GitBucket is a free and open source alternative to Github or BitBucket. It is powered by Scala. It is very lightweight and responsive web application. GitBucket provides many features such as public or private git repository with both HTTP and ssh access. It provides GitLFS support, repository viewer with online file editor, issues, pull request and Wiki for repositories. It also provides an activity timeline and email notification, account and group management with LDAP integration and much more.
In this tutorial, we will install GitBucket on CentOS 7. We will also setup Apache as reverse proxy with SSL support.
GitBucket does not have any minimum hardware requirement, but for optimal performance of JAVA 8, you will need at least 1 GB RAM on your server. To follow this tutorial you will need a server with at least CentOS 7 installed. You will also need root access to the server, if you are logged in as non-root user, run sudo -i to login in as root user. A domain pointing to your server is also required.
Install GitBucket Server
Before installing any package it is recommended to update the server and available packages. Run the following command for same.
yum -y update
GitBucket requires JDK or Java Development Kit 8. Install JDK 8 on 32 bit systems using the following command. If you do not have wget installed, you can run yum -y install wget command.
Now reload your firewall using the following command.
You can stop the GitBucket server using Ctrl + C keys.
It is recommended that you create a systemd service for running GitBucket so that it can run in the background and can be automatically started on failures and boot time. Run the following command to create a systemd service file.
If you do not have nano installed, you can run yum -y install nano. Now paste the following text into the nano editor.
To check if GitBucket service is started correctly, you can run the following command to check the status of the GitBucket service.
systemctl status gitbucket
You should get output similar to shown below.
[root@liptan-pc gitbucket]# systemctl status gitbucket
● gitbucket.service - GitBucket service
Loaded: loaded (/etc/systemd/system/gitbucket.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2017-01-29 15:03:20 UTC; 1min 13s ago
Main PID: 19354 (java)
└─19354 /usr/bin/java -jar /home/gitbucket/gitbucket.war
Hint: Some lines were ellipsized, use -l to show in full.
Configuring Apache as Reverse Proxy with Let's Encrypt SSL
Instead of using the application on Port 8080, you can use Apache to run on port 80 or 443 in the case of using SSL. This way the main application will run on port 8080, and Apache will work as a reverse proxy. Install Apache web server and mod_ssl using the following command.
yum -y install httpd mod_ssl
Now start Apache web server and enable it to automatically start at boot time using the following commands.
systemctl start httpdsystemctl enable httpd
Now we will need to generate SSL certificates from Let's Encrypt client. If you want to use commercial SSL certificates instead, you can purchase SSL certificates from HostPresto.
To install Let's Encrypt client also called Certbot, you will need to add the EPEL repository also. Run the following command for same.
yum -y install epel-releaseyum -y update
Now install Certbot using the following command.
yum -y install python-certbot-apache
Once the installation finishes, run the following command to obtain the SSL certificates from Let's Encrypt. Make sure that your domain is pointed to the server, the Let's Encrypt will check the domain authority before providing the certificates.
certbot certonly --apache -d yourdomain.com
This command will run Let's Encrypt client to obtain the certificates only but not to install it. --apache tells the client to use Apache web server for authentication of domain authority. -d yourdomain.com tells the domain name for which the certificates needs to be obtained. It may ask you which SSL configuration to use during authentication, choose ssl.conf. All the changes made to the file will be automatically restored. Finally provide your email address and accept the terms and condition. Once the certificates are generated, they are likely to be stored in the following directory.
Where yourdomain.com is your actual domain. In the directory, you will find cert.pem which is your domains certificate and privkey.pem which is your certificate's private key.
Let's Encrypt SSL expires in 90 days, so it is recommended to set an automatic renewal for your certificates. Run the following command to open your crontab file.
crontab -e Enter the following line into the crontab file.
In the above configuration change yourdomain.com to your actual domain. Also, make sure that the path to your SSL certificate and private key are correct. Once done, you will have to restart your Apache server so that the changes made can take effect.
systemctl restart httpd
Now you will need to disable your SELinux because GitBucket does not work with SELinux policies. To temporary disable SELinux without restarting the server, run the following command.
To completely disable the SELinux you will need to edit:
/etc/selinux/config file.nano /etc/selinux/config
If you don't have nano installed, you can install it using yum -y install nano Find the following line:
Change it to:
Now you will need to reboot your server so that the new configuration can take effect. Now you can start the GitBucket service if not started already using the following command.
systemctl start gitbucket
You can now browse the following URL in your favorite browser.
Truth be told, it’s difficult for a web application that doesn’t have some kind of identification, even if you don’t see it as a security measure in and of itself. The Internet is a kind of lawless land, and even on free services like Google’s, authentication ensures that abuses will...
Although data persistence is almost always a fundamental element of applications, Node.js has no native integration with databases. Everything is delegated to third-party libraries to be included manually, in addition to the standard APIs. Although MongoDB and other non-relational databases are the most common choice with Node because if you...