菜鸟关于 SVN 结帐的问题以及有关它的网络问题
我们有一个安装了 SVN 的本地服务器,用于开发/测试目的。我们想将其中的数据签出到某个地方的实时服务器。
我想到的唯一方法是使用实时服务器中的“svn checkout”,对吧?这样我们就不需要通过 FTP 对其进行更改,这可能会导致问题是我们忘记上传一些更改。如果我们发现问题,我们总是可以返回到以前的稳定版本,对吧?如果我对这些内容有任何错误,请纠正我。
问题是我们的本地服务器(Ubuntu)没有可以从外部访问的IP。我们有一个来自 ISP 的路由器,但我们无法使用它来实时访问本地服务器。我们愿意要求 ISP 提供商为本地服务器设置第二个 IP,但出于安全考虑,他们希望设置一台带有 Windows 和 Windows 基础安全软件(防火墙 - http://www.kerio.com/control/ 和防病毒软件)这将花费我们很多钱。我们是否可以只在本地服务器(正如我所说的Ubuntu)上设置一个免费防火墙并解决问题而不花费额外的钱?
我希望我说清楚了。
We have a local server with SVN installed on it that we are using for development/testing purpouses. We would like to checkout the data from it to the live server that is somewhere out there.
The only way to do that which I thought of was to use "svn checkout" from the live server, right? This way we do not need to FTP the changes to it, that may cause problems is we forget to upload some of the changes. And if we found a problem we can alway go back to previous stable version, right? Correct me if I am wrong about any of these.
The problem is that our local server (Ubuntu) does not have a IP that is reachable from outside. We have a router from out ISP, but we can not use that to access the local server from the live. We are willing to ask the ISP provider to setup a second IP for the local server, but for security sake they want to setup a separate machine with Windows and windows base security software (firewall - http://www.kerio.com/control/ and antivirus) that will cost us a lot. Can we just setup a free firewall on the local server (Ubuntu as I said) and solve the problem without spending additional money?
I hope I was clear.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
在不了解确切情况的情况下总是很难发表评论,但这听起来有点疯狂。
您通常要做的就是为一个端口设置端口转发到本地服务器。然后可以通过
123.45.67.89:3690访问服务器(例如)。在普通家用路由器中设置此任务只需三分钟。
只要 Ubuntu 服务器以其他方式关闭,并且 Subversion 或您用于身份验证的任何内容都已正确配置且是最新的,就不会产生安全问题。
无论如何,在两者之间放置一台 Windows 计算机来充当防火墙听起来确实没有必要。 Ubuntu 附带了确保正确安装所需的一切。
It's always hard to comment without knowing the exact situation, but this sounds a bit crazy.
What you would usually do is set up port forwarding for one port to the local server. The server would then be reachable (for example) through
123.45.67.89:3690That's a three-minute task to set up in a normal household router.
As long as the Ubuntu server is closed otherwise, and Subversion or whatever you are using for authentication is properly configured and up to date, this should not create security issues.
In any case, putting a Windows machine in between to act as a firewall sounds really unnecessary. Ubuntu comes with everything necessary to secure the setup properly.
如果远程服务器有ssh服务器,那么就可以使用ssh转发。
从内部 svn 服务器:
设置转发后,您可以在远程执行此操作system:
注意:
转发的流量通过 ssh 连接(在不同的“通道”上)进行隧道传输,因此它也被加密,这是一个很好的好处。
默认情况下,转发的远程端将侦听环回接口,因此只有该系统上的进程才能使用端口转发的端口。
一旦关闭 ssh 会话,转发的端口也将关闭。它仅持续 ssh 连接的持续时间。
ssh转发功能非常强大。如果您可以在两个系统之间进行 ssh,那么您就可以解决任何类型的连接问题。
执行
man ssh并了解 -L 和 -R 选项。有关 ssh 转发的有用链接:
If the remote server has an ssh server, then you can use ssh forwarding.
From the internal svn server:
After setting up the forward, then you can do this on the remote system:
Notes:
the forwarded traffic is tunneled through the ssh connection (on a different "channel") so it is also encrypted which is a nice benefit.
by default, the remote end of the forward will listen on the loopback interface so only processes on that system will be able to use the port forwarded port.
As soon as you close the ssh session, the forwarded port will also close. It only lasts the duration of the ssh connection.
ssh forwarding is very powerful. If you can ssh between two systems, then you can get around any sort of connection problem like this.
Do
man sshand read about the -L and -R options.Useful links about ssh forwarding:
检查您的 ISP 路由器是否提供某些端口转发功能,
您可能应该转发 ssh 端口(在确保每个人的密码都是安全的/或强制使用 ssh 密钥文件登录之后),并使用 SVN+SSH 协议来访问您的存储库。
check if your ISP router provide some port forwarding abilities,
You should probably forward the ssh port ( after ensuring that everyone password is secure/or enforcing login with ssh keys file), and use SVN+SSH protocol to access your repository.
正如 Pekka 所指出的,您应该能够在现有 IP 上打开单个端口(默认为 3690)并将其转发到本地服务器。这取决于您的路由器以及您访问路由器上的配置界面的能力。
您不必处理 SSH 并担心人们试图从任何地方访问您的本地服务器,您可以设置防火墙以仅允许来自单个远程服务器的传入流量。根据路由器设置,您可以简单地使用路由器上的内置防火墙本地服务器。不过,仍然建议进行一些 svn 身份验证。
kanaka描述的SSH转发方法可以防止远程访问本地机器的整个问题,但是它要求您每次需要访问远程服务器上的svn时都从本地服务器执行转发命令。
You should be able to open up and forward a single port (3690 by default) on your existing IP to the local server, as pointed out by Pekka. This depends on your router, and your ability to access the configuration interface on the router.
Instead of having to deal with SSH and worry about people trying to access your local server from anywhere, you could setup a firewall to only allow incoming traffic from your single remote server. Depending on the router setup, you could simply use the builtin firewall on the local server. It would still be advisable to have some svn authentication, though.
The SSH forwarding method described by kanaka prevents the entire issue about remote access to the local machine, but it requires you to execute the forwarding command from the local server every time you need to access svn on the remote server.