单个开发人员 Web 项目设置的最佳实践
我对 GIT 很陌生,所以请原谅我任何愚蠢的问题(如果有这样的事情:)
场景
- 我的开发机器上有一个本地存储库(Win 7,Eclipse)
- 一台托管测试站点和生产站点的专用服务器(Win 2008 服务器,管理员权限)
目标
- 能够在我的开发机器上工作并将所有更改(本地提交后)推送到测试站点
- 一旦在专用服务器上进行测试,我希望将更改从我的开发机器发布到生产站点
问题
- 我需要保护存储库,任何人都可以向我指出如何在 Windows 计算机上实现这一目标的教程。
- .git 文件夹是否需要驻留在公共 http 目录中,或者这在安全性方面是一个不好的做法吗?
- 我想使用 SSH 设置,因为 HTTP 速度慢且不安全。我还有哪些其他值得推荐的选择?
- 最好建议我使用补丁还是将稳定/经过测试的分支合并到我的专用服务器?
非常感谢任何帮助!
I am quite new to GIT, so please forgive me any stupid questions (if there is such a thing :)
SCENARIO
- One local repo on my dev machine (Win 7, Eclipse)
- One dedicated server hosting a testing site and a production site (Win 2008 Server, Admin permissions)
GOAL
- Being able to work on my dev machine and push all changes (after local commit) to the testing site
- Once tested on the dedicated server, I wish to publish the changes from my dev machine to the production site
QUESTIONS
- I need to secure the repos, can anyone point me to a tutorial on how to achieve that on windows machines
- Does the .git folder need to reside in the public http directory or is that a bad practice with respect to security?
- I figured to work with a SSH setup since HTTP is slow and insecure. What other recommendable options do I have?
- Would I be best advised to use patches or rather merge the stable/tested branch to my dedicated server?
Any help is much appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
“保护回购协议”到底是什么意思?只是处理暴露在互联网上的服务器吗?在这种情况下,SSH 对您来说应该足够了。如果只有你,我可能不会为 gitolite 之类的花哨的东西烦恼 - 只需在服务器上创建一个裸存储库,并且除了通过 SSH 之外不要以任何方式使其可用。我也不确定您需要什么设置建议 - 您只需要能够 ssh 进入计算机,并访问存储库的路径。
是否希望您的生产站点实际上成为一个存储库取决于您。它确实更容易摆弄,但您需要将 Web 服务器配置为不授予对 .git 目录的访问权限。如果您偏执,也可以在没有存储库的情况下进行部署,例如使用 git 存档。这个想法只是将当前版本的副本转储到给定目录中。
如果你想要安全,SSH 和 HTTPS 是需要考虑的两种 git 传输协议;确实没有任何理由去超越它们。 SSH 应该更容易设置和使用。 (Git 确实支持其他几种协议,但它们要么不是为了安全使用,要么只是没有广泛使用。)
我假设您在这里询问生产站点,因为您提到了测试分支。这当然取决于您是否有生产站点的存储库,或者它是否只是所有内容的签出副本。在前一种情况下,绝对没有理由使用补丁。只需拉入生产存储库:
如果您的生产站点不是存储库,我可能会这样做:
显然,我是 Linux 人员,因此这些说明可能需要对 Windows 进行一些修改,但这个想法应该说得很清楚。
What exactly do you mean by "secure the repos"? Just dealing with the server being exposed to the internet? SSH should be plenty for you in that case. If it's just you, I probably wouldn't bother with anything fancy like gitolite - just create a bare repository on the server, and don't make it available any way but via SSH. I'm not sure what setup advice you need either - you just need to be able to ssh into the machine, and access the path to the repository.
It's up to you whether you want your production site to actually be a repository. It does make it easier to fiddle with, but you'll want to configure your web server not to give access to the .git directory. If you're paranoid, it's also quite possible to deploy without it being a repository, though, for example using git archive. The idea is simply to dump a copy of the current version into the given directory.
SSH and HTTPS are the two git transfer protocols to consider if you want security; there's not really any reason to look beyond them. SSH should be much easier to set up and work with. (Git does support several other protocols, but they're all either not intended for secure use or simply not as widely used.)
I assume you're asking about the production site here, since you mention the tested branch. This of course depends on whether or not you have a repository for the production site, or if it's just a checked-out copy of all the content. In the former case, there's absolutely no reason to use patches. Just pull into the production repository:
If your production site isn't a repository, I'd probably do something like this:
I'm a Linux guy, obviously, so those instructions might require a little modification for Windows, but the idea should be pretty clear.
公共 HTTP 目录最好不要是 git 存储库,以防万一 - 您的完整 git 历史记录应该是私有的。您可以将存储库保存在硬盘驱动器上不由 HTTP 服务器提供服务的某个位置,并使用 git checkout-index 或 git archive 来创建仅内容快照(请参阅这个问题)。
SSH 非常适合您的目的,安全并提供良好的性能。
不要使用补丁 - 通过 SSH 进行推/拉同步树,然后为您的生产和测试站点获取相关分支。这些协议非常高效,并且同步不会花费很长时间。您甚至可以连续同步,而不仅仅是在需要部署时同步。
您可以尝试这些说明来自 Lifehacker,用于在 cygwin 上使用 openssh 设置 ssh 服务器。
在 Windows 上设置 git 客户端 更简单,因此您可以考虑拥有一个外部 git 存储库(在易于设置的 *nix 计算机上,或者使用 托管 git 存储库)并从您的开发计算机推送到那里,然后从您的测试和生产计算机中拉取。
It's better that the public HTTP directory not be a git repository, just in case - your full git history should be private. You can keep a repository somewhere on your hard drive that isn't served by the HTTP server and use
git checkout-indexorgit archiveto create a content-only snapshot (see this question).SSH is great for your purposes, secure and offers good performance.
Don't use patches - sync the trees with push/pull over SSH, then take the relevant branch for your production and testing sites. The protocols are efficient, and shouldn't take long to sync. You can even sync continuously, not just when you want to deploy.
You can try these instructions from Lifehacker for setting up a an ssh server with openssh on cygwin.
Setting up git clients on Windows is simpler, so you may consider having an external git repository (either on a *nix machine which is trivial to set up, or using a hosted git repository) and pushing there from your dev machine, then pulling from your testing and production machines.