前言
正所謂,一朝天子一朝臣,現在的老闆想換走 Azure DevOps Server Express,然後就這樣丟給豚了。
要求
- Windows Server
- AD user login
現在的Azure DevOps Server 放windows server,不會變,沒人想維護 linux
現在的Git 是用windows AD login 的,無需多記一組username、pwd
網上查了,建議用 Bonobo Git Server / Gitblit
豚習慣用SourceTree,VS 內建的Git 不好用,閹割版 太少功能。
海豚每3個月就 Google 查一次
SourceTree 的 credentials 放在以下位置
%LocalAppData%\Atlassian\SourceTree\userhost
%LocalAppData%\Atlassian\SourceTree\passwd
Enable IIS
因為是全新Windows Server 2022 ,要手動 Turn Windows features on or off
Control Panel > Turn Windows features on or off
Check Web Server (IIS) 會自動幫勾所依賴的細項目
打開 Web Server (IIS) > Web Server > Application Development
Check ASP.NET 4.8 會自動幫勾所依賴的細項目
Next 到 Features
看一下,確保 .Net Framework 4.8 Features
有
.Net Framework 4.8
ASP.NET 4.8
Grant Folder Permission and Convert to Application
之後回到官方安裝流程就好
解壓到 C:\inetpub\wwwroot
放權限
Allow IIS User to modify C:\inetpub\wwwroot\Bonobo.Git.Server\App_Data folder. To do so
- select Properties of App_Data folder
- go to Security tab
- click edit
- select IIS user (in my case IIS_IUSRS) and add Modify and Write permission
- confirm these settings with Apply button
那個不翻譯,熟手技工,應該懂
海隊做好第一個懶還原,弄多一套,所以路徑不同
沒有按錯,應該是這樣的,按OK > OK
Convert to Application
- Convert Bonobo.Git.Server to Application in IIS
- Run IIS Manager and navigate to Sites -> Default Web Site. You should see Bonobo.Git.Server.
- Right click on Bonobo Git Server and convert to application.
- Check if the selected application pool runs on .NET 4.0 and convert the site.
那個也不翻譯,看圖
簡︰IIS > Default Web Site > Right Click > Convert to Application
Configure Authentication
Enable Anonymous Authentication in IIS and disable the others.
確保 Anonymous Authentication Enable,其它 Disable
預設就是,不用動
成功
Visit http://localhost
login: admin
password: admin
Update Web.config
之後要弄好AD login
Uucomment 這部份
<appSettings>
...
<add key="MembershipService" value="ActiveDirectory" />
<add key="ActiveDirectoryDefaultDomain" value="domain.local" />
<add key="ActiveDirectoryBackendPath" value="~\App_Data\ADBackend" />
<add key="ActiveDirectoryMemberGroupName" value="ALL_IES" />
<add key="ActiveDirectoryTeamMapping" value="SMILE_DEV_Team=ALL_IES" />
<add key="ActiveDirectoryRoleMapping" value="Administrator=ALL_IES" />
...
</appSettings>
domain.local 填什麼要問你的system engineer ,on premise 的AD domain 一般就是xxxx.local
Git, GitTeam1, GitTeam2, GitAdmins 都是 AD server 的user group 名稱
豚只作測試,就不開新user group,用現有的便可
到AD server
Active Directory Users and Computers
Right Click User > Properties > Member of
查了查現在屬於那group,就用它了
理論上 更新web.config,IIS 會自動 refresh 網站
不會便手動 restart 吧
大成功
如成功
再用admin登入會失敗
要用AD user 登入啦
登入後按Users,只可以看到 <add key="ActiveDirectoryMemberGroupName" value="Git" />
指的的user group
Team1 也map 好了
小結
豚以為只有admin才可以create repository,並改了
<add key="ActiveDirectoryRoleMapping" value="Administrator=Bonobo_GitAdmin" />
但普通ad user 登入也有admin功能
算了,暫時用到便夠了。
之後可以用Git 不同client 如常地使用
Reference
Authenticating users in git with LDAP
https://stackoverflow.com/questions/27526815/authenticating-users-in-git-with-ldap
Sourcetree change password of existing account
https://stackoverflow.com/questions/43391223/sourcetree-change-password-of-existing-account
Bonobo Git Server
https://github.com/jakubgarfield/Bonobo-Git-Server
Bonobo Git Server - Install
https://bonobogitserver.com/install/
No comments:
Post a Comment