
return connector;
}
/**
* Creates an https connector.
+ *
+ * SSL renegotiation will be enabled if the JVM is 1.6.0_22 or later.
+ * oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
*
* @param keystore
* @param password
@@ -308,7 +384,24 @@
SslSocketConnector ssl = new SslSocketConnector();
connector = ssl;
}
- connector.setAllowRenegotiate(false);
+ // disable renegotiation unless this is a patched JVM
+ boolean allowRenegotiation = false;
+ String v = System.getProperty("java.version");
+ if (v.startsWith("1.7")) {
+ allowRenegotiation = true;
+ } else if (v.startsWith("1.6")) {
+ // 1.6.0_22 was first release with RFC-5746 implemented fix.
+ if (v.indexOf('_') > -1) {
+ String b = v.substring(v.indexOf('_') + 1);
+ if (Integer.parseInt(b) >= 22) {
+ allowRenegotiation = true;
+ }
+ }
+ }
+ if (allowRenegotiation) {
+ logger.info(" allowing SSL renegotiation on Java " + v);
+ connector.setAllowRenegotiate(allowRenegotiation);
+ }
connector.setKeystore(keystore.getAbsolutePath());
connector.setPassword(password);
connector.setPort(port);
@@ -316,6 +409,22 @@
return connector;
}
+ /**
+ * Creates an ajp connector.
+ *
+ * @param port
+ * @return an ajp connector
+ */
+ private static Connector createAJPConnector(int port) {
+ logger.info("Setting up AJP Connector on port " + port);
+ Ajp13SocketConnector ajp = new Ajp13SocketConnector();
+ ajp.setPort(port);
+ if (port < 1024 && !isWindows()) {
+ logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
+ }
+ return ajp;
+ }
+
/**
* Tests to see if the operating system is Windows.
*
@@ -376,6 +485,9 @@
}
}
+ /**
+ * JCommander Parameters class for GitBlitServer.
+ */
@Parameters(separators = " ")
private static class Params {
@@ -419,11 +531,23 @@
@Parameter(names = "--httpsPort", description = "HTTPS port to serve. (port <= 0 will disable this connector)")
public Integer securePort = FILESETTINGS.getInteger(Keys.server.httpsPort, 443);
+ @Parameter(names = "--ajpPort", description = "AJP port to serve. (port <= 0 will disable this connector)")
+ public Integer ajpPort = FILESETTINGS.getInteger(Keys.server.ajpPort, 0);
+
@Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")
public String storePassword = FILESETTINGS.getString(Keys.server.storePassword, "");
@Parameter(names = "--shutdownPort", description = "Port for Shutdown Monitor to listen on. (port <= 0 will disable this monitor)")
public Integer shutdownPort = FILESETTINGS.getInteger(Keys.server.shutdownPort, 8081);
+ /*
+ * Setting overrides
+ */
+ @Parameter(names = { "--settings" }, description = "Path to alternative settings")
+ public String settingsfile;
+
+ @Parameter(names = { "--ldapLdifFile" }, description = "Path to LDIF file. This will cause an in-memory LDAP server to be started according to gitblit settings")
+ public String ldapLdifFile;
+
}
}
\ No newline at end of file
--
Gitblit v1.9.1